Endpoint Protection

 View Only
  • 1.  If anyone is having trouble with the Sylink Replacer tool

    Posted Oct 18, 2011 05:54 PM

    This tool didn't work for us, worked on some computers but no others. I have created a script which uses psexec to replace the sylink.xml file which works well on XP & Win7 computers (most likely others too but haven't tried).

    To use:
    1. Copy the script below into notepad (change the 3 [password] parts to your symantec password, and the version from 12.1.671.4971.105 if you are using a different version - check program files folder if you are unsure), and save with .bat file extension
    2. Put psexec.exe file in the same directory of the script (google and download pstools if you don't have this)
    3. Put your correct sylink.xml file in the same directory also
    4. Put a list of client names/IPs in a file called clients.txt in the same directory

    When you run the script, ignore the text that shows up in the window, just wait for it to say "Done" then close it. You will see two new files created called results.txt and failedclients.txt. Results shows each client and either "success" or an error (e.g. can't connect). Any clients that fail for any reason are put in the failedclients.txt list also, so you can later rename this to clients.txt and run the script again if you like.

    Here is the batch script:


     @echo off
    REM Get IPs out of clients.txt file and run this script on each one
    FOR /F "tokens=1,*" %%a IN (clients.txt) DO (

      REM reset countrol variables
      set sylinkpath=0
      set smcpath=0

      echo -------------------------------------------------- >> results.txt
      echo %%a: >> results.txt

      REM Make sure connection to system can be established
      ping -n 1 %%a | find "Reply from" > NUL
      if errorlevel 1 (
        echo Can't connect >> results.txt
        echo %%a >> failedclients.txt )
      if not errorlevel 1 (

        REM Find where smc.exe file is stored then stop the service
        if exist "\\%%a\c$\Program Files\Symantec\Symantec Endpoint Protection\smc.exe" (
          set smcpath=1
          psexec.exe \\%%a "c:\Program Files\Symantec\Symantec Endpoint Protection\smc.exe" -p [password] -stop )
        if exist "\\%%a\c$\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\smc.exe" (
          set smcpath=2
          psexec.exe \\%%a "c:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\smc.exe" -p [password] -stop )
        if exist "\\%%a\c$\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\smc.exe" (
          set smcpath=3
          psexec.exe \\%%a "c:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\smc.exe" -p [password] -stop )

        if smcpath==0 (
          echo %%a >> failedclients.txt
          echo Cannot find smc.exe >> results.txt
          echo -------------------------------------------------- >> results.txt )
        if not smcpath==0 (

          REM Find where sylink.xml file is stored then replace it
          if exist "\\%%a\c$\Program Files\Symantec\Symantec Endpoint Protection\sylink.xml" (
            set sylinkpath=1
            copy /y sylink.xml "\\%%a\c$\Program Files\Symantec\Symantec Endpoint Protection\" )
          if exist "\\%%a\c$\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Config\sylink.xml" (
            set sylinkpath=2
            copy /y sylink.xml "\\%%a\c$\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Config\" )
          if exist "\\%%a\c$\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Config\sylink.xml" (
            set sylinkpath=3
            copy /y sylink.xml "\\%%a\c$\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Config\" )

          if sylinkpath==0 (
            echo %%a >> failedclients.txt
            echo Cannot find sylink.xml >> results.txt )
          if not sylinkpath==0 (
            echo Success >> results.txt )

          REM Restart the smc.exe service
          if exist "\\%%a\c$\Program Files\Symantec\Symantec Endpoint Protection\smc.exe" (
            psexec.exe \\%%a "c:\Program Files\Symantec\Symantec Endpoint Protection\smc.exe" -start )
          if exist "\\%%a\c$\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\smc.exe" (
            psexec.exe \\%%a "c:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\smc.exe" -start )
          if exist "\\%%a\c$\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\smc.exe" (
            psexec.exe \\%%a "c:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\smc.exe" -start )
        )
      )
    )
    echo.
    echo Done
    echo.
    pause
     



  • 2.  RE: If anyone is having trouble with the Sylink Replacer tool

    Posted Oct 18, 2011 06:25 PM

    This looks really well done and I am going to give it a go soon. I noticed that you are using the specific version in the script. Would it be possible to point it to currentversion instead with RU1 right around the corner?



  • 3.  RE: If anyone is having trouble with the Sylink Replacer tool

    Posted Oct 18, 2011 06:29 PM

    That shouldn't work for most 12.1 environments. Any 12.1 install with Tamper Protection enabled should prevent you from stopping our services like that. Have you attempted to use the Sylink Replacer for 12.1 tool?



  • 4.  RE: If anyone is having trouble with the Sylink Replacer tool

    Posted Oct 18, 2011 07:52 PM

    that definitely wont work if Tamper Protection is enabled on 12.1.

    As Thomas says, why dont you try SylinkReplacer for 12.1, or alternatively, using your script to call SylinkDrop, rather than doing it manually?



  • 5.  RE: If anyone is having trouble with the Sylink Replacer tool

    Trusted Advisor
    Posted Oct 19, 2011 08:50 AM

    Hello,

    Please Call Symantec Technical Support for receiving the SylinkReplacer for 12.1 Utility.

    OR 

    You can log a case on web portal to receive tool.

     

    QuickStart Guide - Create and Manage Support Cases in SymWISE
     
     
    How to update a support case and upload diagnostic files with MySupport
     
     
    Create and manage your Support case through MySymantec
     
     
    Create and Manage Support Cases
     
     
    Hope that helps!!


  • 6.  RE: If anyone is having trouble with the Sylink Replacer tool

    Posted Oct 19, 2011 09:34 PM

    We tried sylinkreplacer but it seemed to only work on half of the machines. Symantec support wasn't able to help any further which is why I created this script

    It lets you stop the service because it has the password included, otherwise the service won't stop and the sylink.xml file copy will fail. And we do have tamper protection enabled.

    As for the specific version being in the script, if there is another version you want to run this on just use notepad's "replace all" function to enter in the new version. Provided the file paths are the same other than the version number it should still work (and if the paths are different it won't take much editing to get it to work). Though I wasn't really thinking much about future versions when creating this script as I was just in a hurry to get it working in our organisation. Just posted in case it helps as I have seen a lot of other people have this same issue with sylinkreplacer