Forefront client security, removing existing third party AV prior to deployment

Hello,

I need to deploy forefront client security av to the machines and it seems forefront doesn't automatically remove existing third party antivirus clients.
We have a mix of trendmicro (trend  micro client/server security agent v. 16.0.x)  and symantec (SEP v.11.0.x) av clients.

Is there a script (to use as a startup script) that I can use to accomplish removing the existing trend micro and symantec and install the forefront client security agent?

Preferably the one that checks to see if the third party av exists and skips the process if it's not there so that it won't run over and over again on every boot up (also it should check to see if forefront's already installed and skip installation if it's already present) .


The reason I'd like to use a startup script is because I have 3 separate Active Directory domains, each in its own forest without any trust between them.

So I'm thinking, create a startup script for forefront on each domain, that way, there won't be any permission problems during the install when the machines try to access the share directory where the forefront installation file is located.

Please correct me if I'm misunderstanding how the forefront deployment works (I haven't even installed the console yet :)) as I haven't worked with forefront before.  I'm not sure if this matters but there's currently a one single WSUS server that serves all three domains' machines for Windows updates and I'm planning to install the forefront console on this WSUS server.



LindowsAsked:
Who is Participating?
 
Neil RussellConnect With a Mentor Technical Development LeadCommented:
Well It finally posted my script but you note the extra space in the line that creates the WSCR IPT object! Please save and remove that space. Not sure whats blocking it!! lol
 

option Explicit

const HKEY_LOCAL_MACHINE = &H80000002
Dim McAProductName, McAProductKey,MSProductName, MSProductKey, Msg, MsgBoxStyle, RegKey

'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sub GetMcAKey()

dim oReg, sPath, aKeys, sName, sKey
Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")

sPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
oReg.EnumKey HKEY_LOCAL_MACHINE, sPath, aKeys

For Each sKey in aKeys
        oReg.GetStringValue HKEY_LOCAL_MACHINE, sPath & "\" & sKey, "DisplayName", sName
        If Not IsNull(sName) Then 
               if (sName = "McAfee VirusScan Enterprise") then
                       McAProductKey = sKey
                       McAProductName = sName
               end if
        end if
Next
end sub

'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sub GetMsAnti()

dim oReg, sPath, aKeys, sName, sKey
Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")

sPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
oReg.EnumKey HKEY_LOCAL_MACHINE, sPath, aKeys

For Each sKey in aKeys
        oReg.GetStringValue HKEY_LOCAL_MACHINE, sPath & "\" & sKey, "DisplayName", sName
        If Not IsNull(sName) Then 
               if (sName = "Microsoft AntiSpyware") then
                       MSProductKey = sKey
                       MSProductName = sName
               end if
        end if
Next
end sub

'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


sub UninstallMcA(key, name)
dim cmd, objShell, iReturn, oshell

cmd = "C:\windows\system32\msiexec.exe /q/x " & key
set objShell = wscript.createObject("wsc ript.shell")

objShell.LogEvent 0, "Removing the program [" & name & "] under Product Key [" & key & "]" & vbCrLf & "Executing command: " & vbCrLf & cmd

iReturn=objShell.Run(cmd,1,TRUE)

                if (iReturn = 0) then
                objShell.LogEvent 0, "Program [" & name & "] was successfully removed"
                else
                objShell.LogEvent 0, "Failed to remove the program [" & name & "]."
                end if

Set objShell = Nothing  
end sub


'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



McAProductKey = ""
McAProductName = ""
MSProductKey = ""
MSProductName = ""

call GetMcAKey()

                if Not (McAProductKey = "") then
                                call UninstallMcA(McAProductKey, McAProductName)
                end if


call GetMSAnti()

                if Not (MSProductKey = "") then
                                call UninstallMcA(MSProductKey, MSProductName)
                end if

Open in new window

0
 
Neil RussellTechnical Development LeadCommented:
Heres a script i use to uninstall McAfee & Windows Anti Spyware prior to forefront install. You could addapt it to suit.
0
 
Neil RussellTechnical Development LeadCommented:
How odd, i cant attach scripts right now... back in 2 mins...
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
Neil RussellTechnical Development LeadCommented:
Line 53, remove the extra space....
0
 
Neil RussellTechnical Development LeadCommented:
Yes use wsus to push it out then you dont need to worry about install scripts. Just the removal script.  Being pushed out by WSUS you wont have any shared permissions issues anyway.
 
 
0
 
LindowsAuthor Commented:
Thanks Neilsr.

One of the other main reasons why I was looking for a script that can do both the uninstallation of the existing third party av and do the installation of forefront client security is because this way, the machines are protected right away without a protection gap as soon as the third party av gets uninstalled, forefront will get installed.

If I was to use a script to just uninstall the third party av and use wsus to deploy forefront, then until machines contact wsus and get the forefront client security, the machines would be without protection.

I guess I can use your script to do the uninstall and use software installation GPO to deploy forefront but then again, even if I set the GPO order for the software installation GPO to run after the startup script that does the uninstall, the software installation GPO could kick off while the startup script is still doing the uninstall and that might mess up things.   I wonder why forefront doesn't  have a way to uninstall any existing third party av like the other vendors do.
0
 
LindowsAuthor Commented:
Partial solution.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.