Hi,in a reply to a question by another member of this forum (Frederico) I have touched on this subject before, but unfortunately there hasn't been any reaction yet. Allow me to create a seperate thread about this.I can confirm that in our environment neither McAfee VirusScan Enterprise 8.0i nor 8.5i is detected in the Security Program Updates section of the Schedule Software Updates of SteadyState v. 2.0. The Shared Computer Toolkit v. 1.0 and v. 1.1 had no problem detecting the McAfee security software.The anti-virus software here is managed centrally through the ePolicy Orchestrator Agent (McAfee AutoUpdate) that itself gets updated together with the VirusScan update. I know that the behaviour of this agent has changed recently (with the update to v. 3.6.x) and that it now perhaps controls the anti-virus software in a different way. The advent of v. 3.6.x of the agent was marked by a new System Tray icon (a big red "M") that replaced the blue and red shields that were present there. The new agent possibly interferes with the detection by SteadyState v. 2.0.As a workaround I've used the SCTMcAfeeVirusUpdate.vbs script from the SteadyState scripts folder succesfully as a Custom Updates script at 3:00 am a couple of ays ago.This is not very practical if you need a real Custom Updates script in your environment, but perhaps these scripts can be chained together or controlled by a "super-script".Is there a way to force a Security Program Updates script if the security program in question is not detected correctly by SteadyState?TIA.Jan J.

This is undocumented, but in C:\Program Files\Windows SteadyState\XML is a file called SoftwareUpdates.XML. This file is an XML file that tells SteadyState what registery entires to look for to detect programs and what script to run out of the scripts directory.

Hi, J.C is right that it is the softwareupdate.xml and SCTMcAfeeVirusUpdate.vbs that control the behavior. The steadystate will use softwareupdate.xml to determine what registery entires to look for and which update programs and what script to run out of the corresponding scripts directory. So based on the softwareupdate.xml ,you can check if there is still a registry key "Install Dir" under HKLM>\SOFTWARE\McAfee.com\Agent. The Install Dir key value should point to a directory that contains the program named mcupdate.exe that is responsible for the update. By the way, the current WindowsSteadyState currently detects and includes scriptsfor updating the following security products: Computer Associates eTrust 7.0 McAfee VirusScan Windows Defender TrendMicro 7.0 This feature can work with other antivirus or security products. If you have a desire to use an antivirus or securityproduct other than those listed, you can prepare a signature update scriptfor it as described in your antivirussoftware manual. Signature update scripts can also be run manually. For more information on installing signature updates manually, see the Manually Download and Install Updates section in this handbook. Also you mention that The Shared Computer Toolkit v. 1.0 and v. 1.1 had no problem detecting the McAfee security software., did sct1.x work fine with McAfee VirusScan Enterprise 8.0i or 8.5i? Sincerely, Sammy Yu

Sammy Yu - MSFT wrote: Also you mention that The Shared Computer Toolkit v. 1.0 and v. 1.1 had no problem detecting the McAfee security software., did sct1.x work fine with McAfee VirusScan Enterprise 8.0i or 8.5i?Sammy,we have been using SCT v. 1.0 and SCT v. 1.1 with McAfee VirusScan Enterprise 8.0i since 05/2006 on (now) 67 public access pc's without any problems whatsoever. Since there are, as far as I am aware of, no changes to the update mechanism for v. 8.5i of McAfee VirusScan Enterprise, I wonder why SteadyState does not succeed in detecting McAfee. I'll try to do some testing today with what you and J.C. Doll made public.CU.Jan J.

Jan J. wrote: I'll try to do some testing today with what you and J.C. Doll made public.Dear *.*,I can now confirm that as opposed to the Microsoft Shared Computer Toolkit v. 1.x, that supported anti-virus updates for McAfee VirusScan Enterprise 8.0, out-off-the-box Windows SteadyState v. 2.0 only supports non-Entreprise versions of McAfee VirusScan.If have tested this today with McAfee's VirusScan Plus, VirusScan Enterprise 8.0i and VirusScan Enterprise 8.5i. The net effect of this change is that McAfee VirusScan Enterprise 8.x products are not identified as Security Programs by WSS v. 2.0.To remedy this situation I have adapted file SoftwareUpdates.XML and developped scripts SCTMcAfeeVSE80VirusUpdate.vbs and SCTMcAfeeVSE85VirusUpdate.vbs (see below). Copying these files to the appropriate locations (C:\Program Files\Windows SteadyState\XML and C:\Program Files\Windows SteadyState\Scripts respectively) and subsequently restarting the Windows SteadyState Service will result in the creation of the associated registry settings (in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Computer Toolkit\UpdatableSoftware) and in both VirusScan Enterprise versions being identified correctly by Windows SteadyState.[UPDATE] This morning (July, 4) the modified SoftwareUpdates.XML settings and the McAfee VirusScan Enterprise 8.0i and 8.5i update scripts tested as expected. Both succeeded in bringing the respective mcupdate.exe to execution in quiet update mode. Apart from the associated messages in the McAfee VirusScan Enterprise UpdateLog.txt file, two entries were added to the machine's System Event log by Windows SteadyState:1. EventID 1214: Automatic updates starting Anti-virus and anti-spyware updates.2. EventID 1216: Automatic updates finished Anti-virus and anti-spyware updates.The second event appeared 5 minutes and 19 seconds after the first, which is as expected since a 300000 millisecond delay was programmed in both scripts.HTH.Sincerely,Jan J.File XML\SoftwareUpdates.XML: Code Snippet <?xml version="1.0" encoding="utf-8" ?><!-- --><!-- Windows SteadyState --><!-- Copyright 2007 Microsoft --><!-- --><!-- SoftwareUpdates.XML --><!-- --><!-- This file contains the search strings for anti-virus and other software updates. Do Not Delete! --><!-- --><!-- Adapted for use with McAfee VirusScan Enterprise v. 8.x by Jan J. in July 2007 --><!-- --><softwareupdates><softwareid="eTrust7.0" name="CA eTrust 7.0"detectionPath="SOFTWARE\ComputerAssociates\ScanEngine\Path"detectionName="Engine" append="InoDist.exe"script="SCTeTrust7VirusUpdate.vbs"category="Anti-Virus" /><softwareid="McAfee" name="McAfee VirusScan"detectionPath="SOFTWARE\McAfee.com\Agent"detectionName="Install Dir" append="mcupdate.exe"script="SCTMcAfeeVirusUpdate.vbs"category="Anti-Virus" /><softwareid="McAfeeVSE8.0i" name="McAfee VirusScan Enterprise 8.0i"detectionPath="SOFTWARE\Network Associates\TVD\VirusScan Enterprise\CurrentVersion"detectionName="szInstallDir" append="mcupdate.exe"script="SCTMcAfeeVSE80VirusUpdate.vbs"category="Anti-Virus" /><softwareid="McAfeeVSE8.5i" name="McAfee VirusScan Enterprise 8.5i"detectionPath="SOFTWARE\McAfee\DesktopProtection"detectionName="szInstallDir" append="mcupdate.exe"script="SCTMcAfeeVSE85VirusUpdate.vbs"category="Anti-Virus" /><softwareid="TrendMicro7.0"name="TrendMicro OfficeScan Corporate Edition 7.0" detectionPath="SOFTWARE\TrendMicro\PC-cillin"detectionName="Application Path"append="pccmain.exe"script="SCTTrendMicroAntiVirus.vbs"category="Anti-Virus" /></softwareupdates>File SCTMcAfeeVSE80VirusUpdate.vbs: Code Snippet ' *** ' *** ------------------------------------------------------------------------------' *** Filename: SCTMcAfeeVSE80VirusUpdate.vbs' *** ------------------------------------------------------------------------------' *** Description: McAfee VSE 8.0 Virus Signature Update' *** ------------------------------------------------------------------------------' *** Version: 1.1' *** Notes: Used by Windows Disk Protection' *** ------------------------------------------------------------------------------' *** Copyright (C) Microsoft Corporation 2007, All Rights Reserved' *** ------------------------------------------------------------------------------' *** ' *** Based on SCTMcAfeeVirusUpdate.vbs Version 1.1' *** ' *** Adapted for use with McAfee VirusScan Enterprise 8.0i by Jan J. in July 2007' *** ' ~~~ ' ~~~ Force variables to be declared ' ~~~ Option Explicit' ~~~ ' ~~~ Turn on error handling' ~~~ On Error Resume Next' ~~~ ' ~~~ Declare global variables' ~~~ Dim sMcAfeePath, oShell' ~~~ Create objectsSet oShell = CreateObject("WScript.Shell")' ~~~ Set application pathsMcAfeePath = oShell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\szInstallDir")' ~~~ Download Virus Signaturecall oShell.Run(chr(34) & sMcAfeePath & "\mcupdate.exe" & chr(34) & " /Update /Quiet", 0, True)' ~~~ Wait 5 minutesWScript.Sleep (300000)File SCTMcAfeeVSE85VirusUpdate.vbs: Code Snippet ' *** ' *** ------------------------------------------------------------------------------' *** Filename: SCTMcAfeeVSE85VirusUpdate.vbs' *** ------------------------------------------------------------------------------' *** Description: McAfee VSE 8.5 Virus Signature Update' *** ------------------------------------------------------------------------------' *** Version: 1.1' *** Notes: Used by Windows Disk Protection' *** ------------------------------------------------------------------------------' *** Copyright (C) Microsoft Corporation 2007, All Rights Reserved' *** ------------------------------------------------------------------------------' *** ' *** Based on SCTMcAfeeVirusUpdate.vbs Version 1.1' *** ' *** Adapted for use with McAfee VirusScan Enterprise 8.5i by Jan J. in July 2007' *** ' ~~~ ' ~~~ Force variables to be declared ' ~~~ Option Explicit' ~~~ ' ~~~ Turn on error handling' ~~~ On Error Resume Next' ~~~ ' ~~~ Declare global variables' ~~~ Dim sMcAfeePath, oShell' ~~~ Create objectsSet oShell = CreateObject("WScript.Shell")' ~~~ Set application pathsMcAfeePath = oShell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection\szInstallDir")' ~~~ Download Virus Signaturecall oShell.Run(chr(34) & sMcAfeePath & "\mcupdate.exe" & chr(34) & " /Update /Quiet", 0, True)' ~~~ Wait 5 minutesWScript.Sleep (300000)

Hi Jan, Thanks for the great knowledge sharing. From the adapted .xml file, we can see that the detectionPath and detectionName for the McAfee Enterprise version is different with that of McAfee VirusScan Plus. By the way, if possible, please let us know if the updated scripts work properly or not. I look forward to your update. ---- Sincerely, Sammy Yu

Sammy Yu - MSFT wrote: By the way, if possible, please let us know if the updated scripts work properly or not. I look forward to your update. Sammy,yesterday I updated my previous message to reflect the (positive!) test results. The paragraph in question starts with the string "[UPDATE]".HTH.Jan J.

This is great. Thanks for sharing this.

Hi.Has anyone managed to create a script for the "Symantec Antivirus Corporate Edition"?Program version : 8.00.9374Scan engine version : 4.1.0.15Thank you in advance!

You can refer to JCs script in the following thread: http://forums.microsoft.com/WindowsToolsandUtilities/ShowPost.aspx?PostID=1759844&SiteID=69

Thanks Jan J. for this helpful post. Ive actually removed McAfee 8.5i and Installed 8.0i because it is written in the documentation that it is supported and to my surprise nothing changed but your script has fixed it for me. I am wondering if Sophos Anti-Virus and Kaspersky Anti-Virus (and Internet Security version) have any scripts. My organization has Sophos Anti-Virus installed on thousands of PCs and I will not be able to convince them to adopt Windows StudyState unless I can find such a script. With best regards, Ashraf

I'm having similar problems with Trend Micro's PC-Cillin 2007. SteadyState is able to auto-detect thatthe script it needs to run is for Trend Micro, but it doesn't seem to be actually updating... Has anyone else come upon something similar?

Hi, You can manually run the script to check if there is any update problem. I suspect it's related to the different version. The Handbook states the script support TrendMicro 7.0. It may not work for any other versions. Regards,

Hi, Just thought I'd post a link tomy Sophos script, hope this works for you http://forums.microsoft.com/windowstoolsandutilities/ShowPost.aspx?siteid=69&postid=3562590 Adam

my firewall is on and my auto upodayes but my virus protection will not turn on?????????????

Hi GuysI need advice for configuring Windows SS for Kaspersky Internet security suite 2009..RegardsSri

Hi Jan, Will it work for Trend micro office scan 10. Can you please send the script to send the pop up message at client place to display " AV is updated and Last scan date" also insist user to do manual scan. Regards Satish Kumar