Upon reviewing my earlier notes on building installers, it appears that I left out some useful info on how to build the darned administrative installation point that I am using to wrap up the patched installer. Since I had the “opportunity” to work on a v10.1.0.400 installer today, I will take this opportunity to actually document my installer builder process:
- open a CMD shell, CD to the SAV directory on the Symantec installation media
- extract the MSI files to a local “administrative installation point”:
msiexec /a "Symantec Antivirus.msi"
- Now, extract any patches downloaded from Symantec and CD to the directory that has the MSP patch file. Execute the following:
msiexec /p "SAVCE-[version].msp" /a [path to admin install point]
- Now, copy the setup.exe, setup.ini, msi installer files, and that .ini file with the funny name from the SAV source directory into the “administrative installation point” directory used above.
- Edit the “setup.ini” file in your admin install point. Modify the product version string to more closely match the version just overlayed onto the installer.
- Copy in your custom SAV installer script. (In our case, we use “instsav.cmd”). Generally I just copy his out of the last production installer. Also grab the sav-managed.txt and sav-unmanaged.txt files from the previous installer. These just contain informational text to be pasted into the self-extracting archive prompt dialogs.
- Now you can wrap the whole directory into a self-extracting archive, which spawns “instsav.cmd” when extraction is complete. Of late, I have been using WinRAR. Since the 10.0.1 builds, I have been extracting the archive to “%SYSTEMDRIVE%SAVInst”, with the option to leave the extracted files in place after installation (thus creating a local installation source). You may note that the instsav.cmd installation script uses this directory path to launch the setup.exe program.
Also note that I have made some significant changes to the instsav.cmd script. Mostly I just deleted unused sections of the script… version 10.1 does not appear to bog down the computer doing “startup scans” and “Definition scans” as earlier versions did, so I am removing the custom registry key imports that halted these scans. Also, I changed the IF NOT ERRORLEVEL 1 clauses to use the syntax “IF %ERRORLEVEL% GEQ 1” instead, as this seems rather easier to understand from a logical perspective, IMO. Anyway, here is the script:
:begin @ECHO OFF ECHO - Symantec Antivirus installation script for the University of Vermont ECHO - version 2.6, by JGM, 2006-05-15 ECHO - This Window will close automatically when installation has completed. REM Script can be altered to allow for either managed or unmanaged client installations. REM For managed installs, UN-comment the "goto endFirewall" line below, and uncomment the appropriate "setup" command line. REM For unmanaged installs, COMMENT OUT the "goto endFirewall" line below, and uncomment the appropriate "setup" command line. REM History: REM V2.3 - changed "reg import" commands to "regedit /s" commands for Windows 2000 compatibility. REM v2.5 - changed setup to generate MSI error log (/le option), and to run out of %SystemDrive%SAVInst dir created by RAR extractor. REM v2.6 - removed the "removeStartScan.reg" procedure after the :endFirewall tag, and an experiment for v10.1.x distribution, cleaned up un-used sections, substituted "IF %errorlevel% GEQ 1" instead of "IF NOT errorlevel 1" as a experiment. REM If performing an unmanaged AntiVirus client installation, uncomment the following line: GOTO endFirewall :OSVer REM Determine if host is running a Windows XP build: set OSVer=notXP ver | find /i "xp" && set OSVer=XP IF NOT %OSVer%==XP GOTO unsupported ELSE goto spLevel :spLevel REM Determines Service Pack Version via registry query: set SPVer=0 REM systeminfo |find "Service Pack 1" && set SPVer=1 REM systeminfo |find "Service Pack 2" && set SPVer=2 reg QUERY HKLMSYSTEMCurrentControlSetControlWindows /v CSDVersion | find "0x200" && set SPVer=2 IF NOT %SPVer%==2 GOTO unsupported ELSE GOTO addRules :addRules ECHO. ECHO. REM Adds firewall exceptions for Windows XP SP2 hosts: ECHO - You have Windows XP Service Pack 2! Let's Go... ECHO - Please wait while firewall exception rules are added... ECHO Adding exception for Symantec Realtime Virus Scan to allow managmenet of SAV Client @netsh firewall add portopening protocol = UDP port = 2967 name = "Symantec RTVScan" mode = ENABLE scope = CUSTOM addresses = LocalSubnet,127.0.0.1,184.108.40.206/16 profile = ALL IF %errorlevel% GEQ 1 ( GOTO failRuleAdd ) ELSE ( ECHO Firewall rule added successfully. ) @netsh firewall add portopening protocol = UDP port = 38293 name = "Intel PDS (Symantec AV)" mode = ENABLE scope = CUSTOM addresses = LocalSubnet,127.0.0.1,220.127.116.11/16 profile = ALL IF %errorlevel% GEQ 1 ( GOTO failRuleAdd ) ELSE ( ECHO Firewall rule added successfully. ) GOTO endFirewall :unsupported ECHO. ECHO. ECHO Your system is not running XP with Service Pack 2. ECHO You do not need firewall exceptions added to your system. GOTO endFirewall :endFirewall ECHO. ECHO. ECHO Deleting log files from previous installations... @del /f /s /q "%ALLUSERSPROFILE%Application DataSymantecSymantec AntiVirus Corporate Edition7.5Logs" IF %errorlevel% GEQ 0 ( ECHO No previous Symantec AV log files needed to be deleted. ) ELSE ( ECHO Symantec AV Log files successfully deleted. ) @del /f /s /q "%ALLUSERSPROFILE%Application DataSymantecNorton AntiVirus Corporate Edition7.5Logs" IF %errorlevel% GEQ 0 ( ECHO No previous Windows 2000/XP Norton AV log files needed to be deleted. ) ELSE ( ECHO Norton 2000/XP AV Log files successfully deleted. ) ECHO. ECHO. ECHO Proceeding with SAV install... REM One of the following two "setup" lines MUST BE COMMENTED OUT! REM installation string for an UNMANAGED client install (intended for off-campus users): "%SystemDrive%SAVInstsetup" /s /qn /V"/qb /le %SystemDrive%SAVInstinstall.err REMOVE=Pop3Smtp,NotesSnapin ADDLOCAL=SAVMain,SAVUI,SAVHelp,QClient,OutlookSnapin NETWORKTYPE=2 RUNLIVEUPDATE=0 SYMPROTECTDISABLED=1" REM installation string for a MANAGED client install (intended for systems that are frequently on-campus): REM "%SystemDrive%SAVInstsetup" /s /qn /V"/qb /le %SystemDrive%SAVInstinstall.err REMOVE=Pop3Smtp,NotesSnapin ADDLOCAL=SAVMain,SAVUI,SAVHelp,QClient,OutlookSnapin NETWORKTYPE=1 SERVERNAME=NORTON2 RUNLIVEUPDATE=0 SYMPROTECTDISABLED=1" ECHO. ECHO. ECHO Product setup complete. GOTO end :failRuleAdd ECHO. ECHO. ECHO Firewall exceptions script failed! ECHO Symantec AntiVirus NOT INSTALLED. ECHO Take your system to Walk-in help. pause GOTO end :end