bat script getting killed by trend micro
Well, topic tells it all really.
Need to deploy a series of database scripts during install. Got it all running in a wisescript, which first copies all the files over to the users drive, then tries to run a .bat file which will execute all the sql scripts.
If you make sure you shut down trend before install, it runs with no issues. If Trend micro is running, it immediately blocks access to cmd.exe (no "do you want to allow" dialog, just a "i killed it, did it have any loot for me" - message), which will in turn make the entire install collapse in a state where you can't repair or even uninstall. At this point, i'll get a call from the technician who forgot to turn of trend before install, and have to try to recover from the installation manually.
I hope some of you guys have a suggestion on how to not make Trend blow up and kill the script. Or rather, get the script to run, without Trend killing it.
Need to deploy a series of database scripts during install. Got it all running in a wisescript, which first copies all the files over to the users drive, then tries to run a .bat file which will execute all the sql scripts.
If you make sure you shut down trend before install, it runs with no issues. If Trend micro is running, it immediately blocks access to cmd.exe (no "do you want to allow" dialog, just a "i killed it, did it have any loot for me" - message), which will in turn make the entire install collapse in a state where you can't repair or even uninstall. At this point, i'll get a call from the technician who forgot to turn of trend before install, and have to try to recover from the installation manually.
I hope some of you guys have a suggestion on how to not make Trend blow up and kill the script. Or rather, get the script to run, without Trend killing it.
0 Comments
[ + ] Show comments
Answers (5)
Please log in to answer
Posted by:
anonymous_9363
15 years ago
Why not add a Custom Action to your package to shut down Trend if it's running? On completion, it would run another CA to start it up again. That way, you don't have to rely on manual intervention.
Posted by:
Grubsnik
15 years ago
Hmm, since it's the anti-spyware part of trend that is blocking me from running the bat script, i'm fairly certain, that attempting to shut it down with a custom action would be treated much the same (can't be sure though).
As an added information, it seems that Trend considers opening cmd.exe as "an attempt to modify internet explorer settings"
As an added information, it seems that Trend considers opening cmd.exe as "an attempt to modify internet explorer settings"
Posted by:
anonymous_9363
15 years ago
ORIGINAL: GrubsnikIf it were run in User context that would be true but the System user can do pretty much anything. As always, suck it and see.
i'm fairly certain, that attempting to shut it down with a custom action would be treated much the same (can't be sure though).
Posted by:
Grubsnik
15 years ago
worked like a charm, only one problem, doesn't seem like trend starts back up correctly afterwards. In fact it doesn't really make much difference if i do:
stop trend -> run script -> start trend
or
stop trend -> start trend -> run script
Both runs without issues, excepting ofcourse that the firewall and other security measures don't come back online, until after a reboot.
Since the target machines will often be directly hooked up to the internet (crazy, i know), and the installation also requires a few manual configuration steps after the automated installation is done. Chances are that they will be left without firewall for 30-60 mins, which, if you should believe the latest "honeyjar"-tests, is more than enough to pick up some stuff that you really don't want on your machine.
P.s. We are looking at getting something other than Trend running on the machines, but i still need to fix the current situation.
stop trend -> run script -> start trend
or
stop trend -> start trend -> run script
Both runs without issues, excepting ofcourse that the firewall and other security measures don't come back online, until after a reboot.
Since the target machines will often be directly hooked up to the internet (crazy, i know), and the installation also requires a few manual configuration steps after the automated installation is done. Chances are that they will be left without firewall for 30-60 mins, which, if you should believe the latest "honeyjar"-tests, is more than enough to pick up some stuff that you really don't want on your machine.
P.s. We are looking at getting something other than Trend running on the machines, but i still need to fix the current situation.
Posted by:
anonymous_9363
15 years ago
There *must* be a way to programatically start the Windows firewall. Via WMI perhaps? It would be better than nothing...
EDIT:
Thought so...http://www.activexperts.com/activmonitor/windowsmanagement/scripts/networking/windowsfirewall/
EDIT:
Thought so...http://www.activexperts.com/activmonitor/windowsmanagement/scripts/networking/windowsfirewall/
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.