none
Security program not detected. RRS feed

  • Question

  • Hi,

    in a reply to a question by another member of this forum (Frederico) I have touched on this subject before, but unfortunately there hasn't been any reaction yet.  Allow me to create a seperate thread about this.

    I can confirm that in our environment neither McAfee VirusScan Enterprise 8.0i nor 8.5i is detected in the Security Program Updates section of the Schedule Software Updates of SteadyState v. 2.0.  The Shared Computer Toolkit v. 1.0 and v. 1.1 had no problem detecting the McAfee security software.

    The anti-virus software here is managed centrally through the ePolicy Orchestrator Agent (McAfee AutoUpdate) that itself gets updated together with the VirusScan update.  I know that the behaviour of this agent has changed recently (with the update to v. 3.6.x) and that it now perhaps controls the anti-virus software in a different way.  The advent of v. 3.6.x of the agent was marked by a new System Tray icon (a big red "M") that replaced the blue and red shields that were present there.  The new agent possibly interferes with the detection by SteadyState v. 2.0.

    As a workaround  I've used the SCTMcAfeeVirusUpdate.vbs script from the SteadyState scripts folder succesfully as a Custom Updates script at 3:00 am a couple of ays ago.

    This is not very practical if you need a real Custom Updates script in your environment, but perhaps these scripts can be chained together or controlled by a "super-script".

    Is there a way to force a Security Program Updates script if the security program in question is not detected correctly by SteadyState?

    TIA.

    Jan J.

    Thursday, June 28, 2007 12:11 PM

Answers

  •  Jan J. wrote:
    I'll try to do some testing today with what you and J.C. Doll made public.


    Dear *.*,

    I can now confirm that as opposed to the Microsoft Shared Computer Toolkit v. 1.x, that supported anti-virus updates for McAfee VirusScan Enterprise 8.0, out-off-the-box Windows SteadyState v. 2.0 only supports non-Entreprise versions of McAfee VirusScan.

    If have tested this today with McAfee's VirusScan Plus, VirusScan Enterprise 8.0i and VirusScan Enterprise 8.5i. The net effect of this change is that McAfee VirusScan Enterprise 8.x products are not identified as Security Programs by WSS v. 2.0.

    To remedy this situation I have adapted file SoftwareUpdates.XML and developped scripts SCTMcAfeeVSE80VirusUpdate.vbs and SCTMcAfeeVSE85VirusUpdate.vbs (see below). Copying these files to the appropriate locations (C:\Program Files\Windows SteadyState\XML and C:\Program Files\Windows SteadyState\Scripts respectively) and subsequently restarting the Windows SteadyState Service will result in the creation of the associated registry settings (in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Computer Toolkit\UpdatableSoftware) and in both VirusScan Enterprise versions being identified correctly by Windows SteadyState.

    [UPDATE] This morning (July, 4) the modified SoftwareUpdates.XML settings and the McAfee VirusScan Enterprise 8.0i and 8.5i update scripts tested as expected. Both succeeded in bringing the respective mcupdate.exe to execution in quiet update mode. Apart from the associated messages in the McAfee VirusScan Enterprise UpdateLog.txt file, two entries were added to the machine's System Event log by Windows SteadyState:

    1. EventID 1214: Automatic updates starting Anti-virus and anti-spyware updates.
    2. EventID 1216: Automatic updates finished Anti-virus and anti-spyware updates.

    The second event appeared 5 minutes and 19 seconds after the first, which is as expected since a 300000 millisecond delay was programmed in both scripts.

    HTH.

    Sincerely,

    Jan J.


    File XML\SoftwareUpdates.XML:

    Code Snippet

    <?xml version="1.0" encoding="utf-8" ?>
    <!-- -->
    <!-- Windows SteadyState -->
    <!-- Copyright 2007 Microsoft -->
    <!-- -->
    <!-- SoftwareUpdates.XML -->
    <!-- -->
    <!-- This file contains the search strings for anti-virus and other software updates. Do Not Delete! -->
    <!-- -->
    <!-- Adapted for use with McAfee VirusScan Enterprise v. 8.x by Jan J. in July 2007 -->
    <!-- -->
    <softwareupdates>

    <software
    id="eTrust7.0"
    name="CA eTrust 7.0"
    detectionPath="SOFTWARE\ComputerAssociates\ScanEngine\Path"
    detectionName="Engine"
    append="InoDist.exe"
    script="SCTeTrust7VirusUpdate.vbs"
    category="Anti-Virus" />

    <software
    id="McAfee"
    name="McAfee VirusScan"
    detectionPath="SOFTWARE\McAfee.com\Agent"
    detectionName="Install Dir"
    append="mcupdate.exe"
    script="SCTMcAfeeVirusUpdate.vbs"
    category="Anti-Virus" />

    <software
    id="McAfeeVSE8.0i"
    name="McAfee VirusScan Enterprise 8.0i"
    detectionPath="SOFTWARE\Network Associates\TVD\VirusScan Enterprise\CurrentVersion"
    detectionName="szInstallDir"
    append="mcupdate.exe"
    script="SCTMcAfeeVSE80VirusUpdate.vbs"
    category="Anti-Virus" />

    <software
    id="McAfeeVSE8.5i"
    name="McAfee VirusScan Enterprise 8.5i"
    detectionPath="SOFTWARE\McAfee\DesktopProtection"
    detectionName="szInstallDir"
    append="mcupdate.exe"
    script="SCTMcAfeeVSE85VirusUpdate.vbs"
    category="Anti-Virus" />

    <software
    id="TrendMicro7.0"
    name="TrendMicro OfficeScan Corporate Edition 7.0"
    detectionPath="SOFTWARE\TrendMicro\PC-cillin"
    detectionName="Application Path"
    append="pccmain.exe"
    script="SCTTrendMicroAntiVirus.vbs"
    category="Anti-Virus" />

    </softwareupdates>



    File SCTMcAfeeVSE80VirusUpdate.vbs:

    Code Snippet

    ' ***
    ' *** ------------------------------------------------------------------------------
    ' *** Filename: SCTMcAfeeVSE80VirusUpdate.vbs
    ' *** ------------------------------------------------------------------------------
    ' *** Description: McAfee VSE 8.0 Virus Signature Update
    ' *** ------------------------------------------------------------------------------
    ' *** Version: 1.1
    ' *** Notes: Used by Windows Disk Protection
    ' *** ------------------------------------------------------------------------------
    ' *** Copyright (C) Microsoft Corporation 2007, All Rights Reserved
    ' *** ------------------------------------------------------------------------------
    ' ***
    ' *** Based on SCTMcAfeeVirusUpdate.vbs Version 1.1
    ' ***
    ' *** Adapted for use with McAfee VirusScan Enterprise 8.0i by Jan J. in July 2007
    ' ***

    ' ~~~
    ' ~~~ Force variables to be declared
    ' ~~~
    Option Explicit

    ' ~~~
    ' ~~~ Turn on error handling
    ' ~~~
    On Error Resume Next

    ' ~~~
    ' ~~~ Declare global variables
    ' ~~~
    Dim sMcAfeePath, oShell

    ' ~~~ Create objects
    Set oShell = CreateObject("WScript.Shell")

    ' ~~~ Set application path
    sMcAfeePath = oShell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\szInstallDir")

    ' ~~~ Download Virus Signature
    call oShell.Run(chr(34) & sMcAfeePath & "\mcupdate.exe" & chr(34) & " /Update /Quiet", 0, True)

    ' ~~~ Wait 5 minutes
    WScript.Sleep (300000)



    File SCTMcAfeeVSE85VirusUpdate.vbs:

    Code Snippet

    ' ***
    ' *** ------------------------------------------------------------------------------
    ' *** Filename: SCTMcAfeeVSE85VirusUpdate.vbs
    ' *** ------------------------------------------------------------------------------
    ' *** Description: McAfee VSE 8.5 Virus Signature Update
    ' *** ------------------------------------------------------------------------------
    ' *** Version: 1.1
    ' *** Notes: Used by Windows Disk Protection
    ' *** ------------------------------------------------------------------------------
    ' *** Copyright (C) Microsoft Corporation 2007, All Rights Reserved
    ' *** ------------------------------------------------------------------------------
    ' ***
    ' *** Based on SCTMcAfeeVirusUpdate.vbs Version 1.1
    ' ***
    ' *** Adapted for use with McAfee VirusScan Enterprise 8.5i by Jan J. in July 2007
    ' ***

    ' ~~~
    ' ~~~ Force variables to be declared
    ' ~~~
    Option Explicit

    ' ~~~
    ' ~~~ Turn on error handling
    ' ~~~
    On Error Resume Next

    ' ~~~
    ' ~~~ Declare global variables
    ' ~~~
    Dim sMcAfeePath, oShell

    ' ~~~ Create objects
    Set oShell = CreateObject("WScript.Shell")

    ' ~~~ Set application path
    sMcAfeePath = oShell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection\szInstallDir")

    ' ~~~ Download Virus Signature
    call oShell.Run(chr(34) & sMcAfeePath & "\mcupdate.exe" & chr(34) & " /Update /Quiet", 0, True)

    ' ~~~ Wait 5 minutes
    WScript.Sleep (300000)



    Tuesday, July 3, 2007 1:36 PM

All replies

  • This is undocumented, but in C:\Program Files\Windows SteadyState\XML is a file called SoftwareUpdates.XML.  This file is an XML file that tells SteadyState what registery entires to look for to detect programs and what script to run out of the scripts directory. 

    Thursday, June 28, 2007 2:07 PM
  • Hi,

     

    J.C is right that it is the softwareupdate.xml and SCTMcAfeeVirusUpdate.vbs that control the behavior. The steadystate will use softwareupdate.xml  to determine what registery entires to look for and which update programs and what script to run out of the corresponding scripts directory.  So based on the softwareupdate.xml ,you can check if  there is still a registry key   "Install Dir" under “HKLM>\SOFTWARE\McAfee.com\Agent”. The “Install Dir” key value should point to a directory that contains the program named “mcupdate.exe” that is responsible for the update.

     

    By the way, the current Windows SteadyState currently detects and includes scripts for updating the following security products:

    §  Computer Associates eTrust 7.0

    §  McAfee VirusScan

    §  Windows Defender

    §  TrendMicro 7.0

     

    This feature can work with other antivirus or security products. If you have a desire to use an antivirus or security product other than those listed, you can prepare a signature update script for it as described in your antivirus software manual. Signature update scripts can also be run manually. For more information on installing signature updates manually, see the “Manually Download and Install Updates” section in this handbook. 

     

    Also you mention that” The Shared Computer Toolkit v. 1.0 and v. 1.1 had no problem detecting the McAfee security software.”, did sct1.x work fine with McAfee VirusScan Enterprise 8.0i or 8.5i?

     

    Sincerely,

    Sammy Yu

     

    Friday, June 29, 2007 12:57 PM
  •  Sammy Yu - MSFT wrote:
    Also you mention that” The Shared Computer Toolkit v. 1.0 and v. 1.1 had no problem detecting the McAfee security software.”, did sct1.x work fine with McAfee VirusScan Enterprise 8.0i or 8.5i?


    Sammy,

    we have been using SCT v. 1.0 and SCT v. 1.1 with McAfee VirusScan Enterprise 8.0i since 05/2006 on (now) 67 public access pc's without any problems whatsoever.  Since there are, as far as I am aware of, no changes to the update mechanism for v. 8.5i of McAfee VirusScan Enterprise, I wonder why SteadyState does not succeed in detecting McAfee.  I'll try to do some testing today with what you and J.C. Doll made public.

    CU.

    Jan J.
    Tuesday, July 3, 2007 7:42 AM
  •  Jan J. wrote:
    I'll try to do some testing today with what you and J.C. Doll made public.


    Dear *.*,

    I can now confirm that as opposed to the Microsoft Shared Computer Toolkit v. 1.x, that supported anti-virus updates for McAfee VirusScan Enterprise 8.0, out-off-the-box Windows SteadyState v. 2.0 only supports non-Entreprise versions of McAfee VirusScan.

    If have tested this today with McAfee's VirusScan Plus, VirusScan Enterprise 8.0i and VirusScan Enterprise 8.5i. The net effect of this change is that McAfee VirusScan Enterprise 8.x products are not identified as Security Programs by WSS v. 2.0.

    To remedy this situation I have adapted file SoftwareUpdates.XML and developped scripts SCTMcAfeeVSE80VirusUpdate.vbs and SCTMcAfeeVSE85VirusUpdate.vbs (see below). Copying these files to the appropriate locations (C:\Program Files\Windows SteadyState\XML and C:\Program Files\Windows SteadyState\Scripts respectively) and subsequently restarting the Windows SteadyState Service will result in the creation of the associated registry settings (in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Computer Toolkit\UpdatableSoftware) and in both VirusScan Enterprise versions being identified correctly by Windows SteadyState.

    [UPDATE] This morning (July, 4) the modified SoftwareUpdates.XML settings and the McAfee VirusScan Enterprise 8.0i and 8.5i update scripts tested as expected. Both succeeded in bringing the respective mcupdate.exe to execution in quiet update mode. Apart from the associated messages in the McAfee VirusScan Enterprise UpdateLog.txt file, two entries were added to the machine's System Event log by Windows SteadyState:

    1. EventID 1214: Automatic updates starting Anti-virus and anti-spyware updates.
    2. EventID 1216: Automatic updates finished Anti-virus and anti-spyware updates.

    The second event appeared 5 minutes and 19 seconds after the first, which is as expected since a 300000 millisecond delay was programmed in both scripts.

    HTH.

    Sincerely,

    Jan J.


    File XML\SoftwareUpdates.XML:

    Code Snippet

    <?xml version="1.0" encoding="utf-8" ?>
    <!-- -->
    <!-- Windows SteadyState -->
    <!-- Copyright 2007 Microsoft -->
    <!-- -->
    <!-- SoftwareUpdates.XML -->
    <!-- -->
    <!-- This file contains the search strings for anti-virus and other software updates. Do Not Delete! -->
    <!-- -->
    <!-- Adapted for use with McAfee VirusScan Enterprise v. 8.x by Jan J. in July 2007 -->
    <!-- -->
    <softwareupdates>

    <software
    id="eTrust7.0"
    name="CA eTrust 7.0"
    detectionPath="SOFTWARE\ComputerAssociates\ScanEngine\Path"
    detectionName="Engine"
    append="InoDist.exe"
    script="SCTeTrust7VirusUpdate.vbs"
    category="Anti-Virus" />

    <software
    id="McAfee"
    name="McAfee VirusScan"
    detectionPath="SOFTWARE\McAfee.com\Agent"
    detectionName="Install Dir"
    append="mcupdate.exe"
    script="SCTMcAfeeVirusUpdate.vbs"
    category="Anti-Virus" />

    <software
    id="McAfeeVSE8.0i"
    name="McAfee VirusScan Enterprise 8.0i"
    detectionPath="SOFTWARE\Network Associates\TVD\VirusScan Enterprise\CurrentVersion"
    detectionName="szInstallDir"
    append="mcupdate.exe"
    script="SCTMcAfeeVSE80VirusUpdate.vbs"
    category="Anti-Virus" />

    <software
    id="McAfeeVSE8.5i"
    name="McAfee VirusScan Enterprise 8.5i"
    detectionPath="SOFTWARE\McAfee\DesktopProtection"
    detectionName="szInstallDir"
    append="mcupdate.exe"
    script="SCTMcAfeeVSE85VirusUpdate.vbs"
    category="Anti-Virus" />

    <software
    id="TrendMicro7.0"
    name="TrendMicro OfficeScan Corporate Edition 7.0"
    detectionPath="SOFTWARE\TrendMicro\PC-cillin"
    detectionName="Application Path"
    append="pccmain.exe"
    script="SCTTrendMicroAntiVirus.vbs"
    category="Anti-Virus" />

    </softwareupdates>



    File SCTMcAfeeVSE80VirusUpdate.vbs:

    Code Snippet

    ' ***
    ' *** ------------------------------------------------------------------------------
    ' *** Filename: SCTMcAfeeVSE80VirusUpdate.vbs
    ' *** ------------------------------------------------------------------------------
    ' *** Description: McAfee VSE 8.0 Virus Signature Update
    ' *** ------------------------------------------------------------------------------
    ' *** Version: 1.1
    ' *** Notes: Used by Windows Disk Protection
    ' *** ------------------------------------------------------------------------------
    ' *** Copyright (C) Microsoft Corporation 2007, All Rights Reserved
    ' *** ------------------------------------------------------------------------------
    ' ***
    ' *** Based on SCTMcAfeeVirusUpdate.vbs Version 1.1
    ' ***
    ' *** Adapted for use with McAfee VirusScan Enterprise 8.0i by Jan J. in July 2007
    ' ***

    ' ~~~
    ' ~~~ Force variables to be declared
    ' ~~~
    Option Explicit

    ' ~~~
    ' ~~~ Turn on error handling
    ' ~~~
    On Error Resume Next

    ' ~~~
    ' ~~~ Declare global variables
    ' ~~~
    Dim sMcAfeePath, oShell

    ' ~~~ Create objects
    Set oShell = CreateObject("WScript.Shell")

    ' ~~~ Set application path
    sMcAfeePath = oShell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\szInstallDir")

    ' ~~~ Download Virus Signature
    call oShell.Run(chr(34) & sMcAfeePath & "\mcupdate.exe" & chr(34) & " /Update /Quiet", 0, True)

    ' ~~~ Wait 5 minutes
    WScript.Sleep (300000)



    File SCTMcAfeeVSE85VirusUpdate.vbs:

    Code Snippet

    ' ***
    ' *** ------------------------------------------------------------------------------
    ' *** Filename: SCTMcAfeeVSE85VirusUpdate.vbs
    ' *** ------------------------------------------------------------------------------
    ' *** Description: McAfee VSE 8.5 Virus Signature Update
    ' *** ------------------------------------------------------------------------------
    ' *** Version: 1.1
    ' *** Notes: Used by Windows Disk Protection
    ' *** ------------------------------------------------------------------------------
    ' *** Copyright (C) Microsoft Corporation 2007, All Rights Reserved
    ' *** ------------------------------------------------------------------------------
    ' ***
    ' *** Based on SCTMcAfeeVirusUpdate.vbs Version 1.1
    ' ***
    ' *** Adapted for use with McAfee VirusScan Enterprise 8.5i by Jan J. in July 2007
    ' ***

    ' ~~~
    ' ~~~ Force variables to be declared
    ' ~~~
    Option Explicit

    ' ~~~
    ' ~~~ Turn on error handling
    ' ~~~
    On Error Resume Next

    ' ~~~
    ' ~~~ Declare global variables
    ' ~~~
    Dim sMcAfeePath, oShell

    ' ~~~ Create objects
    Set oShell = CreateObject("WScript.Shell")

    ' ~~~ Set application path
    sMcAfeePath = oShell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection\szInstallDir")

    ' ~~~ Download Virus Signature
    call oShell.Run(chr(34) & sMcAfeePath & "\mcupdate.exe" & chr(34) & " /Update /Quiet", 0, True)

    ' ~~~ Wait 5 minutes
    WScript.Sleep (300000)



    Tuesday, July 3, 2007 1:36 PM
  • Hi Jan,

     

    Thanks for the great knowledge sharing. From the adapted .xml file, we can see that the detectionPath and detectionName for the McAfee Enterprise version is different with that of McAfee VirusScan Plus.

     

    By the way, if possible, please let us know if the updated scripts work properly or not. I look forward to your update.

     

    ----

     

    Sincerely,

    Sammy Yu

     

     

    Wednesday, July 4, 2007 3:33 AM
  •  Sammy Yu - MSFT wrote:
    By the way, if possible, please let us know if the updated scripts work properly or not. I look forward to your update.



    Sammy,

    yesterday I updated my previous message to reflect the (positive!) test results.  The paragraph in question starts with the string "[UPDATE]".

    HTH.

    Jan J.

    Thursday, July 5, 2007 7:00 AM
  • This is great. Thanks for sharing this.
    Thursday, July 5, 2007 1:10 PM

  • Hi.

    Has anyone managed to create a script for the "Symantec Antivirus Corporate Edition"?

    Program version : 8.00.9374
    Scan engine version : 4.1.0.15

    Thank you in advance!
    Wednesday, September 5, 2007 7:24 AM
  • You can refer to JC’s script in the following thread:

     

    http://forums.microsoft.com/WindowsToolsandUtilities/ShowPost.aspx?PostID=1759844&SiteID=69

    Thursday, September 6, 2007 10:07 AM
  •  

    Thanks Jan J. for this helpful post.

    I’ve actually removed McAfee 8.5i and Installed 8.0i because it is written in the documentation that it is supported and to my surprise nothing changed… but your script has fixed it for me.

    I am wondering if Sophos Anti-Virus and Kaspersky Anti-Virus (and Internet Security version) have any scripts. My organization has Sophos Anti-Virus installed on thousands of PCs and I will not be able to convince them to adopt Windows StudyState unless I can find such a script.

    With best regards,

    Ashraf

    Saturday, September 29, 2007 4:16 AM
  • I'm having similar problems with Trend Micro's PC-Cillin 2007. SteadyState is able to auto-detect that the script it needs to run is for Trend Micro, but it doesn't seem to be actually updating... Has anyone else come upon something similar?

     

    Monday, December 24, 2007 12:03 AM
  • Hi,

     

    You can manually run the script to check if there is any update problem. I suspect it's related to the different version. The Handbook states the script support TrendMicro 7.0. It may not work for any other versions.

     

    Regards,

    Monday, December 24, 2007 5:41 AM
  • Hi,

     

    Just thought I'd post a link to my Sophos script, hope this works for you

     

    http://forums.microsoft.com/windowstoolsandutilities/ShowPost.aspx?siteid=69&postid=3562590

     

    Adam

    Wednesday, July 2, 2008 10:26 AM
  • my firewall is on and my auto upodayes but my virus protection will not turn on?????????????

    Thursday, August 14, 2008 4:12 PM
  • Hi Guys

    I need advice for configuring Windows SS for Kaspersky Internet security suite 2009..

    Regards

    Sri
    Tuesday, September 30, 2008 5:15 PM
  • Hi Jan,

    Will it work for Trend micro office scan 10.

    Can you please send the script to send the pop up message at client place to display " AV is updated and Last scan date" also insist user to do manual scan.

    Regards

    Satish Kumar

     

     

    Thursday, May 27, 2010 6:14 AM