Kaseya Community

McAfee Total Protection

Posted by LegacyPoster

on Oct 26, 2008 9:27 PM

Is anybody using McAfee Total Protection at their cleint sites? If so I would like to start a dialogue for scripts, usage, etc. Example, notification of On-Demand Scan (Scheduled Scan) being cancelled, finding a virus, etc.

Thanks!
Bill

Legacy Forum Name: McAfee Total Protection,
Legacy Posted By Username: billmccl

Posted by LegacyPoster

on Feb 10, 2010 2:33 PM

I know you posted this a long time ago, but hope you're still interested? We use McAfee Total Protection Service and so far I have a silent install script, and a script that runs their removal tool. I'd love to find a script that forces an update, not finding much on Google.

Cheersm

Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: djmundy

Posted by LegacyPoster

on Feb 11, 2010 2:14 AM

Script Name: McAfee ToPS - Update Now
Script Description:

IF Check Variable
Parameter 1 : #vMachine.OsInfo#
Contains :x64
THEN
Execute Shell Command
Parameter 1 : "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" /RunDLL=myRumor.dll,_UpdateNow@16
Parameter 2 : 1
OS Type : -1
Execute File
Parameter 1 : "%ProgramFiles(x86)%\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"
Parameter 2 : /RunDLL=myRumor.dll,_UpdateNow@16 -Url="myui://Update.htm" -ResDll="UpdDlg.Eng" -Caption="Agtres_l.dll,271" -Height=405 -Width=600
Parameter 3 : 3
OS Type : 13
ELSE
Execute File
Parameter 1 : "%ProgramFiles%\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"
Parameter 2 : /RunDLL=myRumor.dll,_UpdateNow@16 -Url="myui://Update.htm" -ResDll="UpdDlg.Eng" -Caption="Agtres_l.dll,271" -Height=405 -Width=600
Parameter 3 : 3
OS Type : 0

Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: rfouche

Posted by LegacyPoster

on Feb 12, 2010 11:18 PM

Nice script! I have been wanting to be able to force an Update Now... Here's one I have used to force an On-Demand Scan, but I have not tested it across a large # of devices. Do you have an On-Demand Scan script?

Thanks!

Script Name: McAM Run McAfee TPS Scan
Script Description: Note: This script will run an On-Demand Scan with McAfee Total Protection Suite.

IF True
THEN
Execute File
Parameter 1 : C:\Program Files\McAfee\Managed VirusScan\Agent\HtmlDlg.exe
Parameter 2 : -Hidden -Caption="ScheduledVirusScanTask" -Url="myui://ScanNow.htm" -ResDll="myScnUi.Eng" -Param="CloseOnComplete,VT_BOOL,-1" -Param="ScanObject,VT_BSTR,MyComputer"
Parameter 3 : 1
OS Type : 0
Execute Script
Parameter 1 : McAM Get Scan Results (NOTE: Script reference is NOT imported. Correct manually in script editor.
Parameter 2 :
Parameter 3 : 0
OS Type : 0
Write Script Log Entry
Parameter 1 : McAfee TPS Scan - Completed!
OS Type : 0
ELSE

Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: billmccl

Posted by LegacyPoster

on Feb 13, 2010 2:28 AM

billmccl
Nice script! I have been wanting to be able to force an Update Now... Here's one I have used to force an On-Demand Scan, but I have not tested it across a large # of devices. Do you have an On-Demand Scan script?

Have you tried scheduling scans at the policy level in the McAfee console? That's how we schedule one time or recurring scans.

Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: techie2

Posted by LegacyPoster

on Feb 13, 2010 11:21 PM

Yes, we schedule them on a regular basis using Policy. But when something comes up and we need to force a scan, I didn't want to change the Policy and affect all the machines in that Policy, nor did I want to remote into the PC and manually run the scan.

Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: billmccl

Posted by LegacyPoster

on Feb 14, 2010 7:24 AM

Thanks guys, this is great. Here are my simple scripts to add to the collection:



Script Name: Download

Script Description: 



IF True 

THEN

   Get URL

     Parameter 1 : http://vs.mcafeeasap.com/mc/VS50/Data/vssetup.exe

     Parameter 2 : #vAgentConfiguration.agentTempDir#\vssetup.exe

     Parameter 3 : 3

         OS Type : 0

ELSE



Script Name: Install

Script Description: 



IF Test File 

   Parameter 1 : #vAgentConfiguration.agentTempDir#\vssetup.exe

   Exists :

THEN

   Execute File

     Parameter 1 : #vAgentConfiguration.agentTempDir#\vssetup.exe

     Parameter 2 : /vb /CK= /email=%computername%

     Parameter 3 : 1

         OS Type : 0

ELSE

   Schedule Script

     Parameter 1 : 44969499

     Parameter 2 : 1

     Parameter 3 : 

         OS Type : 0

   Schedule Script

     Parameter 1 : 4895775

     Parameter 2 : 11

     Parameter 3 : 

         OS Type : 0

(first script reference is to "Download", second is referencing itself ("Install"))



Script Name: Uninstall

Script Description: 



IF True 

THEN

   Send Message

     Parameter 1 : Uninstalling McAfee, please save and close all work, as your PC will be rebooted soon.

     Parameter 2 : 1

         OS Type : 0

   Get URL

     Parameter 1 : http://vs.mcafeeasap.com/mc/VS50/Data/MVSUninst.exe

     Parameter 2 : #vAgentConfiguration.agentTempDir#\MVSUninst.exe

     Parameter 3 : 3

         OS Type : 0

   Execute File

     Parameter 1 : #vAgentConfiguration.agentTempDir#\MVSUninst.exe

     Parameter 2 : 

     Parameter 3 : 0

         OS Type : 0

   Pause Script

     Parameter 1 : 300

         OS Type : 0

   Reboot

         OS Type : 0

ELSE



Script Name: Reinstall

Script Description: 



IF True 

THEN

   Schedule Script

     Parameter 1 : 6044742

     Parameter 2 : 1

     Parameter 3 : 

         OS Type : 0

   Schedule Script

     Parameter 1 : 44969499

     Parameter 2 : 11

     Parameter 3 : 

         OS Type : 0

ELSE

(first script reference is uninstall, second is install)

billmccl, would you mind sharing your McAM Get Scan Results script?

Thanks,

Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: djmundy

Posted by LegacyPoster

on Feb 18, 2010 9:16 PM

Someone asked about my Get McAM Results Script so here it is. Sorry, but you'll need to change "presidium" to a different folder name -

Script Name: McAM Get Scan Results
Script Description: McAM Get Scan Results: This script will retrieve the latest McAM Scan Report.

IF True
THEN
Get Variable
Parameter 1 : 10
Parameter 2 :
Parameter 3 : tempDir
OS Type : 0
Execute Shell Command
Parameter 1 : dir "C:\Program Files\McAfee\Managed VirusScan\Agent\Report\*.htm" /o Big Smile

>> "C:\Program Files\McAfee\Managed VirusScan\Agent\Report\reports.txt"
Parameter 2 : 0
OS Type : 0
Pause Script
Parameter 1 : 5
OS Type : 0
Get File
Parameter 1 : C:\Program Files\McAfee\Managed VirusScan\Agent\Report\reports.txt
Parameter 2 : Anti-Virus\Reports
Parameter 3 : 0
OS Type : 0
Write File
Parameter 1 : #tempDir#\scripts\McAMrpts.vbs
Parameter 2 : VSASharedFiles\McAMrpts.vbs
OS Type : 0
Execute File
Parameter 1 : %windir%\system32\wscript.exe
Parameter 2 : #tempDir#\scripts\McAMrpts.vbs
Parameter 3 : 1
OS Type : 1
Pause Script
Parameter 1 : 5
OS Type : 0
Get File
Parameter 1 : #tempDir#\scripts\McAMrpts.log
Parameter 2 : Anti-Virus\Reports Log
Parameter 3 : 0
OS Type : 0
Write File
Parameter 1 : #tempDir#\scripts\HtmlAsText.exe
Parameter 2 : VSASharedFiles\HtmlAsText.exe
OS Type : 0
Write File
Parameter 1 : #tempDir#\scripts\ScanResCFG.cfg
Parameter 2 : VSASharedFiles\ScanResCFG.cfg
OS Type : 0
Execute Shell Command
Parameter 1 : #tempDir#\scripts\HtmlAsText.exe /run "C:\presidium\scripts\ScanResCFG.cfg"
Parameter 2 : 0
OS Type : 0
Get File - (Continue on Fail)
Parameter 1 : #tempDir#\scripts\ScanRes.HTM
Parameter 2 : Anti-Virus\Scan Results
Parameter 3 : 1
OS Type : 0
Get File - (Continue on Fail)
Parameter 1 : #tempDir#\scripts\ScanRes.txt
Parameter 2 : Anti-Virus\Scan Results Txt
Parameter 3 : 1
OS Type : 0
Get Variable
Parameter 1 : 1
Parameter 2 : #tempDir#\scripts\McAMrpts.log
Parameter 3 : mcamrpts-log
OS Type : 0
Write Script Log Entry
Parameter 1 : McAM Get Scan Results - Completed, #mcamrpts-log#
OS Type : 0
Execute Script
Parameter 1 : McAM Check Scan (NOTE: Script reference is NOT imported. Correct manually in script editor.
Parameter 2 :
Parameter 3 : 0
OS Type : 0
ELSE

'=========================================================================
' NAME : McAMrpts.vbs
' LAST-MOD : 08/15/2009
' LANGUAGE : Windows Scripting Host v5.6
' COMMENT : This script reads a DirList of the McAfee Managed Vscan Report
' folder and determines the latest Report, then copies it.
'=========================================================================

Option Explicit
On Error Resume Next

Dim sFile, sNewFile, objSWbemLocator, objWMIService, strComputer, objReg, objShell, objNetwork, objFSO, objFile, objFSOCopy, objTextFile, strComputerObject, strRptFile, strLine, strRptPath

strComputer = "."

Set objShell = Wscript.CreateObject("Wscript.Shell")
Set objNetwork = Wscript.CreateObject("Wscript.Network")
Set objFSO=CreateObject("Scripting.FileSystemObject")
Set objReg=GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & "." & "\root\cimv2")

sFile = "c:\program files\mcafee\managed virusscan\agent\report\reports.txt"
sNewFile = "c:\presidium\scripts\ScanRes.HTM"
strRptPath = "c:\program files\mcafee\managed virusscan\agent\report\"
strRptFile = " "

'Read the DirList Reports file and find the latest report.
Set objTextFile = objFSO.OpenTextFile (sfile)

If (objFSO.FileExists(sFile)) then
Do Until objTextFile.AtEndOfStream
strLine = objTextFile.ReadLine
strLine = UCase(strLine)
If Instr(1, strLine, "HTM") <> "0" Then
strRptFile = Mid(strLine, 40, 12)
strRptFile = Rtrim(strRptFile)
End If
Loop

'Copy the CIOxx.HTM file to ScanRes.HTM
If strRptFile <> " " then
strRptPath = strRptPath & strRptFile
objFSO.CopyFile strRptPath, sNewFile, True
WriteLog "McAMrpts - " & strRptPath & " copied as ScanRes.HTM"
Else
WriteLog "McAMrpts - CIOxx.HTM File Not Found"
End If

Else
WriteLog "McAMrpts - DirList File Not Found"

End If

objTextFile.Close

Wscript.Quit

'Write to Log File Subroutine
Sub WriteLog (byval TextIn)
Dim LogFile

Set LogFile = objFSO.OpenTextFile("C:\presidium\scripts\McAMrpts.log", 2, True)

LogFile.WriteLine(TextIn)

LogFile.Close
End Sub

Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: billmccl

Posted by LegacyPoster

on Feb 18, 2010 9:24 PM

Here's the last piece where I Check the Scan Results and write to Event Log for Kaseya to pick up and create an Alert for me...

Script Name: McAM Check Scan
Script Description: McAM Check Scan: This script will check for the last McAfee Scan Date.

IF True
THEN
Get Variable
Parameter 1 : 10
Parameter 2 :
Parameter 3 : tempDir
OS Type : 0
Write File
Parameter 1 : #tempDir#\scripts\McAMchkScan.vbs
Parameter 2 : VSASharedFiles\McAMchkScan.vbs
OS Type : 0
Execute File
Parameter 1 : %windir%\system32\wscript.exe
Parameter 2 : #tempDir#\scripts\McAMchkScan.vbs
Parameter 3 : 1
OS Type : 1
Get File
Parameter 1 : #tempDir#\scripts\McAMchkScan.log
Parameter 2 : Anti-Virus\Last Scan Date
Parameter 3 : 1
OS Type : 0
Get Variable
Parameter 1 : 1
Parameter 2 : #tempDir#\scripts\McAMchkScan.log
Parameter 3 : mcamscan-log
OS Type : 0
Write Script Log Entry
Parameter 1 : McAM Check Scan - Completed, #mcamscan-log#
OS Type : 0
ELSE

'=========================================================================
' NAME : McAMchkScan.vbs
' DATE-MOD : 02/07/2009
' LAST-MOD : 04/04/2009
' LANGUAGE : Windows Scripting Host v5.6
' COMMENT : This script reads the McAfee Managed Services Scan Results
' file and calculates Scan Age/Date puts the Scan information
' in the registry.
'=========================================================================

Option Explicit
On Error Resume Next

Const HKEY_LOCAL_MACHINE = &H80000002

Dim sFile, objSWbemLocator, objWMIService, strComputer, objReg, objShell, objNetwork, objFSO, objFile, objTextFile, strComputerObject, dDate, intDays, strLine, strKeyPath, strValueName, strValue, ckDefDate, ckIntDays, RegUpdated, strLineData, LineFound, iLoc, iLen, scanDate, sConvDate, scanCompl, sFileThreats, sRegThreats, sFThr, sRThr, sFileClean, sFileDelete, sRegClean

Const Event_Error = 1

strComputer = "."

Set objShell = Wscript.CreateObject("Wscript.Shell")
Set objNetwork = Wscript.CreateObject("Wscript.Network")
Set objFSO=CreateObject("Scripting.FileSystemObject")
Set objReg=GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & "." & "\root\cimv2")

sFile = "c:\presidium\scripts\ScanRes.txt"

'Read the Scan Results file and find the date of last Completed Scan.
Set objTextFile = objFSO.OpenTextFile (sfile)

If (objFSO.FileExists(sFile)) then
LineFound = "No"
Do Until LineFound = "Yes" or objTextFile.AtEndOfStream
strLine = objTextFile.ReadLine
If Instr(1, strLine, "Date :") <> "0" Then
LineFound = "Yes"
iLoc = Instr(1, strLine, ",")
iLen = Len(strLine)
iLen = (iLen - iLoc)
strLineData = Right(strLine, iLen - 1)
ConvertMth (strLineData)
scanDate = sConvDate
End If
Loop
LineFound = "No"
scanCompl = "No"
Do Until LineFound = "Yes" or objTextFile.AtEndOfStream
strLine = objTextFile.ReadLine
If Instr(1, strLine, "Completion status :") <> "0" Then
LineFound = "Yes"
iLoc = Instr(1, strLine, ":")
iLen = Len(strLine)
iLen = (iLen - iLoc)
strLineData = Right(strLine, iLen - 1)
If strLineData = "Scan completed" Then
scanCompl = "Yes"
End If
End If
Loop
LineFound = "No"
Do Until LineFound = "Yes" or objTextFile.AtEndOfStream
strLine = objTextFile.ReadLine
If Instr(1, strLine, "File threats detected :") <> "0" Then
LineFound = "Yes"
sFThr = "Un"
sFileThreats = strLine
sFileThreats = Rtrim(sFileThreats)
If sFileThreats = "File threats detected : 0" Then
sFThr = "No"
Else
sFThr = "Yes"
End If
strLine = objTextFile.ReadLine
sFileClean = Rtrim(strLine)
strLine = objTextFile.ReadLine
sFileDelete = Rtrim(strLine)
End If
Loop
LineFound = "No"
Do Until LineFound = "Yes" or objTextFile.AtEndOfStream
strLine = objTextFile.ReadLine
If Instr(1, strLine, "Registry threats detected :") <> "0" Then
LineFound = "Yes"
sRThr = "Un"
sRegThreats = strLine
sRegThreats = Rtrim(sRegThreats)
If sRegThreats = "Registry threats detected : 0" Then
sRThr = "No"
Else
sRThr = "Yes"
End If
strLine = objTextFile.ReadLine
sRegClean = Rtrim(strLine)
End If
Loop
Else
WriteLog "McAMchkScan - Scan Results File Not Found"
End If
objTextFile.Close

'Make sure the last Scan completed successfully before updating registry
If scanCompl = "No" Then
If sFThr = "Yes" Then
objShell.LogEvent 1, "Presidium - AV Scan (McAM) " & sFileThreats & ", " & sFileClean & ", " & sFileDelete
End If
If sRThr = "Yes" Then
objShell.LogEvent 1, "Presidium - AV Scan (McAM) " & sRegThreats & ", " & sRegClean
End If
Wscript.Quit
End If

'scanDate = sConvDate
scanDate = RTrim(scanDate)

intDays = DateDiff("d", scanDate, Date)

'Write McAfee Last Scan information to the registry
strKeyPath = "SOFTWARE\Presidium\McA"
objReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath

strKeyPath = "SOFTWARE\Presidium\McA"
strValueName = "AntivirusScanDate"
strValue = scanDate
objReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue

strKeyPath = "SOFTWARE\Presidium\McA"
strValueName = "AntivirusScanDays"
strValue = intDays
objReg.SetDwordValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue

'Check to make sure the registry entries have been updated
strKeyPath = "SOFTWARE\Presidium\McA"
strValueName = "AntivirusScanDays"

RegUpdated = False
Do until RegUpdated = True
objReg.GetDwordValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
CkIntDays = strValue
If CkIntDays = intDays then
RegUpdated = True
Else
Wscript.Sleep 1000
End If
Loop

WriteLog "McAMchkScan Reg Updated. Scan Date = " & scanDate & ", Last Scan = " & intDays & " Day(s) Old, " & sFileThreats & ", " & sFileClean & ", " & sFileDelete & ", " & sRegThreats & ", " & sRegClean

'Const Event_Error = 1
If intDays > 7 Then
objShell.LogEvent Event_Error, "Presidium - AV Scan (McAM) > 7 Days Old (" & intDays & " Days Old)"
End If

If sFThr = "Yes" Then
objShell.LogEvent Event_Error, "Presidium - AV Scan (McAM) " & sFileThreats & ", " & sFileClean & ", " & sFileDelete
End If

If sRThr = "Yes" Then
objShell.LogEvent Event_Error, "Presidium - AV Scan (McAM) " & sRegThreats & ", " & sRegClean
End If

Wscript.Quit

'Convert Month Subroutine
Sub ConvertMth (byval TextIn)
' Dim sMM, sMonth, sDay, sYear, sConvDate
Dim sMM, sMonth, sDay, sYear

iLoc = Instr(1, strLineData, " ")
sMonth = Left(strLineData, iLoc - 1)
sMonth = Rtrim(sMonth)
sDay = Mid(strLineData, iLoc + 1, 2)
sYear = Mid(strLineData, iLoc +5, 4)

If sMonth = "January" Then
sMM = "01"
ElseIf sMonth = "February" Then
sMM = "02"
Elseif sMonth = "March" Then
sMM = "03"
Elseif sMonth = "April" Then
sMM = "04"
Elseif sMonth = "May" Then
sMM = "05"
Elseif sMonth = "June" Then
sMM = "06"
Elseif sMonth = "July" Then
sMM = "07"
Elseif sMonth = "August" Then
sMM = "08"
Elseif sMonth = "September" Then
sMM = "09"
Elseif sMonth = "October" Then
sMM = "10"
Elseif sMonth = "November" Then
sMM = "11"
Elseif sMonth = "December" Then
sMM = "12"
Else
WriteLog ("SMonth = " & sMonth)
Wscript.quit
End If

sConvDate = sMM & "/" & sDay & "/" & sYear
scanDate = sConvDate
End Sub

'Write to Log File Subroutine
Sub WriteLog (byval TextIn)
Dim LogFile

Set LogFile = objFSO.OpenTextFile("C:\presidium\scripts\McAMchkScan.log", 2, True)

LogFile.WriteLine(TextIn)

LogFile.Close
End Sub

Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: billmccl

Posted by LegacyPoster

on Feb 18, 2010 9:25 PM

Sorry - I guess I should have attached them as text files..

Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: billmccl

Posted by LegacyPoster

on Feb 24, 2010 7:30 PM

Can you post the ScanResCFG.cfg file please?

Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: activeview

Remove McAfee Total Protection

Putting totals in the Executive Summary?

Pending Script Totals

Total Size of Backup Set

Total Patches Applied

McAfee Total Protection