SAV 10 installer, redux

What a pain! Our testers still report problems with SAV 10.0.1 installers. High CPU, disk thrashing, scheduled scans kicking off without permission…

Several fixes. First off, I generated a fancy new install script:

:begin
@ECHO OFF
ECHO – Symantec Antivirus installation script for the University of Vermont

  • ECHO – version 2.1, by JGM, 2005-10-17
    ECHO – This Window will close automatically when installation has completed.
    REM Script can be altered to allow for either managed or unmanaged client installations.
    REM For managed installs, UN-comment the “goto endFirewall” line below, and uncomment the appropriate “setup” command line.
    REM For unmanaged installs, COMMENT OUT the “goto endFirewall” line below, and uncomment the appropriate “setup” command line.

    REM If performing an unmanaged AntiVirus client installation, uncomment the following line:
    REM GOTO endFirewall

    :OSVer
    REM Determine if host is running a Windows XP build:
    set OSVer=notXP
    ver | find /i “xp” && set OSVer=XP
    IF NOT %OSVer%==XP GOTO unsupported ELSE goto spLevel

    :spLevel
    REM Determines Service Pack Version via registry query:
    set SPVer=0
    REM systeminfo |find “Service Pack 1” && set SPVer=1
    REM systeminfo |find “Service Pack 2” && set SPVer=2
    reg QUERY HKLMSYSTEMCurrentControlSetControlWindows /v CSDVersion | find “0x200” && set SPVer=2
    IF NOT %SPVer%==2 GOTO unsupported ELSE GOTO addRules

    :addRules
    ECHO.
    ECHO.
    REM Adds firewall exceptions for Windows XP SP2 hosts:
    ECHO – You have Windows XP Service Pack 2! Let’s Go…
    ECHO – Please wait while firewall exception rules are added…
    ECHO Adding exception for Symantec Realtime Virus Scan to allow managmenet of SAV Client
    netsh firewall add portopening protocol = UDP port = 2967 name = “Symantec RTVScan” mode = ENABLE scope = CUSTOM addresses = LocalSubnet,127.0.0.1,132.198.0.0/16 profile = ALL
    netsh firewall add portopening protocol = UDP port = 38293 name = “Intel PDS (Symantec AV)” mode = ENABLE scope = CUSTOM addresses = LocalSubnet,127.0.0.1,132.198.0.0/16 profile = ALL
    IF NOT errorlevel 1 (
    ECHO All firewall rules added successfully.
    ) ELSE (
    GOTO failRuleAdd
    )
    GOTO endFirewall

    :unsupported
    ECHO.
    ECHO.
    ECHO Your system is not running XP with Service Pack 2.
    ECHO You do not need firewall exceptions added to your system.
    GOTO endFirewall

    :endFirewall
    REM If installing an unmanaged AntiVirus client, installation may begin here.
    ECHO.
    ECHO.
    ECHO Altering registry to remove and prevent automatic system scans…
    reg import RemoveStartScan.reg
    IF NOT errorlevel 1 (
    ECHO Registry settings imported successfully.
    ) ELSE (
    GOTO failRSS
    )
    ECHO.
    ECHO.
    ECHO Deleting log files from previous installations…
    del /f /q “%ALLUSERSPROFILE%Application DataSymantecSymantec AntiVirus Corporate Edition7.5Logs*.*”
    IF NOT errorlevel 1 (
    ECHO Symantec AV Log files successfully deleted.
    ) ELSE (
    ECHO No previous Symantec AV log files needed to be deleted.
    )
    del /f /q “%ALLUSERSPROFILE%Application DataSymantecNorton AntiVirus Corporate Edition7.5Logs*.*”
    IF NOT errorlevel 1 (
    ECHO Norton 200/XP AV Log files successfully deleted.
    ) ELSE (
    ECHO No previous Windows 2000/XP Norton AV log files needed to be deleted.
    )
    del /f /q “%PrograFiles%Norton AntiVirusLogs*.*”
    IF NOT errorlevel 1 (
    ECHO Windows 9x Log files successfully deleted.
    ) ELSE (
    ECHO No previous Windows 9x Norton AV log files needed to be deleted.
    )
    ECHO.
    ECHO.
    ECHO Proceeding with SAV install…
    REM One of the following two “setup” lines MUST BE COMMENTED OUT!
    REM installation string for an UNMANAGED client install (intended for off-campus users):
    REM setup /s /qn /V”/qr REMOVE=Pop3Smtp,NotesSnapin ADDLOCAL=SAVMain,SAVUI,SAVHelp,QClient,OutlookSnapin NETWORKTYPE=2 RUNLIVEUPDATE=1″
    REM **This does not work!*** IF NOT errorlevel 1 GOTO setupFail
    REM installation string for a MANAGED client install (intended for systems that are frequently on-campus):
    setup /s /qn /V”/qr REMOVE=Pop3Smtp,NotesSnapin ADDLOCAL=SAVMain,SAVUI,SAVHelp,QClient,OutlookSnapin NETWORKTYPE=1 SERVERNAME=NORTON2 RUNLIVEUPDATE=1″
    REM **This does not work!*** IF NOT errorlevel 1 GOTO setupFail
    ECHO.
    ECHO.
    ECHO Product setup complete,
    ECHO Now attempting registry alterations to prevent Definitions scans…
    reg import DefwatchQSOff.reg
    IF NOT errorlevel 1 (
    ECHO Registry settings imported successfully.
    ) ELSE (
    GOTO FailPDQS
    )
    GOTO end

    :failRuleAdd
    ECHO.
    ECHO.
    ECHO Firewall exceptions script failed!
    ECHO Symantec AntiVirus NOT INSTALLED.
    ECHO Take your system to Walk-in help.
    pause
    GOTO end

    :failRSS
    ECHO.
    ECHO.
    ECHO “RemoveStartScan” registry import failed!
    ECHO Symantec AntiVirus NOT INSTALLED.
    ECHO Take your system to Walk-in help.
    pause
    GOTO end

    :setupFail
    ECHO.
    ECHO.
    ECHO Oh No! Symantec setup program failed to complete!
    ECHO Symantec AntiVirus NOT INSTALLED.
    ECHO Take your system to Walk-in help.
    pause
    GOTO end

    :failPDQS
    ECHO.
    ECHO.
    ECHO “DefwatchQSOff” registry import failed,
    ECHO but Symantec AntiVirus has been installed.
    ECHO If you experience major system performance degradation,
    ECHO please take your system to Walk-in help.
    pause
    GOTO end

    :end

  • Changes from previous scripts are:

    1. integration of managed and unmanaged installer scripts in same file – change the comments to change the install method.
    2. attempts at error capturing using IF/Then/Goto
    3. integration of script into one file (sans .reg import files)
    4. added DefwatchQSOff.reg import to the script, moved to end of script
    5. Now using “removestartscan.reg” to kill startup scans… seems to work.
    6. not allowing installation of POP3SMTP plugin
    7. using “setup.exe” with command line options, rather than msiexec. This avoids the need to create separate installers for upgrade vs. new install
    8. Integrated 10.0.1.1007 patch into the installer (by extracting original .MSI to an “administrative install point”, then using the msiexec patch commands on the admin install point).
    Advertisements