none
anti virus updates RRS feed

  • Question

  • I would like to no if anti virus updates would still be there after starting up with protection left on.

    Sunday, July 20, 2008 2:56 PM

Answers

  •  

    Hi, virus definition update can be saved when running under locked profile. For Windows Disk Protection enabled computer, during the installation of virus definition updates, Windows SteadyState makes sure that the "Retain all changes permanently" option is turned on in the Protect the Hard Drive dialog box. After the installation of all updates, SteadyState will restore the WDP option to "Remove all changes at restart". That’s why all updates will be retained. However, if updates are installed through other methods, WDP will remove all the changes at restart if the "Remove all changes at restart" option is selected. In that case, we need to configure WDP manually to update the system.

    Wednesday, July 23, 2008 5:44 AM
    Moderator
  • Not sure if this is of any help to you. I tried to look up any CLI/switches for Trend Micro but i couldn't (just did a quick search).

     

    The Antivirus I'm using is NOD32 so i had to do a config myself.

     

    Go to the steadystate folder and open up the XML folder and then open SoftwareUpdates.XML with your preferred text editor. just go to the end of the file and enter the following, before the </softwareudpates>:

     

    <software
        id="TrendMicro"        <--- this is just a unique ID can be anything you want
        name="Trend Micro AntiVirus"       <------------- This is what appears in the AV Client box in the GUI
        detectionPath="SOFTWARE\ESET\ESET Security\CurrentVersion\Info"   <--------- Registry Key that points to the install location of the AV, example for ESET its  SOFTWARE\ESET\ESET Security\CurrentVersion\Info (Info being the Key)
        detectionName="InstallDir" <--- this is the name of the registry entry with the directory location
        append="<SOME EXE FILE HERE FOR AV>" <--- used to verify this is the correct AV location
        script="SCTNOD32Update.vbs" <------- VBScript which will execute to run the update
        category="Anti-Virus"  />  <--- Leave alone

     

    Next is the vbs file taken from the other Microsoft vbs files. Navigate to the scripts folder and create a new vbs file. with the following:

     

    Option Explicit

    On Error Resume Next

     

    Dim sTrendMicroPath, oShell, strComputer, oWMIService, ColProcesses

    Set oShell = CreateObject("WScript.Shell")

     

    sTrendMicroPath = oShell.RegRead("HKEY_LOCAL_MACHINE\<Enter the detectionPath and detectionName from the xml file>")

     

    call oShell.Run(chr(34) & sTrendMicroPath <you may need more info here pointing to the EXE with command line params>, 0, True)

     

    Wscript.Sleep(300000)

     

    I hope this helps answer your question in some sort of fashion

     

    EDIT: Forgot to mention you may need to either logout or restart the computer before SteadyState sees it

    Monday, July 28, 2008 6:51 PM

All replies

  •  

    Hi, do you mean if Windows SteadyState will affect virus updates in antivirus program? Which antivirus program do you refer to? Or do you mean if Windows Disk Protection may affect virus definition update?

    Tuesday, July 22, 2008 3:40 AM
    Moderator
  • I would like to know the answer to this too. I am working on setting up an internet access kiosk PC, and I want to know if AVG daily updates will be saved when running under the locked profile? Or will they be lost because of Windows Disk Protection. Thanks.

     

     

    Tuesday, July 22, 2008 7:55 PM
  •  

    Hi, virus definition update can be saved when running under locked profile. For Windows Disk Protection enabled computer, during the installation of virus definition updates, Windows SteadyState makes sure that the "Retain all changes permanently" option is turned on in the Protect the Hard Drive dialog box. After the installation of all updates, SteadyState will restore the WDP option to "Remove all changes at restart". That’s why all updates will be retained. However, if updates are installed through other methods, WDP will remove all the changes at restart if the "Remove all changes at restart" option is selected. In that case, we need to configure WDP manually to update the system.

    Wednesday, July 23, 2008 5:44 AM
    Moderator
  • So in other words as the administrator I'll need to login daily to this PC to download the current virus updates so they can be saved?

     

    What's the benefit of turning on WDP if you're going to set it to "Retain all changes permanently"?

    Wednesday, July 23, 2008 11:46 PM
  •  

    You can perform security program updates automatically as part of the critical updates process if Windows SteadyState detects an antivirus or security product it can update. Windows SteadyState currently detects and includes scripts for updating the following security products:

     

    ·                    Computer Associates eTrust 7.0

    ·                    McAfee VirusScan

    ·                    Windows Defender

    ·                    TrendMicro 7.0

     

    If you are using one of the above antivirus programs, updates should be downloaded automatically and keep the virus definition. Otherwise, we need to manually update them. "Retain all changes permanently" is what we need to do in SteadyState before manually updating the virus definition. 

    Thursday, July 24, 2008 3:41 AM
    Moderator
  • My organization uses "Trend Micro Officescan Client 8.0" on each of the desktop machines.  Unfortunately it would seem that SteadyState will not detect this client.  

     

    Updates on this AntiVirus are either "pushed" from a central administration console or can be triggered by clicking on the tray icon and prompting it to "update" the definitions.  

     

    This is the ONLY thing keeping me from using SteadyState at this point, as with over 250 computers it would be nearly impossible for me to go arounad and log in, disable steadystate, download/install updates, reboot, and then re-enable steadystate.  

     

    Will MSFT create or does someone have a Script for this that I can use? 

     

    Thank you.

    Thursday, July 24, 2008 1:50 PM
  • Not sure if this is of any help to you. I tried to look up any CLI/switches for Trend Micro but i couldn't (just did a quick search).

     

    The Antivirus I'm using is NOD32 so i had to do a config myself.

     

    Go to the steadystate folder and open up the XML folder and then open SoftwareUpdates.XML with your preferred text editor. just go to the end of the file and enter the following, before the </softwareudpates>:

     

    <software
        id="TrendMicro"        <--- this is just a unique ID can be anything you want
        name="Trend Micro AntiVirus"       <------------- This is what appears in the AV Client box in the GUI
        detectionPath="SOFTWARE\ESET\ESET Security\CurrentVersion\Info"   <--------- Registry Key that points to the install location of the AV, example for ESET its  SOFTWARE\ESET\ESET Security\CurrentVersion\Info (Info being the Key)
        detectionName="InstallDir" <--- this is the name of the registry entry with the directory location
        append="<SOME EXE FILE HERE FOR AV>" <--- used to verify this is the correct AV location
        script="SCTNOD32Update.vbs" <------- VBScript which will execute to run the update
        category="Anti-Virus"  />  <--- Leave alone

     

    Next is the vbs file taken from the other Microsoft vbs files. Navigate to the scripts folder and create a new vbs file. with the following:

     

    Option Explicit

    On Error Resume Next

     

    Dim sTrendMicroPath, oShell, strComputer, oWMIService, ColProcesses

    Set oShell = CreateObject("WScript.Shell")

     

    sTrendMicroPath = oShell.RegRead("HKEY_LOCAL_MACHINE\<Enter the detectionPath and detectionName from the xml file>")

     

    call oShell.Run(chr(34) & sTrendMicroPath <you may need more info here pointing to the EXE with command line params>, 0, True)

     

    Wscript.Sleep(300000)

     

    I hope this helps answer your question in some sort of fashion

     

    EDIT: Forgot to mention you may need to either logout or restart the computer before SteadyState sees it

    Monday, July 28, 2008 6:51 PM
  • If you're working with NOD32 and have a script for updating it, could you please share it?  I've been in touch with ESET support and they don't seem to know how to update their product by command line!  In your post, you mention "SCTNOD32Update.vbs" for updating NOD32 -- is this a real script you've developed, or is it just a placeholder, like the " append="<SOME EXE FILE HERE FOR AV>" <--- used to verify this is the correct AV location" line?
    Wednesday, July 30, 2008 1:24 PM
  • In the SoftwareUpdates.XML file add this before the tag

    Code Snippet
      <SOFTWARE
        id="ESET"
        name="Eset NOD32 Antivirus"
        detectionPath="SOFTWARE\ESET\ESET Security\CurrentVersion\Info"
        detectionName="InstallDir"
        append="ecmd.exe"
        script="SCTNOD32Update.vbs"
        category="Anti-Virus"  />

     

     

     

    The vbscript:

    Code Snippet

    Option Explicit

    ' ~~~
    ' ~~~ Turn on error handling
    ' ~~~
    On Error Resume Next

    ' ~~~
    ' ~~~ Declare global variables
    ' ~~~
    Dim sEsetPath, oShell, strComputer, oWMIService, ColProcesses

    ' ~~~ Create objects
    Set oShell = CreateObject("WScript.Shell")

    ' ~~~ Set application path
    sEsetPath = oshell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info\InstallDir")


    '~~~ Download Virus Signature
    call oShell.Run(chr(34) & sEsetPath & "\ecmd.exe" & chr(34) & " /update", 0, True)

    ' ~~~ Wait 5 minutes
    WScript.Sleep (300000)

     

     


    the ecmd.exe im assuming is the command line for updating. I could be wrong. I have a central admin server for the updates so it pushes every hour anyway. However the ecmd.exe /update parameter is the only one i could get to work with that exe file..

     

    worst comes to worst just create a schedule update in NOD32 at the same time the windows update will kick off. Most AV vendors release signature updates every hour anyway and the vbscript will only launch when SteadyState becomes 'unfrozen'

    Thursday, July 31, 2008 1:26 PM