Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Forefront client security, removing existing third party AV prior to deployment

Posted on 2010-08-21
7
Medium Priority
?
880 Views
Last Modified: 2013-11-22
Hello,

I need to deploy forefront client security av to the machines and it seems forefront doesn't automatically remove existing third party antivirus clients.
We have a mix of trendmicro (trend  micro client/server security agent v. 16.0.x)  and symantec (SEP v.11.0.x) av clients.

Is there a script (to use as a startup script) that I can use to accomplish removing the existing trend micro and symantec and install the forefront client security agent?

Preferably the one that checks to see if the third party av exists and skips the process if it's not there so that it won't run over and over again on every boot up (also it should check to see if forefront's already installed and skip installation if it's already present) .


The reason I'd like to use a startup script is because I have 3 separate Active Directory domains, each in its own forest without any trust between them.

So I'm thinking, create a startup script for forefront on each domain, that way, there won't be any permission problems during the install when the machines try to access the share directory where the forefront installation file is located.

Please correct me if I'm misunderstanding how the forefront deployment works (I haven't even installed the console yet :)) as I haven't worked with forefront before.  I'm not sure if this matters but there's currently a one single WSUS server that serves all three domains' machines for Windows updates and I'm planning to install the forefront console on this WSUS server.



0
Comment
Question by:Lindows
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
7 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 33494425
Heres a script i use to uninstall McAfee & Windows Anti Spyware prior to forefront install. You could addapt it to suit.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 33494448
How odd, i cant attach scripts right now... back in 2 mins...
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 1500 total points
ID: 33494464
Well It finally posted my script but you note the extra space in the line that creates the WSCR IPT object! Please save and remove that space. Not sure whats blocking it!! lol
 

option Explicit

const HKEY_LOCAL_MACHINE = &H80000002
Dim McAProductName, McAProductKey,MSProductName, MSProductKey, Msg, MsgBoxStyle, RegKey

'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sub GetMcAKey()

dim oReg, sPath, aKeys, sName, sKey
Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")

sPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
oReg.EnumKey HKEY_LOCAL_MACHINE, sPath, aKeys

For Each sKey in aKeys
        oReg.GetStringValue HKEY_LOCAL_MACHINE, sPath & "\" & sKey, "DisplayName", sName
        If Not IsNull(sName) Then 
               if (sName = "McAfee VirusScan Enterprise") then
                       McAProductKey = sKey
                       McAProductName = sName
               end if
        end if
Next
end sub

'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sub GetMsAnti()

dim oReg, sPath, aKeys, sName, sKey
Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")

sPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
oReg.EnumKey HKEY_LOCAL_MACHINE, sPath, aKeys

For Each sKey in aKeys
        oReg.GetStringValue HKEY_LOCAL_MACHINE, sPath & "\" & sKey, "DisplayName", sName
        If Not IsNull(sName) Then 
               if (sName = "Microsoft AntiSpyware") then
                       MSProductKey = sKey
                       MSProductName = sName
               end if
        end if
Next
end sub

'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


sub UninstallMcA(key, name)
dim cmd, objShell, iReturn, oshell

cmd = "C:\windows\system32\msiexec.exe /q/x " & key
set objShell = wscript.createObject("wsc ript.shell")

objShell.LogEvent 0, "Removing the program [" & name & "] under Product Key [" & key & "]" & vbCrLf & "Executing command: " & vbCrLf & cmd

iReturn=objShell.Run(cmd,1,TRUE)

                if (iReturn = 0) then
                objShell.LogEvent 0, "Program [" & name & "] was successfully removed"
                else
                objShell.LogEvent 0, "Failed to remove the program [" & name & "]."
                end if

Set objShell = Nothing  
end sub


'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



McAProductKey = ""
McAProductName = ""
MSProductKey = ""
MSProductName = ""

call GetMcAKey()

                if Not (McAProductKey = "") then
                                call UninstallMcA(McAProductKey, McAProductName)
                end if


call GetMSAnti()

                if Not (MSProductKey = "") then
                                call UninstallMcA(MSProductKey, MSProductName)
                end if

Open in new window

0
Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

 
LVL 37

Expert Comment

by:Neil Russell
ID: 33494467
Line 53, remove the extra space....
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 33494492
Yes use wsus to push it out then you dont need to worry about install scripts. Just the removal script.  Being pushed out by WSUS you wont have any shared permissions issues anyway.
 
 
0
 

Author Comment

by:Lindows
ID: 33496697
Thanks Neilsr.

One of the other main reasons why I was looking for a script that can do both the uninstallation of the existing third party av and do the installation of forefront client security is because this way, the machines are protected right away without a protection gap as soon as the third party av gets uninstalled, forefront will get installed.

If I was to use a script to just uninstall the third party av and use wsus to deploy forefront, then until machines contact wsus and get the forefront client security, the machines would be without protection.

I guess I can use your script to do the uninstall and use software installation GPO to deploy forefront but then again, even if I set the GPO order for the software installation GPO to run after the startup script that does the uninstall, the software installation GPO could kick off while the startup script is still doing the uninstall and that might mess up things.   I wonder why forefront doesn't  have a way to uninstall any existing third party av like the other vendors do.
0
 

Author Closing Comment

by:Lindows
ID: 33607775
Partial solution.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many companies are making the switch from Microsoft to Google Apps (https://www.google.com/work/apps/business/). Use this article to learn more about what Google Apps has to offer and to help if you’re planning on migrating to Google Apps. It is …
Article by: Leon
Software Metering within our group of companies has always been an afterthought until auditing of software and licensing became a pain point. Orchestrator and SCCM metering gave us the answer and it was an exciting process.
The viewer will learn how to create two correlated normally distributed random variables in Excel, use a normal distribution to simulate the return on different levels of investment in each of the two funds over a period of ten years, and, create a …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question