Well, topic tells it all really.

Need to deploy a series of database scripts during install. Got it all running in a wisescript, which first copies all the files over to the users drive, then tries to run a .bat file which will execute all the sql scripts.

If you make sure you shut down trend before install, it runs with no issues. If Trend micro is running, it immediately blocks access to cmd.exe (no "do you want to allow" dialog, just a "i killed it, did it have any loot for me" - message), which will in turn make the entire install collapse in a state where you can't repair or even uninstall. At this point, i'll get a call from the technician who forgot to turn of trend before install, and have to try to recover from the installation manually.

I hope some of you guys have a suggestion on how to not make Trend blow up and kill the script. Or rather, get the script to run, without Trend killing it.
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
Why not add a Custom Action to your package to shut down Trend if it's running? On completion, it would run another CA to start it up again. That way, you don't have to rely on manual intervention.
Answered 06/04/2008 by: VBScab
Red Belt

Please log in to comment
0
Hmm, since it's the anti-spyware part of trend that is blocking me from running the bat script, i'm fairly certain, that attempting to shut it down with a custom action would be treated much the same (can't be sure though).

As an added information, it seems that Trend considers opening cmd.exe as "an attempt to modify internet explorer settings"
Answered 06/04/2008 by: Grubsnik
Yellow Belt

Please log in to comment
0
ORIGINAL: Grubsnik
i'm fairly certain, that attempting to shut it down with a custom action would be treated much the same (can't be sure though).
If it were run in User context that would be true but the System user can do pretty much anything. As always, suck it and see.
Answered 06/04/2008 by: VBScab
Red Belt

Please log in to comment
0
worked like a charm, only one problem, doesn't seem like trend starts back up correctly afterwards. In fact it doesn't really make much difference if i do:
stop trend -> run script -> start trend
or
stop trend -> start trend -> run script

Both runs without issues, excepting ofcourse that the firewall and other security measures don't come back online, until after a reboot.
Since the target machines will often be directly hooked up to the internet (crazy, i know), and the installation also requires a few manual configuration steps after the automated installation is done. Chances are that they will be left without firewall for 30-60 mins, which, if you should believe the latest "honeyjar"-tests, is more than enough to pick up some stuff that you really don't want on your machine.

P.s. We are looking at getting something other than Trend running on the machines, but i still need to fix the current situation.
Answered 06/04/2008 by: Grubsnik
Yellow Belt

Please log in to comment
0
There *must* be a way to programatically start the Windows firewall. Via WMI perhaps? It would be better than nothing...

EDIT:
Thought so...http://www.activexperts.com/activmonitor/windowsmanagement/scripts/networking/windowsfirewall/
Answered 06/04/2008 by: VBScab
Red Belt

Please log in to comment
Answer this question or Comment on this question for clarity