Endpoint Protection

In testing, we wrote a Computer Startup script that checks the computer for the existence of the current version of SEP, and if it does not exist then it runs the packed .exe installation file.  This seems to work fine for new installations, but for machines coming from 11.06, the result is a corrupted installation.

SEP did not allow me to Fix the problem, it gave an error 0x00000000, so I rebooted.  After reboot, everything appeared normal, but the tray icon disappeared after a few minutes.  I decided to run the help tool, and this is was the result:

Sure, we could use SEPM to push the upgrade packages, but this only works for machines that are currently connected.  We want this process to be automatic.  For an environment where we want to use logon scripts to install the current package if it is not already installed, is there a preferred method of doing this?  Simply running the new package over the existing does not seem to be clean.  Thanks!

What happens if you run a repair on the client?

Have you tried using GPO?

Installing clients with Active Directory Group Policy Object

I have not tried running a repair.  This is not a practical option, because it would be required on every single machine.  We ran into problems using the GPO Software Installation method because it would, A, install all the features when we do not want NTP or Firewall, and B, caused a restart for fresh installations.

Have you tried this with a package that removes SEP beforehand?

You can do this with SEPprep:
http://www.symantec.com/docs/TECH148513

Alternatively, have the script look for the existance of SEP directories so that this only applies to client without SEP installed, and upgrade existing clients via the SEPM

Oh ya, as I mentioned in your earlier thread, I'd recommend taking another look at the SEP Inegration Component and Altiris in general.

It's really good at this stuff as it has inbuilt tools to automatically:

• start managing new machines
• inventory exisiting AV
• specifically target machines without AV
• other AV/SEP stuff

The current scripts looks for the existance of a 12.1.4 installation and if not, runs the appropriate package for 32 or 64-bit.

I see the term "competetive product" listed several times in that article, does that simply mean other Symantec/Norton software, or any other AV programs?

SEPprep has a specific option called "RemoveSymantec" 

You can also tell it to perform a reboot after removal but befopre the install, just to be safe

Ha, didn't see you there, you are all over the place! ;)  That is what I will try, thanks.

Just trying to keep you on your toes 

I am concerned that non-Symantec software will be installed by SEPprep, but I don't see a list of [ProductNames] that apply only to Symantec/Norton products.  I don't suppose you know what to include, do you?

So SEPprep can only run in the presence of the SEPprep.ini file, and will only apply to software identified in there.

The file includes a fairly extensive list of products that it is capable of removing, but can also be edited to omit products that you do not want removed

#EDIT#

Oh, and as it performs a search using the names in teh product list, it's able to match "Endpoint Protection" to SEP

#EDIT2#

Excerpt from the article:

3.  [ProductNames]  This section lists the name of any product to uninstall. The SEPprep tool will search through the Add/Remove Programs for any product whose name matches part of or all of the strings listed here. The tool will go through this list in the order listed. Note: that the tool will match even a part of the name.

I understand that, my question is, what are the proper names for any previous versions of Symantec/Norton?  We have versions ranging from 9 to 11 in our environment, so I want to make sure that any of those are caught, but nothing else.

For example:

[ProductNames]

Symantec

Norton

If you want to be exact, then it may be beneficial to find a machine of each install type and have a look in the "Add/Remove Programs" list, as it searches through there.

#EDIT#

As I understand it, each line represents a seaparate search string, so "Endpoint Protection" should match to "Symantec Endpoint Protection", but "Symantec Endpoint Protection" should not match to "Other Endpoint Protection".

Obviously test like crazy and all that before pushing it out

Test, what is that?  Sounds foreign...  Thanks for the tips, I'll do additional testing.

This ended up working for us, and from what I can tell, the second screenshot is to be expected when running the tool from a non-admin account.  Thanks SMLatCST.