Endpoint Protection

 View Only

  • 1.  Installation package installs all components when I only want antivirus!

    Posted Nov 06, 2009 12:24 PM
    So I've created several installation packages, one for each group. When I created them I selected only Antivirus and Antispyware as my components. I moved the packages to different servers for deployment. I'm using GPOs to push them out so the packages are .msi files. The software loads one the PCs ok but it loads all the components. It loads the network threat protection and the proactive threat protection, and I don't want them!
    I'm running 11.0.4

    If I manually run the packages then all the components are set to be installed, I have to do a custom installation and remove what I don't want.
    Any clues?


  • 2.  RE: Installation package installs all components when I only want antivirus!

    Posted Nov 06, 2009 12:27 PM
    When the package is pushed through GPO, all the features will be installed.

    Deploy the package using Migration and Deployment Wizard.


  • 3.  RE: Installation package installs all components when I only want antivirus!

    Posted Nov 06, 2009 12:52 PM
    Unless you create a transform......


  • 4.  RE: Installation package installs all components when I only want antivirus!

    Posted Nov 06, 2009 01:03 PM
    He is correct, seems to be  a bug when u install it via GPO , here is the discussion which explains it.

    https://www-secure.symantec.com/connect/forums/ntp-enabled-no-matter-what-i-do

    https://www-secure.symantec.com/connect/forums/gpo-msi-install-installs-additional-components


  • 5.  RE: Installation package installs all components when I only want antivirus!

    Posted Nov 06, 2009 03:03 PM
    This is something that we've seen in all versions of SEP, both SEP 11 and SEP 12 Small Business Edition, but has been deemed "working as intended".

    Our product, when deployed, uses a file...setaid.ini...which is read and passed to the MSI command line via switches which dictates what to install (and what not to install).  Since GPO deployments call the .msi file itself, there's no reading of setaid.ini, and thus the entire product is installed.

    The resolution for this on SEP 11 is to set a package at the group level.  When the client checks in, the SEPM will compare what it has to what it SHOULD have, then direct the client to remove what shouldn't be there.

    In SEP 12, at least right now, GPO deployments aren't a supported installation method.  They have the same issues, but there's no setting of packages at a group level...so they won't, for example, remove the firewall after the first check-in with the SEPM.

    I can understand the desire to only, say, install antivirus and antispyware with a GPO deployment.  However, this has been deemed to be working as intended.  If you'd like to see this changed, I highly recommend that you post to the Ideas page and let our developers know.


  • 6.  RE: Installation package installs all components when I only want antivirus!

    Posted Jan 22, 2010 04:01 PM
    Thanks for your help