I was finishing off a domain migration this week and was changing the clients over to McAfee. On one machine I found it had Symantec AntiVirus. When I tried to remove it, it asked for a password.
One of the other machines had Symantec Endpoint Protection installed and this did the same.
As expected, no one knew what this password was, and the default password ‘symantec’ didn’t work.
Solution
The same fix worked for both of them, and its painfully easy. While still being asked for the password, do the following.
1. Launch Task Manager, (Press Ctrl+Alt+Delete, Or right click the taskbar, or simply run Taskmgr.exe).
2. Select the processes tab, Locate the MSIEXEC.EXE service. Note: There may be more than one, if so select the one that running under the user account that you a logged on as DO NOT select it is it is running under the SYSTEM account. End the process.
3. Now the password request box will have disappeared, and the uninstall process will complete on its own.
Related Articles, References, Credits, or External Links
I’ve known about the Eicar test virus ever since I started installing CSC modules. But until recently I didn’t realise you could test your AntiSpam system as well.
Solution
Test Your AntiVirus Device/Software
1. Open a text editor and paste in the following text, (make sure you don’t add any extra spaces or formatting).
2. Save the file as eicar.com (Note: If using notepad (as below), change the file type to ‘all files’, so it does not save as eicar.com.txt).
2. Then simply email that file to the recipient mailbox that is protected by the system you want to test.
Test Your AntiSpam Device/Software
1. Compose a new email message and and paste in the following text into the body of the message, (make sure you don’t add any extra spaces or formatting).
FEP is Microsoft’s offering for antivirus, try to think of it as the corporate version of Security Essentials. Just about everything on the net for managing it seems to be geared to managing it with SCCM. Which is fine if you have SCCM, but what if you don’t? Thankfully you can manage it with group policy, even if information on how to do it is rarer than hens teeth!
With a Microsoft CoreCAL you can use the FEP client, so if you already have CoreCALs, then it’s a solution that can save you some cash on your corporate AV strategy.
Solution
Installing Forefront Endpoint Protection
The client software is available in x64 and x86 bit flavours, it is installed from a single executable (FEPInstall.exe). There is no MSI installer (yeah thanks Microsoft!) So if you want to roll it out on mass, you need to either install it using a startup script, include the software in your ‘Master/Golden Image’ and re-image you machines, or tear your hair out trying to work out SCCM.
Managing Forefront Endpoint Protection with Group Policy
1. First you need to download the policy definitions, copy the FEP2010.admx file to %Systemroot%PolicyDefinitions.
2. Then copy the FEP2010.adml file to %Systemroot%PolicyDefinitionsEN-US
Creating a Group Policy Central Store
3. If you have all your ADMX policy definitions in a central location, all your clients can use them. The correct place for them is in the sysvol directory, in a folder called policies (this is where your clients read their group policies from). To create the directory issue the following command;
Here you will find the policy settings you require.
7. When you are controlling settings via GPO this is what you will see on the client machines.
Importing and Exporting Forefront Policy Settings
8. From the files you extracted earlier locate and run the FEP2010GPTool.exe. From here you can import and export all the policy settings from a particular group policy. Microsoft have published a set of policy settings which you can download for various server roles.
Note: By default each policy you import will merge with the existing settings in the GPO, unless you tick the “clear the existing Forefront Endpoint Protection settings before import” option.
Updates for Forefront Endpoint Protection
9. Windows uses it’s existing ‘Windows updates’ path for getting updates. If you have a WSUS server you will need to enable the updates in the ‘Products and Classifications’ section.
10. If you DONT have WSUS but you are behind a proxy, you can manage FEP proxy settings from the following policy.
Related Articles, References, Credits, or External Links
I had a client with a broken Groupshield 6 installation today, and his main concern was his disclaimers. (You can longer get Groupshield 6 so I had to install version 7).