Solved

Forefront client security, removing existing third party AV prior to deployment

Posted on 2010-08-21
7
874 Views
Last Modified: 2013-11-22
Hello,

I need to deploy forefront client security av to the machines and it seems forefront doesn't automatically remove existing third party antivirus clients.
We have a mix of trendmicro (trend  micro client/server security agent v. 16.0.x)  and symantec (SEP v.11.0.x) av clients.

Is there a script (to use as a startup script) that I can use to accomplish removing the existing trend micro and symantec and install the forefront client security agent?

Preferably the one that checks to see if the third party av exists and skips the process if it's not there so that it won't run over and over again on every boot up (also it should check to see if forefront's already installed and skip installation if it's already present) .


The reason I'd like to use a startup script is because I have 3 separate Active Directory domains, each in its own forest without any trust between them.

So I'm thinking, create a startup script for forefront on each domain, that way, there won't be any permission problems during the install when the machines try to access the share directory where the forefront installation file is located.

Please correct me if I'm misunderstanding how the forefront deployment works (I haven't even installed the console yet :)) as I haven't worked with forefront before.  I'm not sure if this matters but there's currently a one single WSUS server that serves all three domains' machines for Windows updates and I'm planning to install the forefront console on this WSUS server.



0
Comment
Question by:Lindows
  • 5
  • 2
7 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 33494425
Heres a script i use to uninstall McAfee & Windows Anti Spyware prior to forefront install. You could addapt it to suit.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 33494448
How odd, i cant attach scripts right now... back in 2 mins...
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 500 total points
ID: 33494464
Well It finally posted my script but you note the extra space in the line that creates the WSCR IPT object! Please save and remove that space. Not sure whats blocking it!! lol
 

option Explicit



const HKEY_LOCAL_MACHINE = &H80000002

Dim McAProductName, McAProductKey,MSProductName, MSProductKey, Msg, MsgBoxStyle, RegKey



'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

sub GetMcAKey()



dim oReg, sPath, aKeys, sName, sKey

Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")



sPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"

oReg.EnumKey HKEY_LOCAL_MACHINE, sPath, aKeys



For Each sKey in aKeys

        oReg.GetStringValue HKEY_LOCAL_MACHINE, sPath & "\" & sKey, "DisplayName", sName

        If Not IsNull(sName) Then 

               if (sName = "McAfee VirusScan Enterprise") then

                       McAProductKey = sKey

                       McAProductName = sName

               end if

        end if

Next

end sub



'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

sub GetMsAnti()



dim oReg, sPath, aKeys, sName, sKey

Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")



sPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"

oReg.EnumKey HKEY_LOCAL_MACHINE, sPath, aKeys



For Each sKey in aKeys

        oReg.GetStringValue HKEY_LOCAL_MACHINE, sPath & "\" & sKey, "DisplayName", sName

        If Not IsNull(sName) Then 

               if (sName = "Microsoft AntiSpyware") then

                       MSProductKey = sKey

                       MSProductName = sName

               end if

        end if

Next

end sub



'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





sub UninstallMcA(key, name)

dim cmd, objShell, iReturn, oshell



cmd = "C:\windows\system32\msiexec.exe /q/x " & key

set objShell = wscript.createObject("wsc ript.shell")



objShell.LogEvent 0, "Removing the program [" & name & "] under Product Key [" & key & "]" & vbCrLf & "Executing command: " & vbCrLf & cmd



iReturn=objShell.Run(cmd,1,TRUE)



                if (iReturn = 0) then

                objShell.LogEvent 0, "Program [" & name & "] was successfully removed"

                else

                objShell.LogEvent 0, "Failed to remove the program [" & name & "]."

                end if



Set objShell = Nothing  

end sub





'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







McAProductKey = ""

McAProductName = ""

MSProductKey = ""

MSProductName = ""



call GetMcAKey()



                if Not (McAProductKey = "") then

                                call UninstallMcA(McAProductKey, McAProductName)

                end if





call GetMSAnti()



                if Not (MSProductKey = "") then

                                call UninstallMcA(MSProductKey, MSProductName)

                end if

Open in new window

0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 37

Expert Comment

by:Neil Russell
ID: 33494467
Line 53, remove the extra space....
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 33494492
Yes use wsus to push it out then you dont need to worry about install scripts. Just the removal script.  Being pushed out by WSUS you wont have any shared permissions issues anyway.
 
 
0
 

Author Comment

by:Lindows
ID: 33496697
Thanks Neilsr.

One of the other main reasons why I was looking for a script that can do both the uninstallation of the existing third party av and do the installation of forefront client security is because this way, the machines are protected right away without a protection gap as soon as the third party av gets uninstalled, forefront will get installed.

If I was to use a script to just uninstall the third party av and use wsus to deploy forefront, then until machines contact wsus and get the forefront client security, the machines would be without protection.

I guess I can use your script to do the uninstall and use software installation GPO to deploy forefront but then again, even if I set the GPO order for the software installation GPO to run after the startup script that does the uninstall, the software installation GPO could kick off while the startup script is still doing the uninstall and that might mess up things.   I wonder why forefront doesn't  have a way to uninstall any existing third party av like the other vendors do.
0
 

Author Closing Comment

by:Lindows
ID: 33607775
Partial solution.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many companies are making the switch from Microsoft to Google Apps (https://www.google.com/work/apps/business/). Use this article to learn more about what Google Apps has to offer and to help if you’re planning on migrating to Google Apps. It is …
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
Viewers will learn how to maximize accessibility options in an Excel workbook for users with accessibility issues.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now