Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Forefront client security, removing existing third party AV prior to deployment

Posted on 2010-08-21
7
876 Views
Last Modified: 2013-11-22
Hello,

I need to deploy forefront client security av to the machines and it seems forefront doesn't automatically remove existing third party antivirus clients.
We have a mix of trendmicro (trend  micro client/server security agent v. 16.0.x)  and symantec (SEP v.11.0.x) av clients.

Is there a script (to use as a startup script) that I can use to accomplish removing the existing trend micro and symantec and install the forefront client security agent?

Preferably the one that checks to see if the third party av exists and skips the process if it's not there so that it won't run over and over again on every boot up (also it should check to see if forefront's already installed and skip installation if it's already present) .


The reason I'd like to use a startup script is because I have 3 separate Active Directory domains, each in its own forest without any trust between them.

So I'm thinking, create a startup script for forefront on each domain, that way, there won't be any permission problems during the install when the machines try to access the share directory where the forefront installation file is located.

Please correct me if I'm misunderstanding how the forefront deployment works (I haven't even installed the console yet :)) as I haven't worked with forefront before.  I'm not sure if this matters but there's currently a one single WSUS server that serves all three domains' machines for Windows updates and I'm planning to install the forefront console on this WSUS server.



0
Comment
Question by:Lindows
  • 5
  • 2
7 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 33494425
Heres a script i use to uninstall McAfee & Windows Anti Spyware prior to forefront install. You could addapt it to suit.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 33494448
How odd, i cant attach scripts right now... back in 2 mins...
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 500 total points
ID: 33494464
Well It finally posted my script but you note the extra space in the line that creates the WSCR IPT object! Please save and remove that space. Not sure whats blocking it!! lol
 

option Explicit

const HKEY_LOCAL_MACHINE = &H80000002
Dim McAProductName, McAProductKey,MSProductName, MSProductKey, Msg, MsgBoxStyle, RegKey

'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sub GetMcAKey()

dim oReg, sPath, aKeys, sName, sKey
Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")

sPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
oReg.EnumKey HKEY_LOCAL_MACHINE, sPath, aKeys

For Each sKey in aKeys
        oReg.GetStringValue HKEY_LOCAL_MACHINE, sPath & "\" & sKey, "DisplayName", sName
        If Not IsNull(sName) Then 
               if (sName = "McAfee VirusScan Enterprise") then
                       McAProductKey = sKey
                       McAProductName = sName
               end if
        end if
Next
end sub

'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sub GetMsAnti()

dim oReg, sPath, aKeys, sName, sKey
Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")

sPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
oReg.EnumKey HKEY_LOCAL_MACHINE, sPath, aKeys

For Each sKey in aKeys
        oReg.GetStringValue HKEY_LOCAL_MACHINE, sPath & "\" & sKey, "DisplayName", sName
        If Not IsNull(sName) Then 
               if (sName = "Microsoft AntiSpyware") then
                       MSProductKey = sKey
                       MSProductName = sName
               end if
        end if
Next
end sub

'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


sub UninstallMcA(key, name)
dim cmd, objShell, iReturn, oshell

cmd = "C:\windows\system32\msiexec.exe /q/x " & key
set objShell = wscript.createObject("wsc ript.shell")

objShell.LogEvent 0, "Removing the program [" & name & "] under Product Key [" & key & "]" & vbCrLf & "Executing command: " & vbCrLf & cmd

iReturn=objShell.Run(cmd,1,TRUE)

                if (iReturn = 0) then
                objShell.LogEvent 0, "Program [" & name & "] was successfully removed"
                else
                objShell.LogEvent 0, "Failed to remove the program [" & name & "]."
                end if

Set objShell = Nothing  
end sub


'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



McAProductKey = ""
McAProductName = ""
MSProductKey = ""
MSProductName = ""

call GetMcAKey()

                if Not (McAProductKey = "") then
                                call UninstallMcA(McAProductKey, McAProductName)
                end if


call GetMSAnti()

                if Not (MSProductKey = "") then
                                call UninstallMcA(MSProductKey, MSProductName)
                end if

Open in new window

0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 37

Expert Comment

by:Neil Russell
ID: 33494467
Line 53, remove the extra space....
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 33494492
Yes use wsus to push it out then you dont need to worry about install scripts. Just the removal script.  Being pushed out by WSUS you wont have any shared permissions issues anyway.
 
 
0
 

Author Comment

by:Lindows
ID: 33496697
Thanks Neilsr.

One of the other main reasons why I was looking for a script that can do both the uninstallation of the existing third party av and do the installation of forefront client security is because this way, the machines are protected right away without a protection gap as soon as the third party av gets uninstalled, forefront will get installed.

If I was to use a script to just uninstall the third party av and use wsus to deploy forefront, then until machines contact wsus and get the forefront client security, the machines would be without protection.

I guess I can use your script to do the uninstall and use software installation GPO to deploy forefront but then again, even if I set the GPO order for the software installation GPO to run after the startup script that does the uninstall, the software installation GPO could kick off while the startup script is still doing the uninstall and that might mess up things.   I wonder why forefront doesn't  have a way to uninstall any existing third party av like the other vendors do.
0
 

Author Closing Comment

by:Lindows
ID: 33607775
Partial solution.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The System Center Operations Manager 2012, known as SCOM, is a part of the Microsoft system center product that provides the user with infrastructure monitoring and application performance monitoring. SCOM monitors:   Windows or UNIX/LinuxNetwo…
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Viewers will learn the different options available in the Backstage view in Excel 2013.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question