Microsoft Windows Defender

Version: 1
Views: 3k  |  Created: 02/15/2006

Average Rating: 0
Windows Defender has 1 inventory records, 1 Questions, 0 Blogs and 0 links. Please help add to this by sharing more!

Deployment Tips (15)

Most Common Setup Type
Not Determined
Average Package Difficulty Rating
Rated 2 / 5 (Somewhat Easy) based on 1 ratings
Most Commonly Reported Deployment Method
Repackaged (to a setup.msi)
or cancel
119
Note
Download here: http://www.microsoft.com/athome/security/spyware/software/default.mspx
*This works with beta2 on WindowsXP*

Create a Administrative installation by running msiexec /A "c:\temp\WindowsDefender.msi" then is ask where to put the files, I used c:\temp\Repack.

Now open new WindowsDefender.msi (ex. c:\temp\Repack\WindowsDefender.msi) in ORCA editor

You have to delete several entries:

CustomAction - CHECK_WGA
CustomAction - OtherWGAError
CustomAction - OpenURL
CustomAction - LAUNCH_MY_PROGRAM_PLEASE

and you MUST set this:
Property - LAUNCHPROGRAM = 0

Now you can install this package via GPO :D

* Why to delete CHECK_WGA? Because if You don't delete this, instalation will fail! Don't know why, but all GENUINE windows will abort instalation.
* Why "LAUNCHPROGRAM = 0"? If you set "1" here (default), after installing, Windows Defender will be started in 2 instances. No big problem, but it is better to set "0".

ORCA is part of Windows Server 2003 SP1 Platform SDK.
Setup Information:
Setup Type: unspecified
Deployment Method Used: unspecified
Deployment Difficulty: unspecified
Platform(s): Windows
Please log in to comment
119
Note
Deploy Defender as described by others. Use the supplied ADM-template (should be in %windir%\inf\windowsdefender.adm) to set *some* settings. Copy the adm-template to your DC's inf-folder to make sure it gets deployed properly. Settings that are not listed int he ADM, are not settable according to Microsoft, as Windows Defender is for home-use, or so one would think. Not so!

Use the below data to create a startup-script for deployment over AD/GPO. The registry keys involved have only System Full COntrol-privilegies in the registry, so you can't run it from a CLI while logged in. Only way to set them is at startup, or shutdown, whichever is most appropriate.

Script has been tested and verified to work on WinXP SP2 and WinXP SP2 x64.

Short description:
ScanParameters=Full or quick scan. 2 is Full. Assume 1 is quick [Unverified].

ScheduleDay=what day to run. 5 is Thursday. Monday is 2. Sunday 1.

ScheduleTime=540 (decimal) equals "approx 09.00" hours. 0400hrs equals decimal setting 240, so my guess is that it's 1 per minute. 0401hrs would be "241".

AllowNonAdminFunctionality= Allow non-admins to screw around with the settings. 0 equals don't allow, 1 allow them.

---[cmd-script]---
REG ADD "HKLM\vSOFTWARE\Microsoft\Windows Defender\Scan" /v ScanParameters /d 2 /t REG_DWORD /f
REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Scan" /v ScheduleDay /d 5 /t REG_DWORD /f
REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Scan" /v ScheduleTime /d 540 /t REG_DWORD /f
REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\UX Configuration" /v AllowNonAdminFunctionality /d 0 /t REG_DWORD /f
---[/cmd-script]---

Note! Make sure each reg add-line is one line. It should not be split!
Setup Information:
Setup Type: unspecified
Deployment Method Used: unspecified
Deployment Difficulty: unspecified
Platform(s): Windows
Please log in to comment
118
Note
One more thing:

Property - AgreeToLicense must be set to "Yes". Once you set this up you're ready to install!
Setup Information:
Setup Type: unspecified
Deployment Method Used: unspecified
Deployment Difficulty: unspecified
Platform(s): Windows
Please log in to comment
117
Note
Above instructions works fine on WinXP and later. Win2k requires a an extra download of the gdiplus.dll from Microsofts web. Read about this and get the dll here http://support.microsoft.com/kb/915052/en-us.

I used the below script to deploy the gdiplus.dll, over AD using a GPO, to all my Win2k-clients. The autoinstall went fine after that.

---
if not exist "\\%computername%\c$\program files\windows defender" goto fix else goto end

:fix
"\\servershare\msi\Windows Defender Beta2\robocopy" "\\servershare\msi\Windows Defender Beta2" "%windir%\system32" gdiplus.dll /R:1 /W:5

:end
---

HTH.
Setup Information:
Setup Type: unspecified
Deployment Method Used: unspecified
Deployment Difficulty: unspecified
Platform(s): Windows
Please log in to comment
117
Note
Thanks for posting those msi edits. Regarding the Windows Genuine fix - I've noticed on my workstation and on my test VM machines that I am using to develop deployment of WinDefender that a folder is contained within ..\All Users\Application Data\Microsoft called Windows Geniune Advantage which contains a *.dat file. Machines with that folder have had successful WinDefender installs from my msiexec tests. Most likely it fails on machines that haven't had WGA installed.

Non-issue since the edited MSI seems to fix the problem. Anyway, great info here - saved me some time as well as pointing out things I had not thought of.
Setup Information:
Setup Type: unspecified
Deployment Method Used: unspecified
Deployment Difficulty: unspecified
Platform(s): Windows
Please log in to comment
117
Note
Worked great! I deployed this with no problem -- Well almost no problem. Client machines aren't updating def's. I've got an error similar to the one I had installing on a standalone machine.

Windows Defender was unable to complete the update: 0x8024022. The wrong diskette is in the drive. Inservat %2 (Volume Serial Number: %3) into drive %1.

If I can get past this without physically going to each machine... I'll post up my findings.
Setup Information:
Setup Type: unspecified
Deployment Method Used: unspecified
Deployment Difficulty: unspecified
Platform(s): Windows
Please log in to comment
117
Note
Thanks for all the above information. I have Defender installing by Group Policy without errors. I admit to using two entries in Group policy, WindowsDefender.msi and AS_Sigs.MSI

This gives me a single hit install as I use WSUS to distribute the new definitions and have had no problems in this area.
Setup Information:
Setup Type: unspecified
Deployment Method Used: unspecified
Deployment Difficulty: unspecified
Platform(s): Windows
Please log in to comment
117
Note
Validation fails on the package unless you also remove the following:

InstallExecuteSequence - CHECK_WGA
InstallExecuteSequence - OtherWGAError
InstallExecuteSequence - LAUNCH_MY_PROGRAM_PLEASE
Setup Information:
Setup Type: unspecified
Deployment Method Used: unspecified
Deployment Difficulty: unspecified
Platform(s): Windows
Please log in to comment
117
Note

This does not work with the latest final version of Windows Defender 1.1.1593.0

Setup Information:
Setup Type: unspecified
Deployment Method Used: unspecified
Deployment Difficulty: unspecified
Platform(s): Windows
Please log in to comment
117
Note

I just tried the above instructions with the latest release of Defender (1.1.1593) and it deployed through GPO without a hitch.

Setup Information:
Setup Type: unspecified
Deployment Method Used: unspecified
Deployment Difficulty: unspecified
Platform(s): Windows
Please log in to comment
117
Note
Once installed, you can also script the update of the definitions and engine. Add a /q onto the exe file for silent mode.

They are usually posted here within a days time
Setup Information:
Setup Type: unspecified
Deployment Method Used: unspecified
Deployment Difficulty: unspecified
Platform(s): Windows
Please log in to comment
117
Note
To get version 1.1.1592.0 to install on Windows 2000:

Delete VersionNT > 500 from LaunchCondition

You'll need to have SP4, Windows Installer 3.1, and KB891861 (the Post SP4 Roll-Up) already installed or you will have problems. I tried 1.1.1593.0 and got Defender to install, but I don't know if it is working properly - 1.1.1592.0 works fine.
Setup Information:
Setup Type: unspecified
Deployment Method Used: unspecified
Deployment Difficulty: unspecified
Platform(s): Windows
Please log in to comment
117
Note
Installing the latest updates after installing Windows Defender

Manually download the latest definition updates for Windows Defender ( http://go.microsoft.com/fwlink/?linkid=70631 ). Then you get the file mpas-fe.exe. Rename the file to mpas-fe.zip and extract.

Run mpsigstub.exe (just double-click to install , no switches are needed)

My installer:

START /WAIT MSIEXEC /I "WindowsDefender.msi" REBOOT=SUPPRESS /QB
ping -n 7 localhost > nul: ( to give Windows Defender enough time to start up )
START /WAIT TASKKILL /IM MSASCui.exe /F ( close windows defender pop-up )
START /WAIT mpsigstub.exe
Setup Information:
Setup Type: unspecified
Deployment Method Used: unspecified
Deployment Difficulty: unspecified
Platform(s): Windows
Please log in to comment
0
Note
Go to the directory '%AllUsersProfile%\Application Data\Microsoft\Windows Defender\Definition Updates\{...}' and copy the files mpasbase.vdm, mpasdlta.vdm and mpengine.dll to the administration point, directory 'Application Data\Microsoft\Windows Defender\Definition Updates\Default'.

You'll than have a patched Windows Defender installation.
Setup Information:
Setup Type: unspecified
Deployment Method Used: unspecified
Deployment Difficulty: unspecified
Platform(s): Windows
Please log in to comment
0
Note
When I edited the MSI as recommended, not all of the WGA entries were there to delete. In order to avoid the WGA dialog box, I had to change the following entries in the ControlEvent table:

InstallWelcome > Next > Change Argument from "CheckWGA" to "License Agreement"

LicenseAgreement > Next > Change Argument from "CheckWGA" to "InstallWelcome"

I also built an MST to avoid joining SpyNet.
Setup Information:
Setup Type: unspecified
Deployment Method Used: unspecified
Deployment Difficulty: unspecified
Platform(s): Windows
Please log in to comment

Inventory Records (1)

View inventory records anonymously contributed by opt-in users of the K1000 Systems Management Appliance.

Versions

Windows Defender

Version

1

Questions & Answers (1)

Questions & Answers related to Microsoft Windows Defender

4
ANSWERS

Blogs (0)

Blog posts related to Microsoft Windows Defender

Reviews (0)

Reviews related to Microsoft Windows Defender