12 Replies Latest reply on Aug 21, 2015 7:52 AM by jaericho

    Script AV install with RunOnce

    jaericho Apprentice

      I'm trying to write a script that will assist our help desk fix some issues with the AV install. I want a simple script to uninstall LDAV, reboot, and reinstall LDAV on the next login. However, I can't seem get install portion to be triggered on the next login. I'm trying to use a registry key in RunOnce. The registry key does get processed as the it disappears from RunOnce at login, but vulscan doesn't show up and I'm not seeing it run in taskmanager (in case it's just hidden).

       

      We're running LDMS 9.6 SP1.

       

      Here's the basic script so far:

      REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v InstallAV /d "\"%LDMS_LOCAL_DIR%\..\vulscan.exe\" /installav /showui" /f

      "%LDMS_LOCAL_DIR%\..\vulscan.exe" /removeav /showui /noreboot

      shutdown -r -t 0

        • 1. Re: Script AV install with RunOnce
          Sebastien.Felix SupportEmployee

          Hi Jaericho,

          Did you read this article; https://community.landesk.com/support/docs/DOC-6621

          Why don't you run the uninstall script (...\vulscan.exe /removeav /showui)? Don't forget to use an local admin or system account.

          Thereafter, you can come back to the LDMS Console > Security and Compliance > Agent Settings > Click on the little calendar button and choose "Install/Update Security components..." and follow the options > It will create a schedule task.

          You will also notice that there is an option under this little calendar called "Remove Security components...."

          I hope it will help,

          Good luck

          Sebastien.

          • 2. Re: Script AV install with RunOnce
            jaericho Apprentice

            Thank you. I did read that and I can get the AV to uninstall properly, but the issue is that I can't get the AV to install via the RunOnce key.

             

            I wanted to make a script because having our level 1 Help Desk run through the "Install/Update Security components..." seems a bit much. I thought a script to uninstall, reboot, reinstall from one step would be easier. (I have to make their lives as easy as possible, or it all comes back to me. )

            • 3. Re: Script AV install with RunOnce
              Sebastien.Felix SupportEmployee

              Hi Jaericho,

              See article How To: Troubleshoot LANDESK Antivirus

              I also did it on my lab with the runonce registry key and indeed it seems to fail but I'd like to know if you have a similar issue. Please look at your client, and open the file C:\programdata\Landesk\log\installav.log and tell me if you have the following logs;

              Thu, 20 Aug 2015 01:58:19 Installing LANDESK Antivirus client

              Thu, 20 Aug 2015 01:58:19 Done

              Thu, 20 Aug 2015 01:58:21 ERROR: Installation failed. C:\Program Files (x86)\LANDesk\LDClient\antivirus\LDAV.exe /install /interactive (0x8DB301C0)

              Thu, 20 Aug 2015 01:58:21 Last status: Failed: LANDESK Antivirus msi failed (0x8DB301C0)

              Thu, 20 Aug 2015 01:58:21 AV: Failed to install Kav client.

              Thu, 20 Aug 2015 01:58:21 Failed: LANDESK Antivirus msi failed (0x8DB301C0)

              Thu, 20 Aug 2015 01:58:21 In SendRequest: Action = SOAPAction: "http://tempuri.org/SetPatchInstallStatus2"

              Thu, 20 Aug 2015 01:58:21 SendRequest: SOAPAction: "http://tempuri.org/SetPatchInstallStatus2"

              Thu, 20 Aug 2015 01:58:21 Success

              Thu, 20 Aug 2015 01:58:21 Last status: Failed

              Thu, 20 Aug 2015 01:58:21 Failed

              Thu, 20 Aug 2015 01:58:21 Releasing scan mutex

              Thu, 20 Aug 2015 01:58:21 Failed

              Thu, 20 Aug 2015 01:59:02 ClosePipes

              Thu, 20 Aug 2015 01:59:02 Exiting with return code 0x8db301c0 (448).

               

              Thanks, Sebastien.

               

               

              Other interesting links;

              Can't install the AV client on a machine

              How to Install the LANDesk AV bypassing the Incompatibility check

              • 4. Re: Script AV install with RunOnce
                Sebastien.Felix SupportEmployee

                Also, when installing the LandeskAV, it will run an msi, and you can find the logs of this msi on the client in %temp%\kl-install-####.log

                • 5. Re: Script AV install with RunOnce
                  jaericho Apprentice

                  I took an existing test VM, uninstalled LDAV with vulscan, cleared out the AV log files from c:\programdata\landesk\logs and from %temp%. Then I added my registry key, the same one as above, and rebooted. After logging back in, the registry key is gone so Windows must have processed it, but I see nothing pertaining to AV in any of the logs. I have no new installav.log or kl-install-####.log files.

                   

                  I have also tried the same registry key without /showui just in case that would help.

                  • 6. Re: Script AV install with RunOnce
                    jaericho Apprentice

                    I've made some progress. It appears Windows doesn't like the environment variable in the reg key.

                     

                    This appears to install the AV: REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v InstallAV /d "\"C:\Program Files\LANDesk\LDClient\vulscan.exe\" /installav /showui" /f

                     

                    I don't know if it will be successful yet as it's installing as I type this. But it's a start.

                    • 7. Re: Script AV install with RunOnce
                      Sebastien.Felix SupportEmployee

                      Wait, yesterday, I forgot to tell you, but I typed %LDMS_LOCAL_DIR% in a CMD box, and it appeared to be "C:\Program Files\LANDesk\LDClient\Data\" so I used the full path like you mentioned, still the issue. Do you have the same thing in CMD?

                      Indeed the /f switch will force to install the A/V even if an old A/V is more or less uninstalled. Does it work for you now?

                      • 8. Re: Script AV install with RunOnce
                        Sebastien.Felix SupportEmployee

                        On the Roadmap, on LDMS 10.0 apparently.

                        • 9. Re: Script AV install with RunOnce
                          jaericho Apprentice

                          I tried to add \..\vulscan.exe thinking it would pop up a dir and still work but it doesn't.

                           

                          The /f switch is to overwrite the registry key if it already exists in the RunOnce key.

                          • 10. Re: Script AV install with RunOnce
                            Sebastien.Felix SupportEmployee

                            Sorry this last comment was not for this discussion

                            • 11. Re: Script AV install with RunOnce
                              Sebastien.Felix SupportEmployee

                              Jaericho, did you try to manually create the String registry key in runonce with "C:\Program Files\LANDesk\LDClient\vulscan.exe\" /installav /showui and see what happens?

                              I suppose you are dealing with some 32bits clients according to the path mentioned for this test?

                              You still don't see anything happpening when you restart the machine and login? No User Interface is appearing?


                               

                              1 of 1 people found this helpful
                              • 12. Re: Script AV install with RunOnce
                                jaericho Apprentice

                                Jaericho, did you try to manually create the String registry key in runonce with "C:\Program Files\LANDesk\LDClient\vulscan.exe\" /installav /showui and see what happens?

                                 

                                Yes. Using the full path without the environment variable works. That will probably be what I use.

                                 

                                After doing more test I've found out:

                                1. RunOnce key doesn't like environment variables in the registry key value.
                                2. When I use REG ADD in CMD it will expand the environment variables when it creates the registry key.
                                3. RunOnce doesn't stuff like \..\ (what I was using initially). Even though if you do something like "%LDMS_LOCAL_DIR%\..\vulscan.exe" /installav /showui into CMD it will work, but will not work with RunOnce.