[font="trebuchet ms"]Patching Forefront antivirus for a single site.
[font="trebuchet ms"]This will show you how to automate the download of The Microsoft Forefront Client Security then script it using the K1000 to deploy definition updates without having to use WSUS. Keep in mind this doesnt work with replication since it is on a file server but you could have this running on multiple file servers in different locations and have seperate scripts for different labels.
[font="trebuchet ms"]Download wget from [font="trebuchet ms"]http://gnuwin32.sourceforge.net/packages/wget.htm[font="trebuchet ms"] and install the setup then take the files mentioned below and paste them into the C:\windows folder on a file server to allow you to download the update files to a network share.
[font="trebuchet ms"]The files that you need to copy are
[font="trebuchet ms"]libeay32.dll, libiconv2.dll, libintl3.dll, libssl32.dll, wget.exe
[font="trebuchet ms"]Create a batch file for 64 bit and the 32 bit forefront download (see example below for 32 bit)[font="trebuchet ms"]

  • [font="courier new"]set http_proxy=http://proxy.com.au:8080[/align]

    • If you have a proxy server in your environment use this line to set the proxy environment variable.[/align]

  • [font="courier new"]net use X: \\server\share /user:username password[/align]

    • [font="courier new"]
      Maps a network drive using a specific users credential[/align]

  • [font="courier new"]
    [font="courier new"]del X:\mpam-fe.exe[/align]

    • [font="courier new"][font="courier new"]
      [font="courier new"]This deletes the existing file mpam-fe.exe file to be replaced by the new file downloaded from the Microsoft site. [/align]

  • [font="courier new"][font="courier new"][font="courier new"]
    wget -A exe -P X:\ http://go.microsoft.com/fwlink/?LinkID=87342&clcid=0x409[/align]

    • [font="courier new"][font="courier new"][font="courier new"]
      This commands downloads the mpam-fe.exe file from Microsoft site to the X:\ location[/align][font="trebuchet ms"]

[font="trebuchet ms"]The entire script named forefrontx86.bat
[font="trebuchet ms"]
[font="trebuchet ms"]set http_proxy=http://proxy.com.au:8080
[font="trebuchet ms"]net use X: \\server\share /user:username password
[font="trebuchet ms"]del X:\mpam-fe.exe
wget -A exe -P X:\ http://go.microsoft.com/fwlink/?LinkID=87342&clcid=0x409
[font="trebuchet ms"]
[font="trebuchet ms"]The entire script named Forefrontx64.bat
[font="trebuchet ms"]
[font="trebuchet ms"]set http_proxy=http://proxy.com.au:8080
[font="trebuchet ms"]net use X: \\server\share /user:username password
[font="trebuchet ms"]del X:\mpam-fex64.exe
wget -A exe -P X:\ http://go.microsoft.com/fwlink/?LinkID=87341&clcid=0x409
[font="trebuchet ms"]
[font="trebuchet ms"]These scripts can then be scheduled using scheduled tasks.
[font="trebuchet ms"]
[font="trebuchet ms"]Once these batch files are run they will download the mpam-fex64.exe and mpam-fe.exe files to the location specified.
[font="trebuchet ms"]
[font="trebuchet ms"]Then on the K1000 create an online k-script that performs the following tasks. Use the [font="trebuchet ms"]\\servername\share[font="trebuchet ms"] where the above files are stored in the script below.
[font="trebuchet ms"]The reason for the online k-script is so that you can use the runas and run the command as a user that has permission to this share.
[font="trebuchet ms"]( See the attached file for the script)
[font="trebuchet ms"]You can then add the labels that you want this script to run on and schedule this script to run at the interval that suites your requirements.
[font="trebuchet ms"]The –q at the end of the definition update is a silent install of the updates.
[font="trebuchet ms"]
[font="trebuchet ms"]-Jonathonv-

0 Comments   [ - ] Hide Comments


Please log in to comment

There are no answers at this time
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
Answer this question or Comment on this question for clarity