locked
SteadyState Script Questions RRS feed

  • Question

  • With SteadyState how do you enable Disk Protection from the command-line or a script.  The DiskProtect.wsf script no longer exists and this is needed for zero touch image deployments.

     

    I also noticed that SCTNortonVirusUpdate.vbs exists in the script directory but was not added to SoftwareUpdates.XML.  Is there a problem with the script and it shouldn't be use?

     

     

    Wednesday, June 20, 2007 2:29 PM

Answers

  • Hi,

     

    You must manually enable WDP on each machine.  Once it is enabled, you can control it via a WMI interface remotely.

     

    Updates to Norton Antivirus are not officially supported from SteadyState, so NAV is not detected or updated automatically.  You can try to use the script on your own by selecting it via the Custom Updates browse button, but it may require some additional modifications to work.  If NAV shows any blocking UI (for example, a dialog that requires user interaction), then the updates will fail.

    Wednesday, June 20, 2007 8:30 PM
  • This is what I am using on my  development system with the new Windows SteadyState.  So far I've had no problems with it, the script should actually work on version 1.1 as well.  Make sure you go into Control Panel > Symantec LiveUpdate.  Set it to Express Mode and put a check in both of the Express Mode Settings.

     

     

    SCTSymantecVirusUpdate.vbs

    Code Snippet

    ' ~~~ Force variables to be declared
    ' ~~~
    Option Explicit

    ' ~~~
    ' ~~~ Turn on error handling
    ' ~~~
    On Error Resume Next

    ' ~~~
    ' ~~~ Declare global variables
    ' ~~~
    Dim sNortonPath, oShell, strComputer, oWMIService, ColProcesses

    ' ~~~ Create objects
    Set oShell = CreateObject("WScript.Shell")

    ' ~~~ Set application path
    sNortonPath = oshell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\SAV Install Directory")

    '~~~ Download Virus Signature
    call oShell.Run("""" & sNortonPath & "\VPDN_LU.exe""" & " /s", 0, True)

    ' ~~~ Wait 5 minutes
    WScript.Sleep (300000)

     

    This will make SteadyState Autodetect 

     

    SoftwareUpdates.XML

    Code Snippet
      <software
        id="SymantecAV10"
        name="Symantec AntiVirus 10"
        detectionPath="SOFTWARE\Symantec\InstalledApps"
        detectionName="SAV Install Directory"
        append="VPDN_LU.exe"
        script="SCTSymantecVirusUpdate.vbs"
        category="Anti-Virus"  />

     

     On our current production systems with Toolkit 1.1 we are just using the following batch file. 

     

    sav.cmd

    Code Snippet

    @echo off

    "C:\Program Files\Symantec\LiveUpdate\LUALL.EXE" -s

    "C:\Program Files\Symantec Antivirus\VPDN_LU.EXE" /s

     

     

    Thursday, June 21, 2007 2:00 PM

All replies

  • Hi,

     

    You must manually enable WDP on each machine.  Once it is enabled, you can control it via a WMI interface remotely.

     

    Updates to Norton Antivirus are not officially supported from SteadyState, so NAV is not detected or updated automatically.  You can try to use the script on your own by selecting it via the Custom Updates browse button, but it may require some additional modifications to work.  If NAV shows any blocking UI (for example, a dialog that requires user interaction), then the updates will fail.

    Wednesday, June 20, 2007 8:30 PM
  • Where can I find information on the WMI Interface for manipulating WDP settings remotely?
    Wednesday, June 20, 2007 8:37 PM
  • Hey Rob,

     

    I have 264 shared PCs spread across 3 different locations and more labs maybe added on the horizon.  Zero touch installation of our images is the only way to go.  This feature really needs to be added back in.

    Thursday, June 21, 2007 1:44 AM
  •  JC Doll wrote:

    With SteadyState how do you enable Disk Protection from the command-line or a script.  The DiskProtect.wsf script no longer exists and this is needed for zero touch image deployments.

     

    I also noticed that SCTNortonVirusUpdate.vbs exists in the script directory but was not added to SoftwareUpdates.XML.  Is there a problem with the script and it shouldn't be use?

      

     

    I might have a script that will work with Norton...I just haven't had a chance to try it yet. Basically it will get the virus defs from Symantec's ftp site and then extract it into C:\Program Files\Common Files\Symantec Shared\VirusDefs\incoming.  Now what happens to it while it is in this directory I haven't played with yet, but that is where symantec said to extract it.  I should be able to test it in the next day or two and I will post my results here.

    Thursday, June 21, 2007 4:20 AM
  • Thanks, my Norton question was mostly curiosity.  I have a working script for Symantec Antivirus Corp 10 if anyone needs it.
    Thursday, June 21, 2007 5:35 AM
  • I have been trying to come up with a script for Symantec Antivirus Corp 10 for a while now. If it is possible I would appreciate you sending me your script.
    Thursday, June 21, 2007 1:38 PM
  • This is what I am using on my  development system with the new Windows SteadyState.  So far I've had no problems with it, the script should actually work on version 1.1 as well.  Make sure you go into Control Panel > Symantec LiveUpdate.  Set it to Express Mode and put a check in both of the Express Mode Settings.

     

     

    SCTSymantecVirusUpdate.vbs

    Code Snippet

    ' ~~~ Force variables to be declared
    ' ~~~
    Option Explicit

    ' ~~~
    ' ~~~ Turn on error handling
    ' ~~~
    On Error Resume Next

    ' ~~~
    ' ~~~ Declare global variables
    ' ~~~
    Dim sNortonPath, oShell, strComputer, oWMIService, ColProcesses

    ' ~~~ Create objects
    Set oShell = CreateObject("WScript.Shell")

    ' ~~~ Set application path
    sNortonPath = oshell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\SAV Install Directory")

    '~~~ Download Virus Signature
    call oShell.Run("""" & sNortonPath & "\VPDN_LU.exe""" & " /s", 0, True)

    ' ~~~ Wait 5 minutes
    WScript.Sleep (300000)

     

    This will make SteadyState Autodetect 

     

    SoftwareUpdates.XML

    Code Snippet
      <software
        id="SymantecAV10"
        name="Symantec AntiVirus 10"
        detectionPath="SOFTWARE\Symantec\InstalledApps"
        detectionName="SAV Install Directory"
        append="VPDN_LU.exe"
        script="SCTSymantecVirusUpdate.vbs"
        category="Anti-Virus"  />

     

     On our current production systems with Toolkit 1.1 we are just using the following batch file. 

     

    sav.cmd

    Code Snippet

    @echo off

    "C:\Program Files\Symantec\LiveUpdate\LUALL.EXE" -s

    "C:\Program Files\Symantec Antivirus\VPDN_LU.EXE" /s

     

     

    Thursday, June 21, 2007 2:00 PM
  • Hi,

     

    There is a forthcoming KB article that details this interface.  It was supposed to be published on 6/18, but apparently there's been a snag somewhere.  I'll post here when it's available.

    Friday, June 22, 2007 8:24 AM
  • Thanks JC! We're trying it  out with a few of our images right now but it looks good.
    Friday, June 22, 2007 6:45 PM
  • Rather than a script, why not use the bult-in "Schedule Updates" function in Symnantec AntiVirus Corporate Edition 10.x? I've used it successfully with the Shared Computer Toolkit on many computers without problems. Has anyone tried the scheduler with Steady State? I'm just starting to upgrade some machines and would like to know. Thanks.
    Saturday, June 23, 2007 1:49 PM
  • Just preference, another lab I’m aware of does their SAV updates at the same time Shared Computer Toolkit is updating.  I prefer performing tasks like this sequentially to reduce the risk of a conflict or another program doing something funny like rebooting the system in the middle of an update.  I’ve not heard the other lab have any problems though, so either should work.  As for SteadyState, so far none of the labs I’m aware of have deployed it yet, so I don’t know if the same is true for it.
    Saturday, June 23, 2007 9:32 PM
  • This makes the product worthless to us.  We planned on deploying this to 1500 computers and asked during the Beta if it would be scriptable in the released product and we were assured that it would be.  Any plans on adding this functionality in, or should I take a look at a different product?

     

    Monday, June 25, 2007 2:54 PM
  • JC,

     

    Forgive my ignorance, I am aware of how to use your sav.cmd file but I am not a programmer.  I was wondering if you could please explain how to use your script?

    Thanks in advance!

    Friday, July 6, 2007 3:03 PM
  • You can use the batch file and the script file the same way.  Just make sure the script has the file extension VBS and Windows will run it using the script engine (cscript.exe) for you.  The simplest way to use the script is in Shared Computer Toolkit under the Disk Protection menu, you can select an Antivirus or a custom update script.  This is the same places you would normally select a batch file at.  Just select the VBS file instead and Windows will take care of the rest.  Under Windows Steady State this same option is under the auto update menu. 

    If you want Windows Steady State to auto detect the same way it does for supported Anti-viruses you need to edit one of its configuration files in notepad.  SoftwareUpdates.XML is located in
    C:\Program Files\Windows SteadyState\XML.  Just open that file in notepad and right before the last tag </softwareupdates> add the lines from my other post.  Reboot the computer and Steady State should now auto detect Symantec Anti-Virus 10.

    All the script does is get the path to Symantec AV out of the registry and then execute” VPDN_LU.exe /s” then wait 300000 milliseconds (5 minutes) before exiting.  The pause is to allow the update time to complete before the script exits, allowing Steady State to complete the rest of the update processes. 

    Monday, July 9, 2007 5:24 AM
  •  

    Can we get some kind of update from the development team if a solution is going to be provided to automate the on/off of disk protection?   I am two weeks away from our target deployment date and need to make a decision if we are going to use SteadyState.

    Thursday, August 2, 2007 4:11 AM
  • I must second this. A large portion of the client base for this product would need something like this. Certainly the zero touch functionality can't be that difficult to include.

    Please inform us if you plan to do anything about this.
    Wednesday, August 8, 2007 1:48 PM
  • I would third this. The software doesn't seem all that useful without this scripting functionality for large workstation deployments numbering in the 100's or 1000's of computers (and annoying for even as few as 20).
    Friday, October 26, 2007 9:43 PM
  • J.C., do you or does anyone else out there have any experience with the Symantec Corporate Edition predecessor called Symantec Endpoint Protection v.11

    Saturday, October 27, 2007 7:08 PM
  • Ok,

     

    I have a script file I've created for Symantec Endpoint Protection 11 on the client that will work with Steadystate to automate the update process.  I really don't know how I did it, but I managed to mix the already existant script in the Scripts directory for Norton and JC's script for Symantec Corporate Edition 10.  Here's the script:

     

    -----start---------

     

    ' ~~~ Force variables to be declared
    ' ~~~
    Option Explicit

    ' ~~~
    ' ~~~ Turn on error handling
    ' ~~~
    On Error Resume Next

    ' ~~~
    ' ~~~ Declare global variables
    ' ~~~
    Dim sNortonPath, oShell, strComputer, oWMIService, ColProcesses

    ' ~~~ Create objects
    Set oShell = CreateObject("WScript.Shell")


    ' ~~~ Set application path
    sNortonPath = oshell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\LUALL.EXE\")

    '~~~ Download Virus Signature
    call oShell.Run("""" & sNortonPath & """" & " ", 0, True)

    ' ~~~ Wait 5 minutes
    WScript.Sleep (300000)

     

    ------end----------

     

    Sunday, October 28, 2007 2:12 PM
  • You may want to try adding -s to the call oShell.Run.  -s will tell LiveUpdate to run in silent mode (no user interaction).

    Code Block

    call oShell.Run("""" & sNortonPath & """" & " -s", 0, True)

     

     

    Sunday, October 28, 2007 3:23 PM
  • Thanks J.C.  I'll do that to make the update silent.  

     

    Sunday, October 28, 2007 3:41 PM
  • Does anyone know how to make Steadystate recognize Symantec Endpoint Protection in the softwareupdates.xml file for Steadystate?  The one JC references looks like this for Symantec Corporate Edition (listed below), but I don't know how to modify it so that it works with Symantec Endpoint Protection 11:

     

    Code Snippet  <software
        id="SymantecAV10"
        name="Symantec AntiVirus 10"
        detectionPath="SOFTWARE\Symantec\InstalledApps"
        detectionName="SAV Install Directory"
        append="VPDN_LU.exe"
        script="SCTSymantecVirusUpdate.vbs"
        category="Anti-Virus"  />

     

    Any help would be appreciated.Smile

     

     

     

     

    Sunday, October 28, 2007 4:43 PM
  • Yes, I would greatly appreciate the Symantec script.

    Thank you.

    Monday, November 19, 2007 10:38 PM
  • Our Software group just gave me a copy of Endpoint.  My guess is its still using Live Update so little should have to be changed, but I'll load it up tomarrow and see if I can get a working script.

    Tuesday, November 20, 2007 2:12 AM
  • Try this:


      <software
        id="SymantecEP11"
        name="Symantec Endpoint Protection 11"
        detectionPath="SOFTWARE\Symantec\InstalledApps"
        detectionName="SAV Install Directory"
        append="SescLU.exe"
        script="SCTSymantecEndpointUpdate.vbs"
        category="Anti-Virus"  />

    I suppose one could choose any file in the SAV Install Directory to validate so long as it is unique to Endpoint but I chose the file related to the LiveUpdate function. However, it is not necessary to run SescLU.exe to get the updates (nor was I able to make that work anyway). The vbs script posted earlier in this thread that runs the LiveUpdate executable LUALL.EXE directly works fine for the actual updates.

     

    Note that you must also set LiveUpdate to run in Express mode and to auto-start and auto-close when done. Also, if you have one of the latest versions of LiveUpdate (e.g., v3.2) you may want to disable LiveUpdate's "Automatic LiveUpdate" function which checks for updates every 4 hours by default.

     

    Finally, at least with v3.2 of LiveUpdate, I found that when run from the vbs file, it runs silently with or without the "-s" switch. Don't know why but I confirmed it ran in both cases by using Task Manager to monitor.

     

    Ed Ruth

    Monday, November 26, 2007 11:58 AM
  • I've been reading your posts with interest.  I am using MS Shared Toolkit on a few of my public access computers and have Symantec Antivirus Corp. v10.  Right now all the computers updates are managed thru the AV server.  Will this still work if I migrate to Steady State or will I have to point the computers to the AV script on the server to get the updates?

     

    Thanks ahead of time and ... (sorry about the name...bad day when I signed up...)  DLH Smile

    Wednesday, January 23, 2008 7:09 PM
  • If you are asking me, I do not know. All of my public access computers are standalone.

    Saturday, January 26, 2008 2:00 PM
  • Could you please send me the script you have for Symantec? 
    Friday, February 15, 2008 8:17 PM
  • I'm sorry...we are new to script writting and are not sure how to set this up with steadystate.  I copied the .vbs and .XML and the .cmd file in your response, but I have no idea what to do with them.  Can you give me a step by step on how to make these files work in SteadyState?  We would like to put this on our image, but are not sure if we should.  Can anyone give me some help?  I'd appreciate it.
    Friday, February 15, 2008 8:57 PM
  • As I know, we need modify SoftwareUpdates.xml under the following location: (add Symantec related lines which have been mentioned)

     

    C:\Program Files\Windows SteadyState\XML

     

    As to .vbs files, please copy it to the following folder:

     

    C:\Program Files\Windows SteadyState\Scripts

     

    After that, please open SteadyState to check if the antivirus program can be detected or not.

     

    Note: I am not sure whether the CMD file is needed.

     

    Regards,

     

    Tuesday, February 19, 2008 2:37 AM
  •  Shawn Shao - MSFT wrote:

    As I know, we need modify SoftwareUpdates.xml under the following location: (add Symantec related lines which have been mentioned)

     

    C:\Program Files\Windows SteadyState\XML

     

    As to .vbs files, please copy it to the following folder:

     

    C:\Program Files\Windows SteadyState\Scripts

     

    After that, please open SteadyState to check if the antivirus program can be detected or not.

     

    Note: I am not sure whether the CMD file is needed.

     

    Regards,

     



    Hi there,

    I've been trying to do exactly the same thing with my standalone PCs running Windows XP Pro SP2 with SAV CE 10. I've added the lines in SoftwareUpdates.XML and copied the .vbs file in the Scripts directory, but Windows SteadyState failed to detect the anti-virus software installed..

    Does anyone has a clue to this? Or is it okay just to run the vbs with custom script?

    Thanks so much!!

    Wednesday, June 11, 2008 1:13 AM
  • Some more info: I've create a simple batch file to run the vbs via custom script updates in SteadyState; the script ran but LiveUpdate eventually failed (I checked the log files in "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\"). The error message being: "Manual LiveUpdate failed to download.". Here is the catch: I can run and update the signature successfully if I logged on with local administrator account and trigger the script in task scheduler....

    Anyone know who to fix this? Thanks!!


    Wednesday, June 11, 2008 7:11 AM
  • One note re Shawn's instructions. You must reboot after modifying the XML file and adding the VBS file. If it was done correctly, the Symantec program will be detected and listed after the reboot.

     

    Ed Ruth

    DataNet Services, Inc.

    Wednesday, June 11, 2008 11:48 AM
  • I have found that in order to have Symantec AntiVirus 10 CE and/or Symantec Endpoint Protection 11 run correctly and to have the LiveUpdate function work via a SteadyState script that I must make the user a member of the Administrators group and then set all the necessary restrictions in SteadyState. Also remember to place LiveUpdate in Express mode and set it to start and close automatically. I have the below scripts working perfectly on about 100 computers.

     

    Here are the excerpts from my SoftwareUpdates.XML file that work:

     

      <software
        id="SymantecAV10"
        name="Symantec AntiVirus 10"
        detectionPath="SOFTWARE\Symantec\InstalledApps"
        detectionName="SAV Install Directory"
        append="VPDN_LU.exe"
        script="SCTSymantecVirusUpdate.vbs"
        category="Anti-Virus"  />

     

      <software
        id="SymantecEP11"
        name="Symantec Endpoint Protection 11"
        detectionPath="SOFTWARE\Symantec\InstalledApps"
        detectionName="SAV Install Directory"
        append="SescLU.exe"
        script="SCTSymantecEndpointUpdate.vbs"
        category="Anti-Virus"  />

    This is my VBS script for SAV 10:

     

    ' ~~~ Force variables to be declared
    ' ~~~
    Option Explicit

    ' ~~~
    ' ~~~ Turn on error handling
    ' ~~~
    On Error Resume Next

    ' ~~~
    ' ~~~ Declare global variables
    ' ~~~
    Dim sNortonPath, oShell, strComputer, oWMIService, ColProcesses

    ' ~~~ Create objects
    Set oShell = CreateObject("WScript.Shell")

    ' ~~~ Set application path
    sNortonPath = oshell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\SAV Install Directory")

    '~~~ Download Virus Signature
    call oShell.Run("""" & sNortonPath & "\VPDN_LU.exe""" & " /s", 0, True)

    ' ~~~ Wait 5 minutes
    WScript.Sleep (300000)

    And finally, this is my script for SEP 11:

     

    ' ~~~ Force variables to be declared
    ' ~~~
    Option Explicit

    ' ~~~
    ' ~~~ Turn on error handling
    ' ~~~
    On Error Resume Next

    ' ~~~
    ' ~~~ Declare global variables
    ' ~~~
    Dim sNortonPath, oShell, strComputer, oWMIService, ColProcesses

    ' ~~~ Create objects
    Set oShell = CreateObject("WScript.Shell")

    ' ~~~ Set application path
    sNortonPath = oshell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\LUALL.EXE\")

    '~~~ Download Virus Signature
    call oShell.Run("""" & sNortonPath & """" & " -s", 0, True)

    ' ~~~ Wait 5 minutes
    WScript.Sleep (300000)

    ---------------

    The "sNortonPath" line above may wrap in this post. You will need to unwrap it for use.

    Ed Ruth

    DataNet Services, Inc.

    Wednesday, June 11, 2008 12:05 PM
  •  Ed Ruth wrote:

    I have found that in order to have Symantec AntiVirus 10 CE and/or Symantec Endpoint Protection 11 run correctly and to have the LiveUpdate function work via a SteadyState script that I must make the user a member of the Administrators group and then set all the necessary restrictions in SteadyState. Also remember to place LiveUpdate in Express mode and set it to start and close automatically. I have the below scripts working perfectly on about 100 computers.


    Thanks for your response, Ed Ruth. I've already place LiveUpdate in Express mode and set it to start & close automatically, and I managed to start the LiveUpdate script via custom script in SteadyState, but it failed to download the updates; however, I could run the same script with task schedules... upon checking the log files it seems that the script runs in system account privileges with SteadyState software updates, while it runs in local administrator privileges with task schedules. I've turned on Windows Disk Protection so SteadyState software updates is the only way. Is there a way to resolve this? Thanks!!
    Thursday, June 12, 2008 3:32 AM
  •  

    Could you please post the working script for Symantec Antivirus Corp 10 .

    Thanks

    Tuesday, July 22, 2008 10:01 AM
  • Hi there

     

    Can you please send me the script. I have steady state version 2.5 and SYmantecFull  version 10.0.2.2000

     

    Thanks

    jav

    Wednesday, July 23, 2008 4:09 AM
  • so are the scripts necessary if your PCs get their updates from internam Symantec Corporate server?
    Thursday, August 14, 2008 12:45 PM
  • It occurs to me that if I have SEP 11 set to pull updates from the local management server (not Symantec's LiveUpdate server) on startup that it will be up to date as long as the session is active.  The changes just don't get saved on shutdown.  It's not particularly efficient or elegant, but it sure simplifies things.  The machines start automatically before we open, so I can live with the slight extra time it will take to start them up.

    Please tell me if I'm wrong.

    Monday, September 8, 2008 5:33 PM
  • Hi I used the script that was mentioned in this forum. But by some reasons, the steady state seems to abort my schedule symantec update. Any idea why it would do that? any help will be really appreciated.
    Saturday, December 20, 2008 10:12 AM
  • Trying to use Windows SteadyState with Symantec Endpoint Protection 11.

    I have tried all the solutions listed above (library1 and JC Doll).  I created the SCTSymantecVirusUpdate.vbs with text from JC Doll and added the code to the SoftwareUpdates.XML

    I also tried the code that library1 suggested for the SCTSymantecVirusUpdate.vbs


    Unforunitly everytime I do a reboot the updates are lost to Symantec Endpoint Protection.

    Any Ideas?
    Friday, March 20, 2009 11:55 PM
  • We are having the same issues.  Can I get copies of the scripts for both 10 and 11.  I have a new test bed to test this in.
    Thanks.
    Wednesday, September 2, 2009 6:48 PM
  • Anybody has a script for Norton internet security 2010?

     

    thank you

    Wednesday, June 30, 2010 7:38 PM
  • I could not get the above scripts to run on our XP machines without giving admin permisions to the users which is something I did not want to do.

     

    I have been able to set VPDN_LU.exe to run via Scheduled Tasks and set that to run at login as the admin account. You need to set VPDN_LU.exe to express mode and to open and close without prompt.

    Wednesday, March 23, 2011 10:05 AM