Sign in
 
HomeLibraryWikiLearnGalleryDownloadsSupportForumsBlogs
Resources for IT Professionals >
Deploy anti-virus software in a task sequence: When and how?

Answered Deploy anti-virus software in a task sequence: When and how?

  • Tuesday, January 22, 2013 3:59 PM
     
     
    Sign In to Vote
    0

    Hi. I run into some anti-virus software installation issues in an MDT task sequence, which raise a few concerns.

    At first I included it in the base image, so the base image contains an outdated virus definition or program version because my image is not updated frequently, not updated at all actually. After the OS is deployed, the anti-virus just updates itself whatsoever, if it is a version upgrade, it breaks the network connection, or conflicts with the undergoing MSI-based application installation. That is bad.

    Then I tried to package it as an application and put it at the end of the task sequence. It sounds good, however there is another application, Microsoft System Management Server 2003 client, I would like to install as well. Another managed agent that updates itself whenever it feels like to!

    I don't have the latest installation packages for those software and for some reason I'm not getting it. I’m stuck here. To make sure I have both software installed and working I take one of them out of MDT TS and install it manually as a temporary method. I wonder how other people are doing it because I’m definitely missing something here.

     

All Replies

  • Tuesday, January 22, 2013 4:39 PM
     
     
    Sign In to Vote
    0

    Hi!

    What you are missing is that if it is a problem that the applications are autoupdating itself then you need to turn that function off, easy as that :)

    Its really not a MDT question but maybe you could tell me what anti-virus application it is and maybe i can help you.

    ITNinja.com is a great resource aswell!

     
  • Tuesday, January 22, 2013 9:27 PM
     
     
    Sign In to Vote
    0
    What Anti-Virus are you running?  I'm just finishing up with automating the Symantec Endpoint Protection install and 'prep' for deployment.
     
  • Wednesday, January 23, 2013 7:56 AM
     
      Has Code
    Sign In to Vote
    0

    The anti-virus software I'm using is Symantec Endpoint Protection 11.0. The following command is used to install it silently.

    msiexec /i "Symantec Antivirus.msi" /qb /l*v "%TEMP%\SEP_INST.LOG" REBOOT=ReallySuppress

    The installation is fine. The problem is that it then detects a new version and upgrade without notice.

    As for the Microsoft System Management Server client agent, the installation folder is first copied to the local computer then started by a .bat file:

    xcopy SMSClient c:\windows\temp\SMSClient\ /e /s /c /y
    cd /d c:\windows\temp\SMSClient
    ccmsetup.exe SMSSITECODE=AUTO

    Once ccmsetup is fired up, that is when the TS losts control with ccmsetup and moves on. I need that installation process to be handled by MDT all the way.


     
  • Wednesday, January 23, 2013 9:32 AM
     
     
    Sign In to Vote
    0

    SEP v11 client is prepared at the SEP server side so it really is what that package contains and that depends on the whole SEP configuration.

    We used to have v11 before we moved to v12 (v11 caused us so many problems - mainly in performace - that we decided to upgrade. And v11 doesn't support win8 anyway).

    What we do with SEP is that once we install it we then run the Symantec Rapid Release packages. These can be downloaded from the Symantec ftp server. So our TS contains an Application Bundle which installs SEP to start with and then runs the SRR package. For V12 I have added to reboot after the SEP install but that is not required with V11 if you can bear the annoying pop up box.

     
  • Wednesday, January 23, 2013 8:36 PM
     
     Answered Has Code
    Sign In to Vote
    1

    We also are using v12 and I have no such problems.  When you generate your install package it should be up to date...  make sure you are also running the client side prep tool from Symantec if your using a sysprepped image.

    From what I am reading you are trying to install using the MSI provided by Symantec is that correct?  Are you using a SEPM management console?

    I guess the basic question is are you using managed or unmanaged clients?

    For unmanged clients,  from this page:

    SEP 11 install switches

    You should be able to use the following installation switch to suppress the initial liveupdate

    RUNLIVEUPDATE= (1 = run LiveUpdate after install, 0 = do not run LiveUpdate after install, default = 1 run LiveUpdate after install)

    So try the installation switch:

    msiexec /i "Symantec Antivirus.msi" /qb /l*v "%TEMP%\SEP_INST.LOG" REBOOT=ReallySuppress RUNLIVEUPDATE=0

    Give that a shot.  It should suppress  the initial live update,  only on the normal heartbeat setting will it get the updates.

    • Proposed As Answer by mhouston100 Monday, January 28, 2013 8:39 AM
    • Marked As Answer by Betty Wong Saturday, February 09, 2013 7:31 AM
    •  
     
  • Sunday, January 27, 2013 10:09 AM
     
     
    Sign In to Vote
    0
    That works, thanks!
    I use managed clients actually. I extract the setup.exe installation package and install with msiexec command. I suppose I can run that command with “RUNLIVEUPDATE=0” and start a LUALL.exe (Live Update) at the end of the TS instead.
    That leaves the question: how to start and keep track of the installation of SMS/SCCM client agent in a TS? I was worried with ccmsetup.exe and LUALL.exe running in the background there might be some conflicts.
     
  • Monday, January 28, 2013 8:39 AM
     
     
    Sign In to Vote
    0

    Hmmm glad it works but if your using managed clients with SEPM you can just use the management console to generate an install setup.exe which you can apply a policy to which has any settings you like - silent, delayed restart, suppress updates,  what groups the client ends up in and what policies etc.

    Head over to the SEP forums for some more info though.