Endpoint Protection

 View Only

Script to update SEP 12.1 installation packages 

Jun 26, 2012 05:55 AM

*Update available*

Hi,

I wrote a little Powershell script to update existing SEP 12.1 Installation Packages with the latest definitions for all modules.

Instructions:

On the SEPM 12.1 share the following folder for “everyone – read”

Export Packages without ticking the box “Create a single .EXE file for this package”

Ensure that the following .ZIP files exist in the 32Bit and 64Bit package folder:

Download the script and the modify the first lines for your environment

#Needs to be modified for each environment:
$SEPM         = "SEPM.mycompany.local"
$content    = "\content$"
$x86Setup    = "C:\SEP\My Company_Workstations_WIN32BIT\Symantec Endpoint Protection version 12.1.1101.401\"
$x64Setup    = "C:\SEP\My Company_Workstations_WIN64BIT\Symantec Endpoint Protection version 12.1.1101.401\"

The first two lines are for the SEPM Server name and the share of the content

The last two lines are the folders where your packages are stored. Save the script as .ps1

 

Now you can run the script and it will update the definition files in your package folders:

Packages are now up to date!

If you want to only update the Virus Definitions or only 32Bit / 64Bit Packages, you can delete the related lines in the "#Execution Sequence:" Part of the script.

Important Note: Do not run the script when liveupdate is installing new definitions on the SEP. This may damage your exported packages.

- Zebbelin

*Update*

Finally I managed to update the script :-)

Instructions for V0.2:

On the SEPM 12.1 share the following folder for “everyone – read”

Export Packages without ticking the box “Create a single .EXE file for this package”

Download the script and the modify the first lines for your environment:

#Needs to be modified for your environment:
$SEPM         = "SEPM.mycompany.local"
$content      = "\content$"
$Installers   = "C:\SEP12\"

The first two Variables are for the SEPM Server name and the share of the content

The third Variable is the Folder where you store the Packages you want to update. Save the script as .ps1

FolderStrukture.PNG

Now you can run the script and it will update the definition files in your package folders:

Script_output.PNG

Important Note: Do not run the script when liveupdate is installing new definitions on the SEP. This may damage your exported packages.

Improvements:

  • You don´t need to specify separate Variables for the x64 and x86 Packages anymore. The script will search for Installers in the $Installers Variable
  • You can update multiple packages with one script.
  • The Script will only update definition files that exist in the Packages folder
  • Includes all definition types based on the ContentInfo.txt for SEPM12.1.4

Cheers,

- Zebbelin

 

 

Statistics
0 Favorited
11 Views
2 Files
0 Shares
1 Downloads
Attachment(s)
txt file
UpdateSEPinstalls.txt   1 KB   1 version
Uploaded - Feb 25, 2020
txt file
UpdateSEPinstallsV2.txt   3 KB   1 version
Uploaded - Feb 25, 2020

Tags and Keywords

Comments

Jun 16, 2020 09:36 PM

Hello,

Awesome script ! Do you have the latest one for SEP 14.3? I am trying to work on script to update SEP 14.3 definition on weekly basis. Seems like the moniker and there is new definition for respective definition folder in installer.

Thank you.

May 25, 2018 11:52 AM

Well Symantec is blocking my text file I can just put the contents in a post.

Script to update existing SEP 14.x Installations
 
 
 
#Needs to be modified for your environment:
$Install = "D:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub"
$content = "\content"
$Installers = "D:\client"
 
#Do not change anything below this line
#######################################
 
#Variables based on ContentInfo.txt:
$VirusDefinitionsX64 = "{67F66706-F04B-4432-9947-F8354949D2A6}" #SEPC Virus R Definitions SDS Win64 (x64) 14.0 RU1 - MicroDefsB.CurDefs
$VirusDefinitionsX86 = "{7C177419-4112-42B6-8CEF-094385474554}" #SEPC Virus R Definitions SDS Win32 14.0 RU1 - MicroDefsB.CurDefs
$ProActiveThreat = "{D6AEBC07-D833-485f-9723-6C908D37F806}" #SEPC Behavior And Security Heuristics 14.0 RU1
$NetworkThreat = "{0D03AEA1-B630-43F8-828E-F10E80A68B99}" #SEPC CIDS Signatures
$IronRevocation = "{810D5A61-809F-49c2-BD75-177F0647D2BA}" #SEPC Iron Revocation List
$IronWhitelist = "{EDBD3BD0-8395-4d4d-BAC9-19DD32EF4758}" #SEPC Iron Whitelist
$SubmissionControl = "{B6DC6C8F-46FA-40c7-A806-B669BE1D2D19}" #SEPC Submission Control Data
$EFAVTDefs = "{E8827B4A-4F58-4dea-8C93-07B32A63D1C5}" #SEPC Extended File Attributes and Signatures
$ApPortalDefs = "{A78E095A-8FED-4937-9D5C-0B6C20EA696C}" #SEPC SRTSP Settings
$SMRDefs        = "{FDDBF0FB-0A93-1B05-74DA-0710C2E8441D}" #SEPC SMR Definitions 14.0 RU1
$EDRDefs        = "{88F5AA7A-AD7C-426A-8F25-465D3D43B1F1}" #SEPC EDR - 14.0 RU1
$HIDefs         = "{1AD331AC-DEF8-4f6f-A7B5-7B259423BBCF}" #SEPC HI Policy Contents Windows - 14.0 RU1
$NTRDefs        = "{0580D57D-0AD3-2299-2F3A-6A29762D60F1}" #SEPC WTR - 14.0 RU1 MP1
$STICDefs        = "{075551EC-66BD-4487-9E2E-40645AF6F8B0}" #SEPC STIC - 14.0 RU1
 
#Find Install Folders
$x64InstallDirs = Get-ChildItem $Installers -Recurse -Include "Sep64.msi" | ForEach-Object {$_.DirectoryName}
$x86InstallDirs = Get-ChildItem $Installers -Recurse -Include "Sep.msi" | ForEach-Object {$_.DirectoryName}
 
Write-Host "x64Installers found in:"
Write-Output $x64InstallDirs
Write-Host "x86Installers found in:"
Write-Output $x86InstallDirs
 
#Function
Function CopyDefs ($ID, $newName, $osArch){
$Path = $Install + $content + "\" + $ID
$Destination            = $Folder + "\" + $newName
$Revision = Get-ChildItem $Path | Select-Object -Last 1
If ($osArch -eq "AMD64"){
If (Test-Path ($Destination)) 
{
Write-Host "Copy Revision " -NoNewline; Write-Host $Revision -foregroundcolor Yellow -NoNewline; Write-Host " of " -NoNewline; Write-Host $newName -foregroundcolor Yellow -NoNewline; Write-Host " to " -nonewline;Write-Host $Folder -foregroundcolor Yellow
        Copy-Item -Path ($Path + "\" + $Revision + "\full.zip") -Destination ($Destination) -Force -PassThru | Out-Null
}
}
If ($osArch -eq "x86"){
If (Test-Path ($Destination)) 
{
Write-Host "Copy Revision " -NoNewline; Write-Host $Revision -foregroundcolor Yellow -NoNewline; Write-Host " of " -NoNewline; Write-Host $newName -foregroundcolor Yellow -NoNewline; Write-Host " to " -nonewline;Write-Host $Folder -foregroundcolor Yellow
Copy-Item -Path ($Path + "\" + $Revision + "\full.zip") -Destination ($Destination) -Force -PassThru | Out-Null
}
}
}
 
#Go
#Copy x64 Defs
foreach($Folder in $x64InstallDirs) {
CopyDefs $VirusDefinitionsX64 V3Defs.zip AMD64
CopyDefs $ProActiveThreat BASHDefs.zip AMD64
CopyDefs $NetworkThreat IDSDefs.zip AMD64
CopyDefs $IronRevocation IronRevokeDefs.zip AMD64
CopyDefs $IronWhitelist IronWLDefs.zip AMD64
CopyDefs $SubmissionControl IronDefs.zip AMD64
CopyDefs $EFAVTDefs EFAVTDefs.zip AMD64
CopyDefs $ApPortalDefs ApPortalDefs.zip AMD64
Copydefs $SMRDefs SMRDefs.zip AMD64
CopyDefs $EDRDefs EDRDefs.zip AMD64
CopyDefs $HIDefs HIDefs.zip AMD64
CopyDefs $NTRDefs NTRDefs.zip AMD64
CopyDefs $STICDefs STICDefs.zip AMD64
}
#Copy x86 Defs
foreach($Folder in $x86InstallDirs) {
CopyDefs $VirusDefinitionsX86 V3Defs.zip x86
CopyDefs $ProActiveThreat BASHDefs.zip x86
CopyDefs $NetworkThreat IDSDefs.zip x86
CopyDefs $IronRevocation IronRevokeDefs.zip x86
CopyDefs $IronWhitelist IronWLDefs.zip x86
CopyDefs $SubmissionControl IronDefs.zip x86
CopyDefs $EFAVTDefs EFAVTDefs.zip x86
CopyDefs $ApPortalDefs ApPortalDefs.zip x86
CopyDefs $SMRDefs SMRDefs.zip x86
CopyDefs $EDRDefs EDRDefs.zip x86
CopyDefs $HIDefs HIDefs.zip x86
CopyDefs $NTRDefs NTRDefs.zip x86
CopyDefs $STICDefs STICDefs.zip x86
}

May 25, 2018 11:51 AM

I updated this for SEP 14 RU1.  Just change the paths to your install path.  no need for a share to even be created since you and run it as a scheduled task on your SEP Manager.

 

 

 

May 25, 2018 11:51 AM

Can everyone see my attached file?  I do not see it.

 

Mar 30, 2017 04:41 PM

Nice script.  I created a VB Script file a long time ago that I use all the time and works well.  However, your script looks much shorter and cleaner.  I will download and try it out.

​I just wanted to let you know that with SEP 14, VDefs.zip are no more.  They have been replaced with V3Defs.zip and the moniker is different too.

These are for the "reduced" definitions that a "normal" SEP 14 client install would use.

     {7C177419-4112-42B6-8CEF-094385474554} = SEPC Virus R Definitions SDS Win32 14.0
     {67F66706-F04B-4432-9947-F8354949D2A6}​ = SEPC Virus R Definitions SDS Win64 (x64) 14.0

​Also, you can get the complete list of monikers for definitons from the ContentInfo.txt file, which is found here...\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\ContentInfo.txt

 

 

 

Nov 09, 2015 07:31 AM

Thank you for the script, Zebbelin. It works great!

Just one addition.

In SEPM 12.1.6 the SEPC SRTSP Settings have versions for 12.1.5 and 12.1.6. So, a distinction between the two should be added if used for updating of 12.1.6 clients.

Jun 27, 2014 04:17 AM

Finally I managed to create an updated Version of the script.

Thanks again for all your input! smiley

Sep 03, 2013 02:03 PM

Zack123,

After second glance it does look like you are correct! Thanks for posting! Anything specific lead you to find this or were you just double-checking all monikers?

Thanks!

Aug 30, 2013 08:05 PM

Wonderful script and extremly useful, thank you for sharing.

The only change i made was to IronDefs.zip moniker to equal the below

$SubmissionControl 	= "{263395A0-D3D8-4be4-80B5-202C94EF4AA0}"

Jan 17, 2013 09:43 AM

Zebbelin,

Great script buddy! Just thought I'd let you know that with the release of 12.1.2 there are 2 additional definition zipfiles that are included in exported packages now. I talked to support and obtained the monikers that relate to them. They are:

ApPortalDefs.zip - {50B092DE-40D5-4724-971B-D3D90E9EE987}

EFAVTDefs.zip - {E8827B4A-4F58-4dea-8C93-07B32A63D1C5}

I had to add these to the Variables section and incorporate them into the "Copy x64 Defs" and "Copy x86 Defs" sections. These 2 files are bit independant so both will be used in both package types.

On another note, upon obtaining this moniker info from support, they made it extremely clear that they do not support this method of updating exported packages. If there are any problems seen from this method they prefer that the package be manually exported.

This is a great script and has helped introduce me to PowerShell.

Thanks again!

Oct 21, 2012 01:20 PM

Nice Script.

Sep 29, 2012 12:20 PM

Nice Shared. :)

Sep 24, 2012 05:01 PM

Looking the script for 11.x. Any help on same.

Aug 02, 2012 08:53 PM

hi,

Good Script...............

Jul 27, 2012 04:45 AM

good work! Keep it up for later releases.

Jul 26, 2012 06:05 PM

Currently, you have two execution blocks starting with the comments '#Copy x64 Defs' and '#Copy x86 Defs'

Both blocks do exactly the same thing, just the $osArch is different

I'm saying that it should be possible to create one block that performs the copy function with lines similar to

CopyDefs $VirusDefinitions$osArch VDefs.zip $osArch

I believe that this would help remove duplicate code; i.e. move from two copy code blocks down to 1 copy block.

Hey, right now your script works & that's great. Keep is like that for now.

My suggestions are for long term maintainability & reducing COPY/PASTE editing later on.

Jul 26, 2012 04:03 AM

Good Artical

 

Very helpfull artical.

Jul 26, 2012 02:57 AM

Thanks Ian. smiley

The IF EXIST is a very good tip enlightened

Unfortunately I don´t have a SEPM 11 anymore. If I find the time I´ll set one up and test the script there with your ContentInfo File.

Not sure what you mean with making the architecture a variable. I´ve stored the AMD64 and x86 setup packages on a share and update them on a regularly basis. Therefore I always update both architectures.

Jul 25, 2012 08:34 PM

Nicely done.

Some features for v0.2 or beyond (in no particular order)

  • Looking at our v11 installation, this script can easily be converted to v11 or use a parameter to specify the version. I've attached ContentInfo.txt from our install that lists the relevant GUIDs
  • You copy the definition file, regardless of its existance. Maybe build in an IF EXIST clause (e.g. IF EXIST VDefs.zip THEN COPY, ELSE DON'T COPY). This would also not require the use to edit the script further down, below the parameter section
  • A publish date in yur header would be good.
  • Too me it feels like the architecture options (AMD64 & x86) are hard coded. Can that be made into a variable or parameter?

Keep up the good work.

Jul 25, 2012 10:24 AM

Good Point. Will add that in the next Version of the Script!

In the meantime you can change the "$x86Setup" and "$x64Setup" variable to the path of your server package and remove in the "Execution Sequence" part the definitions you don´t need (e.g. "NetworkThreat")

Jul 25, 2012 09:31 AM

Thanks very Good.

One question I have packages for servers also so shall i add the lines for the server package below the workstations

Jun 28, 2012 05:44 PM

good

Related Entries and Links

No Related Resource entered.