[unisog] Your opinion on your AntiVirus product?

Alan Rothenbush alan at sfu.ca
Mon Nov 28 19:15:11 GMT 2005


We've recently switched from Symantec to McAfee.

There was no real problem with Symantec; our 3 year contract was up and McAfee 
offered a MUCH better deal, roughly half the price.  Added to that our 
nagging worry about weekly definition updates (now corrected, I understand) 
and the fact that the master management app didn't work with Active Directory 
(as implemented here) and the decision was an easy one.

It was when it came time to uninstall Symantec that the problems arose.  Of 
necessity, this has to be an automated process (400 machines, 3 roaming 
support staff).

McAfee is available as an MSI (and therefore "pushable" through Group Policy) 
or a SETUP.EXE,  The MSI install is preferred when in an AD environment, but 
the MSI will not uninstall Symantec, whereas the SETUP.EXE will.  

Not wanting to risk leaving the machines without AV of one sort or the other, 
we opted for the SETUP.EXE , as it appeared to "do it all".  The install 
happened through a STARTUP script run as part of our middle-of-the-night 
reboot process.  

. It must be a STARTUP script, as NONE of our users, from the President on 
down, have rights to install any software.
. All machines managed by our group have an AT job running that reboots them 
between 1:30 AM and 3:00 AM

A script was written and the replacement proceeded, with about an 80% success 
rate, much worse than hoped for.

15% of the failures were eventually determined to be a result of files being 
in Symantec Quarantine.  

After MUCH headscratching, it turns out that when McAfee is instructed to do a 
"silent install", the McAfee component IS installed silently, meaning no user 
interaction.  So far so good.

Before installing itself, it first instructs Symantec (if present) to also 
uninstall silently.

BUT, if there are files in quarantine, the Symantec uninstaller asks the 
question "do you want to delete the files in quarantine?" and stops until the 
question is answered, or until the Startup SCript Timeout is exceeded.

Since these scripts run in the middle of the night, there was no one there to 
to press the "Yes" button.   Worse, the message didn't actually appear on 
screen when run through a startup script ! as the current "user" during 
startup is the SYSTEM account and it has no interactive context.  The script 
just seemed to pause, for SOME users, for no apparent reason.

We eventually sorted this out, but that still left about 5% install failures.

These were eventually attributed to a newer version of Symantec being 
installed over an old one (7.6 ->9.x), not at all surprising given the three 
year deal.  It APPEARED as if a 9.x install does not fully remove 7.6.  It 
appears as if it only removes enough to allow the new version to install 
itself meaning that when uninstalled, a crippled version is left behind; not 
enough to act as a working AV program, but enough to prevent the installation 
of a new (non-Symantec) program.

These machines, once detected, were simply seen to manually.

Eventually every one of our users had a copy of McAfee and I've been quite 
happy.

McAfee offers some simple firewalling, excellent reporting options, and good 
"suspicious activity" detection/prevention.  If does slow the machines down, 
more than Symantec, but given the greater breadth of what it does (as a 
result of my somewhat paranoid configuration), this is not surprising, and 
is, in my never humble opinion, a small price to pay for the enhanced 
reliability.

McAfee also offers a program known as Installation Designer that allows one to 
build a custom SETUP.EXE with all settings preconfigured, and this has worked 
very well for us.

Alternately, almost every McAfee setting is a registry entry, meaning settings 
can be "tweaked" with a 

  REG ADD key /f 

command in a startup script.


We have recently upgraded to a new patch level of McAfee, and wanting to 

a. somewhat drastically alter the configuration
b. be SURE that we'd done so
c. test our overall installation procedure, 

we did a removal followed by a reinstall of McAfee (as part of our nightly 
reboot), with a 100% success rate.


(Nearly) last point .. all "management" is done manually, through login/logoff 
and startup/shutdown scripts, as EPO did not work for us.  I am generically 
uneasy about "agents" running on machines anyway, but decided to have a look 
at EPO.  

It was a short look, as I could not get it installed when running as a Domain 
Admin (who was member of the Administrators group).  What I got was an error 
message saying that I had to be a member of the Administrators Group !  I 
_could_ install it as a local administrator, but this would not help me, as 
this configuration then required that all machines so managed have the same 
Administrator password.  Since we have taken some pains to ensure that all 
machines have a UNIQUE Admin password, this seemed a no-go.


(Really) last thing.  As well as alerting me by email of any serious events, 
the machines also log darn near everything.  These logs were initially stored 
on a file server, but it turns out that a number of the log files are kept 
open all the time the machine is running.  This meant a couple of thousand 
open files on the server.  While this scheme did give me real-time access to 
the files, the sheer number of file handles in use made me nervous.  We have 
since taken to logging locally and appending the local logs to the server 
logs (followed by a deletion of the local logs) using startup and shutdown 
scripts.  

This not only solves the open files "issue", it also means that notebooks 
taken off campus (and therefore unable to access our fileserver) can report 
back once they are on campus.


Hope this helps.


Alan

I've attached (instead of just pasting in, due to line length issues) my 
script to uninstall SAV (if present), uninstall old McAfee (if present) and 
install the new McAfee.


-- 
Alan Rothenbush             
Academic Computing Services  
Simon Fraser University     
Burnaby, B.C., Canada                          


               Before me things create were none, save things
               Eternal, and eternal I endure.
               All hope abandon ye who enter here.

-------------- next part --------------

rem **********************************************
rem
rem   first, install BLAT if not installed
rem 
rem ********************************************************

if exist "%programfiles%\blat\blat.exe" goto blat_installed

xcopy \\ais-fs1.sfu.ca\sw\blat\*.* "%programfiles%\blat" /I >\\ais-fs1.sfu.ca\depts\sfu\logging\blat\%computername%.txt

:blat_installed



rem ***********************************************
rem
rem   then, uninstall SAV, if it's there
rem
rem   If SAV IS there, write a file to signal the  
rem   deletion
rem 
rem ************************************************


rem ***********************************************
rem
rem   7.6 installed ?
rem
rem ************************************************
if exist \\ais-fs1.sfu.ca\depts\sfu\logging\mcafee.inst\NAV_DEL_Failed_%computername%.txt exit
if exist \\ais-fs1.sfu.ca\depts\sfu\logging\mcafee.inst\NAV_DEL_Tried76_%computername%.txt goto tried76once

if exist "%programfiles%\NavNT\VPC32.exe" goto uninst_76
if exist "%programfiles%\Common Files\Symantec Shared\SSC\VPshell2.dll" goto uninst_76
goto no_sav7.6

:uninst_76

echo .
echo .
echo .  Uninstalling NavCE 7.6  This will take about 2 to 3 minutes, and will cause your computer to reboot
echo .
echo .

echo nav 7.6 >>\\ais-fs1.sfu.ca\depts\sfu\logging\mcafee.inst\NAV_DEL_Tried76_%computername%.txt


del "%allusersprofile%\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\*.*" /q/f/s >nul
del "%allusersprofile%\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\*.*" /q/f/s >nul

MsiExec.exe /x {BD12EB47-DBDF-11D3-BEEA-00A0CC272509} /q

del "%programfiles%\NavNT\*.*" /q/f/s >nul
del "%programfiles%\Common Files\Symantec Shared\*.*" /q/f/s >nul

\\ais-fs1.sfu.ca\sw\tools\rm_down.exe /reboot /force

exit

:tried76once

if exist "%programfiles%\NavNT\VPC32.exe" goto 76failed
if exist "%programfiles%\Common Files\Symantec Shared\SSC\VPshell2.dll" goto 76failed

goto end_sav

:76failed

echo nav 7.6 >\\ais-fs1.sfu.ca\depts\sfu\logging\mcafee.inst\NAV_DEL_Failed_%computername%.txt
echo Nav uninstall failed. > "%temp%\mcafee.txt"
"%programfiles%\blat\blat.exe" "%temp%\mcafee.txt" -to   alan at sfu.ca -subject "Nav Uninstall Failed on %computername%" -server smtpserver.sfu.ca -f adadmin at sfu.ca -try 5 
exit

:no_sav7.6


rem ***********************************************
rem
rem   8.0 installed ?
rem
rem ************************************************

if not exist "%programfiles%\Symantec_Client_Security\Symantec Antivirus\VPC32.exe" goto no_sav8
if     exist "%programfiles%\Symantec_Client_Security\Symantec Antivirus\uninst.sfu" goto tried80once

echo .
echo .
echo .  Uninstalling NavCE 8    This will take about 2 to 3 minutes, and will cause your computer to reboot
echo .
echo .

echo nav 8.0 >>\\ais-fs1.sfu.ca\depts\sfu\logging\mcafee.inst\NAV_DEL_%computername%.txt

del "%allusersprofile%\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\*.*" /q/f/s >nul
del "%allusersprofile%\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\*.*" /q/f/s >nul

echo Tried >"%programfiles%\Symantec_Client_Security\Symantec Antivirus\uninst.sfu"

MsiExec.exe /x {0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E} /q

\\ais-fs1.sfu.ca\sw\tools\rm_down.exe /reboot /force
exit

:tried80once

del "%programfiles%\Symantec_Client_Security\Symantec Antivirus\*.*" /q/f/s >nul

:no_sav8

rem ***********************************************
rem
rem   9.0 installed ?
rem
rem ************************************************

if exist \\ais-fs1.sfu.ca\depts\sfu\logging\mcafee.inst\NAV_DEL_Failed_%computername%.txt exit
if exist \\ais-fs1.sfu.ca\depts\sfu\logging\mcafee.inst\NAV_DEL_Tried9_%computername%.txt goto tried9once
if exist "%programfiles%\Symantec Antivirus\VPC32.exe" goto uninst_9
if exist "%programfiles%\Common Files\Symantec Shared\SSC\VPshell2.dll" goto uninst_9

goto no_sav9

:uninst_9


echo .
echo .
echo .  Uninstalling NavCE 9  This will take about 2 to 3 minutes, and will cause your computer to reboot
echo .
echo .

echo nav 9 >>\\ais-fs1.sfu.ca\depts\sfu\logging\mcafee.inst\NAV_DEL_Tried9_%computername%.txt

del "%allusersprofile%\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\*.*" /q/f/s >nul
del "%allusersprofile%\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\*.*" /q/f/s >nul

MsiExec.exe /x {848AC794-8B81-440A-81AE-6474337DB527} /q

del "%programfiles%\Symantec Antivirus\*.*" /q/f/s >nul
del "%programfiles%\Common Files\Symantec Shared\*.*" /q/f/s >nul

\\ais-fs1.sfu.ca\sw\tools\rm_down.exe /reboot /force
exit

:tried9once

if exist "%programfiles%\Symantec Antivirus\VPC32.exe" goto 9failed
if exist "%programfiles%\Common Files\Symantec Shared\SSC\VPshell2.dll" goto 9failed

goto end_sav

:9failed

echo nav 9 >\\ais-fs1.sfu.ca\depts\sfu\logging\mcafee.inst\NAV_DEL_Failed_%computername%.txt
echo Nav uninstall failed. > "%temp%\mcafee.txt"
"%programfiles%\blat\blat.exe" "%temp%\mcafee.txt" -to   alan at sfu.ca -subject "Nav Uninstall Failed on %computername%" -server smtpserver.sfu.ca -f adadmin at sfu.ca -try 5 
exit

:no_sav9


rem *****************************************************
rem
rem  clean out our NAV UNINSTALL "signal" file
rem 
rem *****************************************************

:End_SAV

del \\ais-fs1.sfu.ca\depts\sfu\logging\mcafee.inst\NAV_DEL_Tried9_%computername%.txt
del \\ais-fs1.sfu.ca\depts\sfu\logging\mcafee.inst\NAV_DEL_Tried76_%computername%.txt







rem *****************************************************************************************************************************
rem
rem                                         beginning of McAfee installation
rem
rem *****************************************************************************************************************************
rem
rem  first, check to see if the reg key is there
rem
rem  if no reg key, just install it
rem 
rem *****************************************************

set installreason=No ShStatEXE Reg Key

\\ais-fs1.sfu.ca\sw\tools\reg.exe query hklm\software\microsoft\windows\currentversion\run /v ShStatEXE

if errorlevel 1 goto install_software


rem *****************************************************
rem
rem  reg key is there, the files there ?
rem
rem  if no files, just install it 
rem
rem *****************************************************

set installreason=No ShStat.exe program file

if not exist "%programfiles%\Network Associates\VirusScan\shstat.exe" goto install_software

rem *****************************************************
rem
rem  reg key is there, files there, what version ?
rem
rem *****************************************************

set installreason=No Patch_11 reg key

\\ais-fs1.sfu.ca\sw\tools\reg.exe query "hklm\SOFTWARE\Network Associates\TVD\VirusScan Enterprise\CurrentVersion" /v patch_11

if not %errorlevel% == 0 goto install_software


set installreason=No Reason, all tests passed


rem ********************************************************
rem
rem   appears to be installed .. was it successful, or
rem   did it fail by not applying our settings ?
rem
rem   checking a reg key will tell us
rem 
rem   but first check if we even care ...
rem 
rem   if our install signal file is not there, just exit out
rem
rem ********************************************************

if not exist \\ais-fs1.sfu.ca\depts\sfu\logging\mcafee.inst\MC_INST_%computername%.txt goto really_all_done

find.exe  /?

if %errorlevel% == 0 goto find_installed0

echo %computername% - Find not installed on %computername%, so we don't know if the McAfee install succeeded or not. > "%temp%\mcafee.txt"

"%programfiles%\blat\blat.exe" "%temp%\mcafee.txt" -to   alan at sfu.ca -subject "%computername% - FIND.EXE not found during McAfee install on %computername%" -server smtpserver.sfu.ca -f adadmin at sfu.ca -try 5 -attach "%temp%\nailogs\vseinst.log" -base64

goto really_all_done


:find_installed0


\\ais-fs1.sfu.ca\sw\tools\reg.exe query "HKLM\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\BehaviourBlocking" /v "szLogFileName" >%temp%\mcafee.out

find.exe /I "C:\NAILogs" %temp%\mcafee.out

if %errorlevel% == 0 goto signal_really_all_done


rem **********************************************************
rem
rem   appears to be a bad install, so remove it and try again,
rem   unless we've already tried this.  we don't want to loop
rem   endlessly, filling up my email logs
rem 
rem **********************************************************

if exist \\ais-fs1.sfu.ca\depts\sfu\logging\mcafee.inst\RETRIED_ONCE_%computername%.txt goto all_done

if exist \\ais-fs1.sfu.ca\depts\sfu\logging\mcafee.inst\RETRYING_%computername%.txt goto already_tried

echo Retrying > \\ais-fs1.sfu.ca\depts\sfu\logging\mcafee.inst\RETRYING_%computername%.txt
echo Retrying on %computername% >"%temp%\mcafee.txt"

"%programfiles%\blat\blat.exe" "%temp%\mcafee.txt" -to   alan at sfu.ca -subject "%computername% - Retrying McAfee install on %computername%" -server smtpserver.sfu.ca -f adadmin at sfu.ca -try 5 -attach "%temp%\nailogs\vseinst.log" -base64

MsiExec.exe /x {5DF3D1BB-894E-4DCD-8275-159AC9829B43} /q

goto install_software



:already_tried

echo Retried Once > \\ais-fs1.sfu.ca\depts\sfu\logging\mcafee.inst\RETRIED_ONCE_%computername%.txt

echo One reinstall attempt failed on %computername% > "%temp%\mcafee.txt"

"%programfiles%\blat\blat.exe" "%temp%\mcafee.txt" -to   alan at sfu.ca -subject "%computername% - One reinstall attempt failed on %computername%" -server smtpserver.sfu.ca -f adadmin at sfu.ca -try 5 -attach "%temp%\nailogs\vseinst.log" -base64

goto all_done



rem ************************************************************
rem
rem     file not there, so install 
rem
rem   then, wait around a bit to ensure that a previous script
rem   that MAY reboot is not in the middle of that reboot
rem
rem
rem ************************************************************


:install_software


echo off
cls
echo.
echo.
echo.
echo.
echo          Installing McAfee AntiVirus
echo.
echo.
echo.
echo.      This will take between 2 and 15 minutes, so please be patient.
echo.
echo.
echo       Your computer will likely reboot (again) during this procedure.
echo.
echo    Do NOT interrupt the process in any way, or very bad things will happen !
echo.
echo.
echo          We begin by copying the files to the local machine
echo .


rem *****************************************************
rem
rem  clean out temp .. good general practise
rem 
rem *****************************************************

del "%temp%\*.*" /q/f/s


rem *****************************************************
rem
rem         Copy the files somewhere local
rem 
rem *****************************************************

mkdir %TEMP%\MCINST

copy \\ais-fs1.sfu.ca\sw\mcafee\vse8p11\*.* "%TEMP%\mcinst" /v/z
if %errorlevel% == 0 goto files_copied_OK

echo McAfee files not copied to %computername% > "%temp%\mcafee.txt"

"%programfiles%\blat\blat.exe" "%temp%\mcafee.txt" -to   alan at sfu.ca -subject "%computername% - McAfee files not copied to %computername%" -server smtpserver.sfu.ca -f adadmin at sfu.ca -try 5 

goto all_done
 
:files_copied_OK


rem *****************************************************
rem
rem  		Install McAfee
rem
rem     first write our McAfee signal file, then install
rem 
rem *****************************************************



echo off
cls
echo.
echo.
echo.
echo.
echo          Installing McAfee AntiVirus
echo.
echo.
echo.
echo.      This will take between 2 and 15 minutes, so please be patient.
echo.
echo.
echo       Your computer will likely reboot (again) during this procedure.
echo.
echo    Do NOT interrupt the process in any way, or very bad things will happen !
echo.
echo.
echo        Next, we uninstall the existing version
echo.



if exist "%programfiles%\Network Associates\VirusScan\shstat.exe" MsiExec.exe /x {5DF3D1BB-894E-4DCD-8275-159AC9829B43} /q

echo off
cls
echo.
echo.
echo.
echo.
echo          Installing McAfee AntiVirus
echo.
echo.
echo.
echo.      This will take between 2 and 15 minutes, so please be patient.
echo.
echo.
echo       Your computer will likely reboot (again) during this procedure.
echo.
echo    Do NOT interrupt the process in any way, or very bad things will happen !
echo.
echo.
echo        Step 3, clean up the old files
echo.


c:
cd\
del c:\quarantine\*.* /q
rd c:\quarantine

del \\ais-fs1.sfu.ca\depts\sfu\logging\mcafee\%computername%_UpdateLog.txt
del \\ais-fs1.sfu.ca\depts\sfu\logging\mcafee\%computername%_OnAccessScanLog.txt
del \\ais-fs1.sfu.ca\depts\sfu\logging\mcafee\%computername%_OnDemandScanLog.txt
del \\ais-fs1.sfu.ca\depts\sfu\logging\mcafee\%computername%_AccessProtectionLog.txt
del \\ais-fs1.sfu.ca\depts\sfu\logging\mcafee\%computername%_BufferOverflowProtectionLog.txt

cd %temp%
del .\nailogs\*.* /q


echo off
cls
echo.
echo.
echo.
echo.
echo          Installing McAfee AntiVirus
echo.
echo.
echo.
echo.      This will take between 2 and 15 minutes, so please be patient.
echo.
echo.
echo       Your computer will likely reboot (again) during this procedure.
echo.
echo    Do NOT interrupt the process in any way, or very bad things will happen !
echo.
echo.
echo        Finally, we install the newest version
echo.


set installreason >>\\ais-fs1.sfu.ca\depts\sfu\logging\mcafee.inst\MC_INST_%computername%.txt

"%temp%\mcinst\setupvse.exe"


rem ********************************************************
rem
rem               WAS IT SUCCESSFUL !!! ?
rem
rem   have a look at the log files, using FIND (after checking 
rem         to see if FIND is in fact there)
rem
rem   if not successful, mail alan the log files
rem
rem   if there isn't a log file, make one up
rem 
rem       then look for a critical setting in a REG key
rem 
rem ********************************************************

FIND.EXE /?
if %errorlevel% == 0 goto find_installed
echo SETUPVSE completed, but FIND not installed on %computername%, so we don't know if the McAfee install succeeded or not. > "%temp%\mcafee.txt"
"%programfiles%\blat\blat.exe" "%temp%\mcafee.txt" -to   alan at sfu.ca -subject "%computername% - FIND.EXE not found during McAfee install on %computername%" -server smtpserver.sfu.ca -f adadmin at sfu.ca -try 5 -attach "%temp%\nailogs\vseinst.log" -base64
goto clean_up_norton
:find_installed


if not exist "%temp%\nailogs\vseinst.log" echo No McAfee log file found >"%temp%\nailogs\vseinst.log"

find.exe "Product: McAfee VirusScan Enterprise -- Installation operation completed successfully." "%temp%\nailogs\vseinst.log"

if %errorlevel%==0 goto installed_OK_test1_passed

find.exe "Product: McAfee VirusScan Enterprise -- Configuration completed successfully." "%temp%\nailogs\vseinst.log"

if %errorlevel%==0 goto installed_OK_test1_passed


echo Installed Failed > "%temp%\mcafee.txt"

"%programfiles%\blat\blat.exe" "%temp%\mcafee.txt" -to   alan at sfu.ca -subject "%computername% - McAfee install on %computername% FAILED !" -server smtpserver.sfu.ca -f adadmin at sfu.ca -try 5 -attach "%temp%\nailogs\vseinst.log" -base64

goto reboot


:installed_OK_test1_passed

\\ais-fs1.sfu.ca\sw\tools\reg.exe query "HKLM\SOFTWARE\Network Associates\TVD\Shared Components\Alert Client\VSE" /v "Alert Manager Server Path" >%temp%\mcafee.out

find.exe /I "updates.sfu.ca" %temp%\mcafee.out

if %errorlevel% == 0 goto installed_OK

"%programfiles%\blat\blat.exe" "%temp%\mcafee.out" -to   alan at sfu.ca -subject "%computername% - McAfee install on %computername% FAILED - missing REG key!" -server smtpserver.sfu.ca -f adadmin at sfu.ca -try 5 -attach "%temp%\nailogs\vseinst.log" -base64

goto reboot


:installed_OK

echo Installed OK > "%temp%\mcafee.txt"

"%programfiles%\blat\blat.exe" "%temp%\mcafee.txt" -to   alan at sfu.ca -subject "%computername% - McAfee installed OK on %computername%" -server smtpserver.sfu.ca -f adadmin at sfu.ca -try 5



rem ********************************************************
rem
rem   clean up norton AV
rem 
rem ********************************************************

:clean_up_norton

rd "%programfiles%\symantec" /s/q >nul
rd "%allusersprofile%\application data\symantec" /s/q >nul

\\ais-fs1.sfu.ca\sw\tools\reg.exe delete hklm\software\Symantec /f



rem ********************************************************
rem
rem   reboot, what the heck
rem 
rem ********************************************************

:reboot

\\ais-fs1.sfu.ca\sw\tools\rm_down.exe /reboot /force

exit


rem ********************************************************
rem
rem  email the very good news
rem 
rem ********************************************************

:signal_really_all_done


echo C:\NAILogs Reg Key found on %computername%, so McAfee install succeeded ! > "%temp%\mcafee.txt"

"%programfiles%\blat\blat.exe" "%temp%\mcafee.txt" -to   alan at sfu.ca -subject "%computername% - C:\NAILogs Reg Key found on %computername%, so McAfee install succeeded !" -server smtpserver.sfu.ca -f adadmin at sfu.ca -try 5


rem ********************************************************
rem
rem  del our installation "signal" files
rem 
rem ********************************************************

:really_all_done

del \\ais-fs1.sfu.ca\depts\sfu\logging\mcafee.inst\MC_INST_%computername%.txt
del \\ais-fs1.sfu.ca\depts\sfu\logging\mcafee.inst\RETRYING_%computername%.txt
del \\ais-fs1.sfu.ca\depts\sfu\logging\mcafee.inst\RETRIED_ONCE_%computername%.txt



:all_done



rem ********************************************************
rem
rem  don't scan TMP files
rem
rem ********************************************************


\\ais-fs1.sfu.ca\sw\tools\reg.exe add "HKLM\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\Configuration\Default" /v "szExcludeExts"  /t reg_sz /d "MBX TMP" /f
\\ais-fs1.sfu.ca\sw\tools\reg.exe add "HKLM\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\Configuration\Default" /v "ExcludedItem_0" /t reg_sz /d "4|3|MBX" /f
\\ais-fs1.sfu.ca\sw\tools\reg.exe add "HKLM\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\Configuration\Default" /v "ExcludedItem_1" /t reg_sz /d "5|2|"    /f
\\ais-fs1.sfu.ca\sw\tools\reg.exe add "HKLM\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\Configuration\Default" /v "ExcludedItem_2" /t reg_sz /d "4|3|TMP" /f
\\ais-fs1.sfu.ca\sw\tools\reg.exe add "HKLM\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\Configuration\Default" /v "NumExcludeItems" /t reg_dword /d 3 /f


rem ********************************************************
rem
rem  IS IT RUNNING !!!
rem
rem ********************************************************

net.exe start >%temp%\mcafee.out


find.exe /I "McAfee Framework Service" %temp%\mcafee.out

if not %errorlevel% == 0 goto service_error

find.exe /I "Network Associates McShield" %temp%\mcafee.out

if not %errorlevel% == 0 goto service_error

find.exe /I "Network Associates Task Manager" %temp%\mcafee.out

if not %errorlevel% == 0 goto service_error


rem  everything appears to be running, so exit

exit


:service_error

"%programfiles%\blat\blat.exe" "%temp%\mcafee.out" -to   alan at sfu.ca -subject "%computername% - McAfee Services on %computername% not running !" -server smtpserver.sfu.ca -f adadmin at sfu.ca -try 5

exit














More information about the unisog mailing list