Kaseya Community

McAfee Total Protection

  • Is anybody using McAfee Total Protection at their cleint sites? If so I would like to start a dialogue for scripts, usage, etc. Example, notification of On-Demand Scan (Scheduled Scan) being cancelled, finding a virus, etc.

    Thanks!
    Bill

    Legacy Forum Name: McAfee Total Protection,
    Legacy Posted By Username: billmccl
  • I know you posted this a long time ago, but hope you're still interested? We use McAfee Total Protection Service and so far I have a silent install script, and a script that runs their removal tool. I'd love to find a script that forces an update, not finding much on Google.

    Cheersm

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: djmundy
  • Script Name: McAfee ToPS - Update Now
    Script Description:

    IF Check Variable
    Parameter 1 : #vMachine.OsInfo#
    Contains :x64
    THEN
    Execute Shell Command
    Parameter 1 : "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" /RunDLL=myRumor.dll,_UpdateNow@16
    Parameter 2 : 1
    OS Type : -1
    Execute File
    Parameter 1 : "%ProgramFiles(x86)%\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"
    Parameter 2 : /RunDLL=myRumor.dll,_UpdateNow@16 -Url="myui://Update.htm" -ResDll="UpdDlg.Eng" -Caption="Agtres_l.dll,271" -Height=405 -Width=600
    Parameter 3 : 3
    OS Type : 13
    ELSE
    Execute File
    Parameter 1 : "%ProgramFiles%\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"
    Parameter 2 : /RunDLL=myRumor.dll,_UpdateNow@16 -Url="myui://Update.htm" -ResDll="UpdDlg.Eng" -Caption="Agtres_l.dll,271" -Height=405 -Width=600
    Parameter 3 : 3
    OS Type : 0

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: rfouche
  • Nice script! I have been wanting to be able to force an Update Now... Here's one I have used to force an On-Demand Scan, but I have not tested it across a large # of devices. Do you have an On-Demand Scan script?

    Thanks!


    Script Name: McAM Run McAfee TPS Scan
    Script Description: Note: This script will run an On-Demand Scan with McAfee Total Protection Suite.

    IF True
    THEN
    Execute File
    Parameter 1 : C:\Program Files\McAfee\Managed VirusScan\Agent\HtmlDlg.exe
    Parameter 2 : -Hidden -Caption="ScheduledVirusScanTask" -Url="myui://ScanNow.htm" -ResDll="myScnUi.Eng" -Param="CloseOnComplete,VT_BOOL,-1" -Param="ScanObject,VT_BSTR,MyComputer"
    Parameter 3 : 1
    OS Type : 0
    Execute Script
    Parameter 1 : McAM Get Scan Results (NOTE: Script reference is NOT imported. Correct manually in script editor.
    Parameter 2 :
    Parameter 3 : 0
    OS Type : 0
    Write Script Log Entry
    Parameter 1 : McAfee TPS Scan - Completed!
    OS Type : 0
    ELSE

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: billmccl
  • billmccl
    Nice script! I have been wanting to be able to force an Update Now... Here's one I have used to force an On-Demand Scan, but I have not tested it across a large # of devices. Do you have an On-Demand Scan script?


    Have you tried scheduling scans at the policy level in the McAfee console? That's how we schedule one time or recurring scans.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: techie2
  • Yes, we schedule them on a regular basis using Policy. But when something comes up and we need to force a scan, I didn't want to change the Policy and affect all the machines in that Policy, nor did I want to remote into the PC and manually run the scan.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: billmccl
  • Thanks guys, this is great. Here are my simple scripts to add to the collection:


    Script Name: Download
    Script Description:

    IF True
    THEN
    Get URL
    Parameter 1 : http://vs.mcafeeasap.com/mc/VS50/Data/vssetup.exe
    Parameter 2 : #vAgentConfiguration.agentTempDir#\vssetup.exe
    Parameter 3 : 3
    OS Type : 0
    ELSE





    Script Name: Install
    Script Description:

    IF Test File
    Parameter 1 : #vAgentConfiguration.agentTempDir#\vssetup.exe
    Exists :
    THEN
    Execute File
    Parameter 1 : #vAgentConfiguration.agentTempDir#\vssetup.exe
    Parameter 2 : /vb /CK= /email=%computername%
    Parameter 3 : 1
    OS Type : 0
    ELSE
    Schedule Script
    Parameter 1 : 44969499
    Parameter 2 : 1
    Parameter 3 :
    OS Type : 0
    Schedule Script
    Parameter 1 : 4895775
    Parameter 2 : 11
    Parameter 3 :
    OS Type : 0



    (first script reference is to "Download", second is referencing itself ("Install"))


    Script Name: Uninstall
    Script Description:

    IF True
    THEN
    Send Message
    Parameter 1 : Uninstalling McAfee, please save and close all work, as your PC will be rebooted soon.
    Parameter 2 : 1
    OS Type : 0
    Get URL
    Parameter 1 : http://vs.mcafeeasap.com/mc/VS50/Data/MVSUninst.exe
    Parameter 2 : #vAgentConfiguration.agentTempDir#\MVSUninst.exe
    Parameter 3 : 3
    OS Type : 0
    Execute File
    Parameter 1 : #vAgentConfiguration.agentTempDir#\MVSUninst.exe
    Parameter 2 :
    Parameter 3 : 0
    OS Type : 0
    Pause Script
    Parameter 1 : 300
    OS Type : 0
    Reboot
    OS Type : 0
    ELSE



    Script Name: Reinstall
    Script Description:

    IF True
    THEN
    Schedule Script
    Parameter 1 : 6044742
    Parameter 2 : 1
    Parameter 3 :
    OS Type : 0
    Schedule Script
    Parameter 1 : 44969499
    Parameter 2 : 11
    Parameter 3 :
    OS Type : 0
    ELSE


    (first script reference is uninstall, second is install)

    billmccl, would you mind sharing your McAM Get Scan Results script?

    Thanks,

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: djmundy
  • Someone asked about my Get McAM Results Script so here it is. Sorry, but you'll need to change "presidium" to a different folder name -

    Script Name: McAM Get Scan Results
    Script Description: McAM Get Scan Results: This script will retrieve the latest McAM Scan Report.

    IF True
    THEN
    Get Variable
    Parameter 1 : 10
    Parameter 2 :
    Parameter 3 : tempDir
    OS Type : 0
    Execute Shell Command
    Parameter 1 : dir "C:\Program Files\McAfee\Managed VirusScan\Agent\Report\*.htm" /oBig Smile >> "C:\Program Files\McAfee\Managed VirusScan\Agent\Report\reports.txt"
    Parameter 2 : 0
    OS Type : 0
    Pause Script
    Parameter 1 : 5
    OS Type : 0
    Get File
    Parameter 1 : C:\Program Files\McAfee\Managed VirusScan\Agent\Report\reports.txt
    Parameter 2 : Anti-Virus\Reports
    Parameter 3 : 0
    OS Type : 0
    Write File
    Parameter 1 : #tempDir#\scripts\McAMrpts.vbs
    Parameter 2 : VSASharedFiles\McAMrpts.vbs
    OS Type : 0
    Execute File
    Parameter 1 : %windir%\system32\wscript.exe
    Parameter 2 : #tempDir#\scripts\McAMrpts.vbs
    Parameter 3 : 1
    OS Type : 1
    Pause Script
    Parameter 1 : 5
    OS Type : 0
    Get File
    Parameter 1 : #tempDir#\scripts\McAMrpts.log
    Parameter 2 : Anti-Virus\Reports Log
    Parameter 3 : 0
    OS Type : 0
    Write File
    Parameter 1 : #tempDir#\scripts\HtmlAsText.exe
    Parameter 2 : VSASharedFiles\HtmlAsText.exe
    OS Type : 0
    Write File
    Parameter 1 : #tempDir#\scripts\ScanResCFG.cfg
    Parameter 2 : VSASharedFiles\ScanResCFG.cfg
    OS Type : 0
    Execute Shell Command
    Parameter 1 : #tempDir#\scripts\HtmlAsText.exe /run "C:\presidium\scripts\ScanResCFG.cfg"
    Parameter 2 : 0
    OS Type : 0
    Get File - (Continue on Fail)
    Parameter 1 : #tempDir#\scripts\ScanRes.HTM
    Parameter 2 : Anti-Virus\Scan Results
    Parameter 3 : 1
    OS Type : 0
    Get File - (Continue on Fail)
    Parameter 1 : #tempDir#\scripts\ScanRes.txt
    Parameter 2 : Anti-Virus\Scan Results Txt
    Parameter 3 : 1
    OS Type : 0
    Get Variable
    Parameter 1 : 1
    Parameter 2 : #tempDir#\scripts\McAMrpts.log
    Parameter 3 : mcamrpts-log
    OS Type : 0
    Write Script Log Entry
    Parameter 1 : McAM Get Scan Results - Completed, #mcamrpts-log#
    OS Type : 0
    Execute Script
    Parameter 1 : McAM Check Scan (NOTE: Script reference is NOT imported. Correct manually in script editor.
    Parameter 2 :
    Parameter 3 : 0
    OS Type : 0
    ELSE


    '=========================================================================
    ' NAME : McAMrpts.vbs
    ' LAST-MOD : 08/15/2009
    ' LANGUAGE : Windows Scripting Host v5.6
    ' COMMENT : This script reads a DirList of the McAfee Managed Vscan Report
    ' folder and determines the latest Report, then copies it.
    '=========================================================================

    Option Explicit
    On Error Resume Next

    Dim sFile, sNewFile, objSWbemLocator, objWMIService, strComputer, objReg, objShell, objNetwork, objFSO, objFile, objFSOCopy, objTextFile, strComputerObject, strRptFile, strLine, strRptPath

    strComputer = "."

    Set objShell = Wscript.CreateObject("Wscript.Shell")
    Set objNetwork = Wscript.CreateObject("Wscript.Network")
    Set objFSO=CreateObject("Scripting.FileSystemObject")
    Set objReg=GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
    Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & "." & "\root\cimv2")

    sFile = "c:\program files\mcafee\managed virusscan\agent\report\reports.txt"
    sNewFile = "c:\presidium\scripts\ScanRes.HTM"
    strRptPath = "c:\program files\mcafee\managed virusscan\agent\report\"
    strRptFile = " "

    'Read the DirList Reports file and find the latest report.
    Set objTextFile = objFSO.OpenTextFile (sfile)

    If (objFSO.FileExists(sFile)) then
    Do Until objTextFile.AtEndOfStream
    strLine = objTextFile.ReadLine
    strLine = UCase(strLine)
    If Instr(1, strLine, "HTM") <> "0" Then
    strRptFile = Mid(strLine, 40, 12)
    strRptFile = Rtrim(strRptFile)
    End If
    Loop

    'Copy the CIOxx.HTM file to ScanRes.HTM
    If strRptFile <> " " then
    strRptPath = strRptPath & strRptFile
    objFSO.CopyFile strRptPath, sNewFile, True
    WriteLog "McAMrpts - " & strRptPath & " copied as ScanRes.HTM"
    Else
    WriteLog "McAMrpts - CIOxx.HTM File Not Found"
    End If

    Else
    WriteLog "McAMrpts - DirList File Not Found"

    End If

    objTextFile.Close

    Wscript.Quit


    'Write to Log File Subroutine
    Sub WriteLog (byval TextIn)
    Dim LogFile

    Set LogFile = objFSO.OpenTextFile("C:\presidium\scripts\McAMrpts.log", 2, True)

    LogFile.WriteLine(TextIn)

    LogFile.Close
    End Sub

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: billmccl
  • Here's the last piece where I Check the Scan Results and write to Event Log for Kaseya to pick up and create an Alert for me...

    Script Name: McAM Check Scan
    Script Description: McAM Check Scan: This script will check for the last McAfee Scan Date.

    IF True
    THEN
    Get Variable
    Parameter 1 : 10
    Parameter 2 :
    Parameter 3 : tempDir
    OS Type : 0
    Write File
    Parameter 1 : #tempDir#\scripts\McAMchkScan.vbs
    Parameter 2 : VSASharedFiles\McAMchkScan.vbs
    OS Type : 0
    Execute File
    Parameter 1 : %windir%\system32\wscript.exe
    Parameter 2 : #tempDir#\scripts\McAMchkScan.vbs
    Parameter 3 : 1
    OS Type : 1
    Get File
    Parameter 1 : #tempDir#\scripts\McAMchkScan.log
    Parameter 2 : Anti-Virus\Last Scan Date
    Parameter 3 : 1
    OS Type : 0
    Get Variable
    Parameter 1 : 1
    Parameter 2 : #tempDir#\scripts\McAMchkScan.log
    Parameter 3 : mcamscan-log
    OS Type : 0
    Write Script Log Entry
    Parameter 1 : McAM Check Scan - Completed, #mcamscan-log#
    OS Type : 0
    ELSE


    '=========================================================================
    ' NAME : McAMchkScan.vbs
    ' DATE-MOD : 02/07/2009
    ' LAST-MOD : 04/04/2009
    ' LANGUAGE : Windows Scripting Host v5.6
    ' COMMENT : This script reads the McAfee Managed Services Scan Results
    ' file and calculates Scan Age/Date puts the Scan information
    ' in the registry.
    '=========================================================================

    Option Explicit
    On Error Resume Next

    Const HKEY_LOCAL_MACHINE = &H80000002

    Dim sFile, objSWbemLocator, objWMIService, strComputer, objReg, objShell, objNetwork, objFSO, objFile, objTextFile, strComputerObject, dDate, intDays, strLine, strKeyPath, strValueName, strValue, ckDefDate, ckIntDays, RegUpdated, strLineData, LineFound, iLoc, iLen, scanDate, sConvDate, scanCompl, sFileThreats, sRegThreats, sFThr, sRThr, sFileClean, sFileDelete, sRegClean

    Const Event_Error = 1

    strComputer = "."

    Set objShell = Wscript.CreateObject("Wscript.Shell")
    Set objNetwork = Wscript.CreateObject("Wscript.Network")
    Set objFSO=CreateObject("Scripting.FileSystemObject")
    Set objReg=GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
    Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & "." & "\root\cimv2")

    sFile = "c:\presidium\scripts\ScanRes.txt"

    'Read the Scan Results file and find the date of last Completed Scan.
    Set objTextFile = objFSO.OpenTextFile (sfile)

    If (objFSO.FileExists(sFile)) then
    LineFound = "No"
    Do Until LineFound = "Yes" or objTextFile.AtEndOfStream
    strLine = objTextFile.ReadLine
    If Instr(1, strLine, "Date :") <> "0" Then
    LineFound = "Yes"
    iLoc = Instr(1, strLine, ",")
    iLen = Len(strLine)
    iLen = (iLen - iLoc)
    strLineData = Right(strLine, iLen - 1)
    ConvertMth (strLineData)
    scanDate = sConvDate
    End If
    Loop
    LineFound = "No"
    scanCompl = "No"
    Do Until LineFound = "Yes" or objTextFile.AtEndOfStream
    strLine = objTextFile.ReadLine
    If Instr(1, strLine, "Completion status :") <> "0" Then
    LineFound = "Yes"
    iLoc = Instr(1, strLine, ":")
    iLen = Len(strLine)
    iLen = (iLen - iLoc)
    strLineData = Right(strLine, iLen - 1)
    If strLineData = "Scan completed" Then
    scanCompl = "Yes"
    End If
    End If
    Loop
    LineFound = "No"
    Do Until LineFound = "Yes" or objTextFile.AtEndOfStream
    strLine = objTextFile.ReadLine
    If Instr(1, strLine, "File threats detected :") <> "0" Then
    LineFound = "Yes"
    sFThr = "Un"
    sFileThreats = strLine
    sFileThreats = Rtrim(sFileThreats)
    If sFileThreats = "File threats detected : 0" Then
    sFThr = "No"
    Else
    sFThr = "Yes"
    End If
    strLine = objTextFile.ReadLine
    sFileClean = Rtrim(strLine)
    strLine = objTextFile.ReadLine
    sFileDelete = Rtrim(strLine)
    End If
    Loop
    LineFound = "No"
    Do Until LineFound = "Yes" or objTextFile.AtEndOfStream
    strLine = objTextFile.ReadLine
    If Instr(1, strLine, "Registry threats detected :") <> "0" Then
    LineFound = "Yes"
    sRThr = "Un"
    sRegThreats = strLine
    sRegThreats = Rtrim(sRegThreats)
    If sRegThreats = "Registry threats detected : 0" Then
    sRThr = "No"
    Else
    sRThr = "Yes"
    End If
    strLine = objTextFile.ReadLine
    sRegClean = Rtrim(strLine)
    End If
    Loop
    Else
    WriteLog "McAMchkScan - Scan Results File Not Found"
    End If
    objTextFile.Close

    'Make sure the last Scan completed successfully before updating registry
    If scanCompl = "No" Then
    If sFThr = "Yes" Then
    objShell.LogEvent 1, "Presidium - AV Scan (McAM) " & sFileThreats & ", " & sFileClean & ", " & sFileDelete
    End If
    If sRThr = "Yes" Then
    objShell.LogEvent 1, "Presidium - AV Scan (McAM) " & sRegThreats & ", " & sRegClean
    End If
    Wscript.Quit
    End If

    'scanDate = sConvDate
    scanDate = RTrim(scanDate)

    intDays = DateDiff("d", scanDate, Date)

    'Write McAfee Last Scan information to the registry
    strKeyPath = "SOFTWARE\Presidium\McA"
    objReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath

    strKeyPath = "SOFTWARE\Presidium\McA"
    strValueName = "AntivirusScanDate"
    strValue = scanDate
    objReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue

    strKeyPath = "SOFTWARE\Presidium\McA"
    strValueName = "AntivirusScanDays"
    strValue = intDays
    objReg.SetDwordValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue


    'Check to make sure the registry entries have been updated
    strKeyPath = "SOFTWARE\Presidium\McA"
    strValueName = "AntivirusScanDays"

    RegUpdated = False
    Do until RegUpdated = True
    objReg.GetDwordValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
    CkIntDays = strValue
    If CkIntDays = intDays then
    RegUpdated = True
    Else
    Wscript.Sleep 1000
    End If
    Loop

    WriteLog "McAMchkScan Reg Updated. Scan Date = " & scanDate & ", Last Scan = " & intDays & " Day(s) Old, " & sFileThreats & ", " & sFileClean & ", " & sFileDelete & ", " & sRegThreats & ", " & sRegClean

    'Const Event_Error = 1
    If intDays > 7 Then
    objShell.LogEvent Event_Error, "Presidium - AV Scan (McAM) > 7 Days Old (" & intDays & " Days Old)"
    End If

    If sFThr = "Yes" Then
    objShell.LogEvent Event_Error, "Presidium - AV Scan (McAM) " & sFileThreats & ", " & sFileClean & ", " & sFileDelete
    End If

    If sRThr = "Yes" Then
    objShell.LogEvent Event_Error, "Presidium - AV Scan (McAM) " & sRegThreats & ", " & sRegClean
    End If


    Wscript.Quit

    'Convert Month Subroutine
    Sub ConvertMth (byval TextIn)
    ' Dim sMM, sMonth, sDay, sYear, sConvDate
    Dim sMM, sMonth, sDay, sYear

    iLoc = Instr(1, strLineData, " ")
    sMonth = Left(strLineData, iLoc - 1)
    sMonth = Rtrim(sMonth)
    sDay = Mid(strLineData, iLoc + 1, 2)
    sYear = Mid(strLineData, iLoc +5, 4)

    If sMonth = "January" Then
    sMM = "01"
    ElseIf sMonth = "February" Then
    sMM = "02"
    Elseif sMonth = "March" Then
    sMM = "03"
    Elseif sMonth = "April" Then
    sMM = "04"
    Elseif sMonth = "May" Then
    sMM = "05"
    Elseif sMonth = "June" Then
    sMM = "06"
    Elseif sMonth = "July" Then
    sMM = "07"
    Elseif sMonth = "August" Then
    sMM = "08"
    Elseif sMonth = "September" Then
    sMM = "09"
    Elseif sMonth = "October" Then
    sMM = "10"
    Elseif sMonth = "November" Then
    sMM = "11"
    Elseif sMonth = "December" Then
    sMM = "12"
    Else
    WriteLog ("SMonth = " & sMonth)
    Wscript.quit
    End If

    sConvDate = sMM & "/" & sDay & "/" & sYear
    scanDate = sConvDate
    End Sub

    'Write to Log File Subroutine
    Sub WriteLog (byval TextIn)
    Dim LogFile

    Set LogFile = objFSO.OpenTextFile("C:\presidium\scripts\McAMchkScan.log", 2, True)

    LogFile.WriteLine(TextIn)

    LogFile.Close
    End Sub

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: billmccl
  • Sorry - I guess I should have attached them as text files..

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: billmccl
  • Can you post the ScanResCFG.cfg file please?

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: activeview