Endpoint Protection

 View Only

  • 1.  How to stop SEP clients AV service remotely.

    Posted May 17, 2010 08:23 AM
    Hi,

    I want to deploy Sylink.xml remotely through group policy, before deploying i want to stop the client service so that it can replace the existing sylink.xml file with the new one.'



    regards
    Sandeep Kumar


  • 2.  RE: How to stop SEP clients AV service remotely.

    Posted May 17, 2010 08:31 AM
    You can write a script for it.
    You can use smc -stop command for stopping the service and smc -start service for starting the service
    Ref:Windows commands for the client service


  • 3.  RE: How to stop SEP clients AV service remotely.

    Posted May 17, 2010 08:34 AM
    There is a tool to do that already
    https://www-secure.symantec.com/connect/downloads/sylinkreplacer-tool-connecting-sep-clients-sepm

    however to replace smc you need to stop smc service first ( smc -stop ) after replcaing sylink you need to start it ( smc -start 0


  • 4.  RE: How to stop SEP clients AV service remotely.

    Posted May 17, 2010 02:08 PM

    This was another discussion on the subject.  I attached the vbscript to do this.

    http://www.symantec.com/connect/forums/restart-smcexe-remotely
     



  • 5.  RE: How to stop SEP clients AV service remotely.

    Posted May 17, 2010 02:45 PM

    My suggestion is, regardless of what automation script you use, use the SylinkDrop.exe utility on your CD2 to replace the Sylink.xml file.
    The SylinkDrop.exe utility stops the client, replaces the Sylink.xml, and then restarts the client. It is made to be used silently through the command line -- but it also has a GUI if you need.

    That way you have no hassle about how long to wait, or what if the SEP client is installed into a custom directory etc.

    We use a BAT file. Our BAT file isn't ment to be silent, but here is the important line:
    %NetworkDir%\%SylinkDropFileName% -silent %NetworkDir%\%SylinkXMLFileName%
     
    Which translates out to something like
    Run: \\FileShareServer\ShareFolder\SylinkDrop.exe -silent \\FileShareServer\ShareFolder\TheCorrectSylink.xml

    If you want to use VBScript, PowerShell, or just a simple BAT file, the method works well. SylinkDrop.exe even returns error codes so you can take action on failures.

    Here is the whole BAT file. For a silent deployment it could be trimmed down:
     

    @Echo Off
CLS
Echo Moving your SEP client to the Pilot Server, CUL1RFPSEPQIN02
Echo This will only take a minute...
Echo.

REM Set Defaults:
REM Do NOT use a trailing backslash for the NetworkDir variable.
REM THERE MUST BE NO SPACES IN THESE DIRECTORIES OR FILE NAMES
SET SylinkXMLFileName=TheCorrectSylink.xml
SET NetworkDir=\\MyRemoteServer\SEP-Files\
SET EmailAddress=YourAdmin@Unknown.com
SET SylinkDropFileName=SylinkDrop.exe
SET PreferredGroup=My Company\Production Workstations
REM SET PreferredGroup=My Company\SEPM Group\Sub Group\etc  
REM To have the client move to a special group,
REM remove REM mark and enter the group you want without quote marks.
REM The group name is case sensitive. The Group path must be entered exact for it to work.
REM The SEPM server may not honor the PreferredGroup request if
REM a) The group was typed incorrectly b) The client already exists on the server
REM c) The "Block new clients" option is set on the specified group.

REM Defaults can be overwritten if you call the BAT file with parameters

REM First paramater: Sylink.xml file name.
If "%1" NEQ "" (SET SylinkXMLFileName=%1)
REM Second parameter: Network share location of Sylink file and SylinkDrop tool.
If "%2" NEQ "" (SET NetworkDir=%2)
Rem Third parameter: Email address to use when there is a problem.
If "%3" NEQ "" (SET EmailAddress=%3)
REM Forth parameter: SylinkDrop.exe file name.
If "%4" NEQ "" (SET SylinkDropFileName=%4)
REM Fith parameter: PreferredGroup Option
If "%5" NEQ "" (SET PreferredGroup=%5)

REM Attempt to connect to the remote file share using Net Use.
net use %NetworkDir%
Set ErrorNumber=%Errorlevel%
If %ErrorNumber% NEQ 0 (
Echo Error Number: %ErrorNumber%. Problem connecting to share %NetworkDir%.
)
REM Set the Preferred Group setting, if any.
If "%PreferredGroup%" NEQ "" (
REG add "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink" /v PreferredGroup /t REG_SZ /d "%PreferredGroup%" /f
)

REM Call SylinkDrop to replace the Sylink.xml file:
%NetworkDir%\%SylinkDropFileName% -silent %NetworkDir%\%SylinkXMLFileName%
Set ErrorNumber=%Errorlevel%
Echo Press Enter if the script stops here...
net use /delete %NetworkDir% > NUL
Echo.
If %ErrorNumber% EQU 0 Goto Success
If %ErrorNumber% EQU 1 Goto Aborted
If %ErrorNumber% EQU 53 Goto NetworkMsg
If %ErrorNumber% EQU 1385 Goto NetworkAccess
If %ErrorNumber% EQU -1 Goto SylinkMsg
If %ErrorNumber% EQU -2 Goto SylinkMsg

REM Print error message
:UnknownError
Set ErrMsg=Unknown Error: %ErrorNumber%
Echo Error: Unknown Error %ErrorNumber%
Goto MessageFooter

:SylinkMsg
REM Sylink returns error codes 1, 0, -1 and -2.
REM Sylink error code 1 is covered under "Aborted" and 0 under "Success"
Set ErrMsg=Sylink Error: %ErrorNumber%
Echo Error: Sylink Error %ErrorNumber%
Goto MessageFooter

:NetworkAccess
Set ErrMsg=Access Denied: %ErrorNumber%
Echo Error: Access Denied.
Echo        Ensure you are logged in with a valid corporate account
Goto MessageFooter

:NetworkMsg
Set ErrMsg=Network Error, %ErrorNumber%
Echo Error: Network connection error.
Echo        Unable to connect.
Goto MessageFooter

:MessageFooter
Echo.
Echo Your SEP client was not moved.
Echo Ensure you are on the corporate network and run this again.
Echo If your are remote, ensure your VPN is activated.
Echo If you continue to experience problems,
Echo please send an email to %EmailAddress% and titled: 
Echo Problem moving SEP Client: %ErrMsg%
Goto TheEnd

:Success
Echo Done!
Echo Thank you, your SEP client has now been moved.
Goto TheEnd

:Aborted
Rem Sylink errorcode 1
Echo The operation was aborted by the user.
Goto TheEnd 

:TheEnd
Echo.
Pause