Kaseya Community

Windows Dender - Install/Un-install, Update Defs, Scan

Posted by LegacyPoster

on May 26, 2006 2:17 AM

Hello!

I have been putting together a bunch of Windows Defender Scripts. Help me improve these! This is my first try at trying to get some mana. Wink

Be easy on me, I have only been using Kaseya for a week!

InstallDefender.txt - Installs Defender

Script Name: Windows Defender Install
Script Description: This will install windows defender beta 2.

IF True
THEN
Write Script Log Entry
Parameter 1 : Starting Script, Downloading File
OS Type : 0
Write File
Parameter 1 : %systemdrive%tempWindowsDefB2.msi
Parameter 2 : VSASharedFiles.WindowsDefB2.msi
OS Type : 0
Write Script Log Entry
Parameter 1 : File Downloaded, Now Install
OS Type : 0
Execute File
Parameter 1 : %systemroot%system32msiexec.exe
Parameter 2 : /i %systemdrive%tempWindowsDefB2.msi /qn
Parameter 3 : 3
OS Type : 0
Write Script Log Entry
Parameter 1 : Win Defender Installed
OS Type : 0
ELSE

Un-InstallDefender.txt - Un-installs Defender

Script Name: Windows Defender Uninstall
Script Description: Un-install windows defender.

IF True
THEN
Write Script Log Entry
Parameter 1 : Starting the removal of Windows Defender
OS Type : 0
Execute Shell Command
Parameter 1 : MsiExec.exe /X {CAB99E06-B92F-4AE0-89AD-D9AC5991046F} /L *vx /Log c:wdf.log /quiet
Parameter 2 : 0
OS Type : 0
Write Script Log Entry
Parameter 1 : Removed Windows Defender
OS Type : 0
ELSE

WD-UpdateDefs.txt - Updates the definitions of defender from the internet

Script Name: Windows Defender Update Defs
Script Description:

IF Test File
Parameter 1 : C Stick out tongue

rogram FilesWindows DefenderMpCmdRun.exe
Exists :
THEN
Write Script Log Entry
Parameter 1 : Windows Defender Found. Updating Definitions
OS Type : 0
Execute File
Parameter 1 : C Stick out tongue

rogram FilesWindows DefenderMpCmdRun.exe
Parameter 2 : signatureupdate
Parameter 3 : 1
OS Type : 0
Write Script Log Entry
Parameter 1 : Windows Defender Updated
OS Type : 0
ELSE
Write Script Log Entry
Parameter 1 : Windows Defender not installed. Please install before updating.
OS Type : 0

Windows Defender Full Scan.txt - This will do a full system scan.

Script Name: Windows Defender Full Scan
Script Description:

IF Test File
Parameter 1 : C Stick out tongue

rogram FilesWindows DefenderMpCmdRun.exe
Exists :
THEN
Write Script Log Entry
Parameter 1 : Windows Defender Installed. Scanning Computer.
OS Type : 0
Execute File
Parameter 1 : C Stick out tongue

rogram FilesWindows DefenderMpCmdRun.exe
Parameter 2 : scan
Parameter 3 : 0
OS Type : 0
ELSE
Write Script Log Entry
Parameter 1 : Windows Defender is not installed.
OS Type : 0

Windows Defender - Install, Update, Scan.txt - Installs defender if missing, updates the defs, and then scans the computer. If defender is already installed it updates the defs and then scans.

Script Name: Windows Defender - Install, Update, Scan
Script Description:

IF Test File
Parameter 1 : C Stick out tongue

rogram FilesWindows DefenderMpCmdRun.exe
Absent :
THEN
Execute Script
Parameter 1 : Windows Defender Install (NOTE: Script reference is NOT imported. Correct manually in script editor.
Parameter 2 :
Parameter 3 : 0
OS Type : 0
Execute Script
Parameter 1 : Windows Defender Update Defs (NOTE: Script reference is NOT imported. Correct manually in script editor.
Parameter 2 :
Parameter 3 : 0
OS Type : 0
Execute Script
Parameter 1 : Windows Defender Full Scan (NOTE: Script reference is NOT imported. Correct manually in script editor.
Parameter 2 :
Parameter 3 : 0
OS Type : 0
ELSE
Write Script Log Entry
Parameter 1 : Windows Defender Already Installed, Updating Defs
OS Type : 0
Execute Script
Parameter 1 : Windows Defender Update Defs (NOTE: Script reference is NOT imported. Correct manually in script editor.
Parameter 2 :
Parameter 3 : 0
OS Type : 0
Execute Script
Parameter 1 : Windows Defender Full Scan (NOTE: Script reference is NOT imported. Correct manually in script editor.
Parameter 2 :
Parameter 3 : 0
OS Type : 0

Enjoy!

Legacy Forum Name: Windows Dender - Install/Un-install, Update Defs, Scan,
Legacy Posted By Username: far182

Posted by LegacyPoster

on Mar 28, 2006 4:34 AM

I still wonder if there is a way to keep the windows defender from blocking VNC.

Legacy Forum Name: Spyware Scripts,
Legacy Posted By Username: seangoss

Posted by LegacyPoster

on May 24, 2006 8:29 AM

I first tried the Update script, but it failed. The Script Log said that I didn't have Windows Defender installed. I know it was installed, and so I did some checking. I have had this installed since Microsoft bought out Giant, and so its path is different than your script was expecting. Also, there is no file named "MpCmdRun.exe" on my machine.

Next, I tried to run the install script on a separate PC, but of course it failed. I don't have the WindowsDefB2.msi file. Doh! Where can I get this file? I tried MS's website and got no response, and then I tried to Google it, and got zero responses. Any help?

Legacy Forum Name: Spyware Scripts,
Legacy Posted By Username: mbtimmons

Posted by LegacyPoster

on May 24, 2006 10:27 PM

This link looks like detailed instructions on how to create the MSI package for deployment. I haven't played with it. Let us know how it works out.

http://www.appdeploy.com/packages/detail.asp?id=698

Legacy Forum Name: Spyware Scripts,
Legacy Posted By Username: dlowenth

Posted by LegacyPoster

on May 25, 2006 2:20 AM

There is another post on DEFINDER on the forums here that explains in detail, but basically you start the normal Windows Defender Install and when you get to the license agreement window.. look in your systemroot\documents and settings\userprofile\localsetting\temp. There will be a new MSI file and this will be the defender install without the license agreement.

-Farzon

Legacy Forum Name: Spyware Scripts,
Legacy Posted By Username: far182

Posted by LegacyPoster

on May 25, 2006 12:14 PM

Checkout this thread - http://www.kaseya.com/kforum/view_topic.php?id=634&forum_id=14

Regards, Ian

Legacy Forum Name: Spyware Scripts,
Legacy Posted By Username: TechOnline

Posted by LegacyPoster

on May 25, 2006 11:18 PM

There is, Defender seems to translate an allowed executable to a code number (ex. 5690) in the registry. Found it while trying to figure out how to install and manage the thing. I shelved it for the time being. I discovered the numbers that associate w/ the apps in a /log filein this directory: C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support

It appears that defender logs it's scans and results here. Mine only showed 2 apps it wanted to stop, RealVNC and Dameware Remote control. The rest of the stuff was classified as unknown so they all seemed to share the same "number" identifying that particular app.

[Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction]
"7480"=dword:00000006"]

If you save the text inbrackets (remove the brackets)to a .reg file, and run it against the pc's w/ Window Defender, this will add RealVNC to the allwed apps in Defender.

The numbers in the registryshow up when you allow apps (RealVNC in this case) Hope this helps someone. Please post back if anyone really cracks how to install this thing and manage it from Kaseya, I'll do the same. Todd

Legacy Forum Name: Spyware Scripts,
Legacy Posted By Username: realtime-it

Posted by LegacyPoster

on May 26, 2006 2:17 AM

We are managing it from Kaseya. To around 200 clients. No problems. The scripts I provided work but they only show you how todo it for yourself.

Legacy Forum Name: Spyware Scripts,
Legacy Posted By Username: far182

Can we update the defs on kserver for installs?

Script to force KES to Update Def.

Script for Windows Xp Update scan

Check if Windows Update Installed

Installing Select Windows Updates

Windows Dender - Install/Un-install, Update Defs, Scan