5 Replies Latest reply on Oct 12, 2011 11:30 AM by sokam

    Applying ####xdat.exe updates by script on Win2003 and WinXP

      Whilst developing a script to update clients in a 'closed' system i.e. no internet access, I encountered the following deficiencies inherent in the supredat updater  executables for the above operating systems. For updates applied by users with non administrator rights McAfee virusscan was blocking the update process so the ####xdat.exe could not change the installation files. On removal of the offending rules a further problem was encountered; folder  c:\Program Files\Common Files\McAfee\Engine required that local domain users were granted write access. Once all the above is completed the McAfee ####xdat.exe succeeds in updating the virus definition files. The whole process will work OK for an administrator without the above changes but not for non-admin users. The original error was: Error:Unable to backuup existing file. Not enough rights.:Line 12,  c.f. KB54577. This is most certainly erroneous behaviour. We do not use EPO, we also require that users run the updates interactively as part of a logon process (a log is recorded for each time the updater is invoked in the instance that the end user cancels the installation, the installation is attempted on logon if the available updates are more recent than the installed version. Access to a replicated repository is also not possible as this system is a secure 'closed' environment. I suggest a fix is applied ASAP.

       

      Regards

       

       

       

        • 1. Re: Applying ####xdat.exe updates by script on Win2003 and WinXP
          jmcleish

          What about scripting it somehow to run under an admin account?

           

          I have a  similar situation- a closed environment with no access to our lan.

           

          Do you use ePO at all?

          Because if so then you could use ePO to create a repository that only has dat, engine and BO updates and copy all the files in that manually to a local machine then setup each machine to look at that directory as their unc repo.

           

          Bit longwinded- but it does work.

          • 2. Re: Applying ####xdat.exe updates by script on Win2003 and WinXP

            We do not use ePO.

             

            However, I worked out a method using WMI to schedule a job on the client machine that calls my VBScript and runs under NT_AUTHORITY\SYSTEM, this has sufficient authority to complete the job without the previously mentioned changes to folder access and McAfee rules.

            • 3. Re: Applying ####xdat.exe updates by script on Win2003 and WinXP
              sokam

              jabberwoky,

               

              I am facing a similar issue and was wondering whether you can share your solution of using WMI to schedule a job on the client machine that calls my VBScript and runs under NT_AUTHORITY\SYSTEM

              • 4. Re: Applying ####xdat.exe updates by script on Win2003 and WinXP

                sokam,

                 

                To get things to work, I used a batch file  with

                 

                schtasks /create /ru "NT AUTHORITY\SYSTEM" /tn "Security Script" /tr C:\Archive\debugjob.vbs /sc ONSTART

                 

                obviously change the vbs target. This gets it running on the machine after it has started up and before anybody logs in. You could also add a job to run regularly at a specified time as the machine may be 'on' for some days on end!

                 

                NOTE! Your vbs will have to monitor for services having been started, i.e. the last ones if possible. I monitored for the 'logon' service before I ran the .exe updater, one of the last services to start is the 'spooler' service. You need services running before you can do the update!! I did all this eventually in C# but it is possible in vbs. In my case the program just looked in a set folder for an updater file, got the version number from it checked the McAfee version from the registry and if the updater was newer I ran the .exe. If you install your script on your machines all you need to ensure is that the folder gets updated with new .exe's now and again as required.  The start up job was mainly for the server, on clients you could just add a logon job and the update is run on logon if it is a new update!!

                 

                 

                That should sort you out!!

                 

                Regards

                • 5. Re: Applying ####xdat.exe updates by script on Win2003 and WinXP
                  sokam

                  Hi Jabberwoky,

                   

                  Apologies for the delay in acknowledging your response. Thanks for sharing with me your experience.

                  Unfortunately I have no vb skills - can you please send me a an example of your script so that I can modify it for my environment?

                   

                  Thanks