Solved

Forefront client security, removing existing third party AV prior to deployment

Posted on 2010-08-21
7
873 Views
Last Modified: 2013-11-22
Hello,

I need to deploy forefront client security av to the machines and it seems forefront doesn't automatically remove existing third party antivirus clients.
We have a mix of trendmicro (trend  micro client/server security agent v. 16.0.x)  and symantec (SEP v.11.0.x) av clients.

Is there a script (to use as a startup script) that I can use to accomplish removing the existing trend micro and symantec and install the forefront client security agent?

Preferably the one that checks to see if the third party av exists and skips the process if it's not there so that it won't run over and over again on every boot up (also it should check to see if forefront's already installed and skip installation if it's already present) .


The reason I'd like to use a startup script is because I have 3 separate Active Directory domains, each in its own forest without any trust between them.

So I'm thinking, create a startup script for forefront on each domain, that way, there won't be any permission problems during the install when the machines try to access the share directory where the forefront installation file is located.

Please correct me if I'm misunderstanding how the forefront deployment works (I haven't even installed the console yet :)) as I haven't worked with forefront before.  I'm not sure if this matters but there's currently a one single WSUS server that serves all three domains' machines for Windows updates and I'm planning to install the forefront console on this WSUS server.



0
Comment
Question by:Lindows
  • 5
  • 2
7 Comments
 
LVL 37

Expert Comment

by:Neil Russell
Comment Utility
Heres a script i use to uninstall McAfee & Windows Anti Spyware prior to forefront install. You could addapt it to suit.
0
 
LVL 37

Expert Comment

by:Neil Russell
Comment Utility
How odd, i cant attach scripts right now... back in 2 mins...
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 500 total points
Comment Utility
Well It finally posted my script but you note the extra space in the line that creates the WSCR IPT object! Please save and remove that space. Not sure whats blocking it!! lol
 

option Explicit



const HKEY_LOCAL_MACHINE = &H80000002

Dim McAProductName, McAProductKey,MSProductName, MSProductKey, Msg, MsgBoxStyle, RegKey



'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

sub GetMcAKey()



dim oReg, sPath, aKeys, sName, sKey

Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")



sPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"

oReg.EnumKey HKEY_LOCAL_MACHINE, sPath, aKeys



For Each sKey in aKeys

        oReg.GetStringValue HKEY_LOCAL_MACHINE, sPath & "\" & sKey, "DisplayName", sName

        If Not IsNull(sName) Then 

               if (sName = "McAfee VirusScan Enterprise") then

                       McAProductKey = sKey

                       McAProductName = sName

               end if

        end if

Next

end sub



'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

sub GetMsAnti()



dim oReg, sPath, aKeys, sName, sKey

Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")



sPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"

oReg.EnumKey HKEY_LOCAL_MACHINE, sPath, aKeys



For Each sKey in aKeys

        oReg.GetStringValue HKEY_LOCAL_MACHINE, sPath & "\" & sKey, "DisplayName", sName

        If Not IsNull(sName) Then 

               if (sName = "Microsoft AntiSpyware") then

                       MSProductKey = sKey

                       MSProductName = sName

               end if

        end if

Next

end sub



'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





sub UninstallMcA(key, name)

dim cmd, objShell, iReturn, oshell



cmd = "C:\windows\system32\msiexec.exe /q/x " & key

set objShell = wscript.createObject("wsc ript.shell")



objShell.LogEvent 0, "Removing the program [" & name & "] under Product Key [" & key & "]" & vbCrLf & "Executing command: " & vbCrLf & cmd



iReturn=objShell.Run(cmd,1,TRUE)



                if (iReturn = 0) then

                objShell.LogEvent 0, "Program [" & name & "] was successfully removed"

                else

                objShell.LogEvent 0, "Failed to remove the program [" & name & "]."

                end if



Set objShell = Nothing  

end sub





'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







McAProductKey = ""

McAProductName = ""

MSProductKey = ""

MSProductName = ""



call GetMcAKey()



                if Not (McAProductKey = "") then

                                call UninstallMcA(McAProductKey, McAProductName)

                end if





call GetMSAnti()



                if Not (MSProductKey = "") then

                                call UninstallMcA(MSProductKey, MSProductName)

                end if

Open in new window

0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 37

Expert Comment

by:Neil Russell
Comment Utility
Line 53, remove the extra space....
0
 
LVL 37

Expert Comment

by:Neil Russell
Comment Utility
Yes use wsus to push it out then you dont need to worry about install scripts. Just the removal script.  Being pushed out by WSUS you wont have any shared permissions issues anyway.
 
 
0
 

Author Comment

by:Lindows
Comment Utility
Thanks Neilsr.

One of the other main reasons why I was looking for a script that can do both the uninstallation of the existing third party av and do the installation of forefront client security is because this way, the machines are protected right away without a protection gap as soon as the third party av gets uninstalled, forefront will get installed.

If I was to use a script to just uninstall the third party av and use wsus to deploy forefront, then until machines contact wsus and get the forefront client security, the machines would be without protection.

I guess I can use your script to do the uninstall and use software installation GPO to deploy forefront but then again, even if I set the GPO order for the software installation GPO to run after the startup script that does the uninstall, the software installation GPO could kick off while the startup script is still doing the uninstall and that might mess up things.   I wonder why forefront doesn't  have a way to uninstall any existing third party av like the other vendors do.
0
 

Author Closing Comment

by:Lindows
Comment Utility
Partial solution.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

This very simple solution applies to a narrow cross-section of the "needs to close" variety. In this case, the full message in Event Viewer was in applog, Event ID 1000: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module …
As with any other System Center product, the installation for the Authoring Tool can be quite a pain sometimes. This article serves to help you avoid making these mistakes and hopefully save you a ton of time on troubleshooting :)  Step 1: Make sur…
The viewer will learn how to use the =DISCRINV command to create a discrete random variable, use this command to model a set of probabilities and outcomes in a Monte Carlo simulation, and learn how to find the standard deviation of a set of probabil…
The viewer will learn how to use a discrete random variable to simulate the return on an investment over a period of years, create a Monte Carlo simulation using the discrete random variable, and create a graph to represent the possible returns over…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now