The McAfee Install and Update Script | The Dialup Users "Choice" Script | The Extensions Updater Script | The Eyedog Patch Script
The last time this page was updated was Tuesday, 04-Apr-2006 01:11:17 CDT.
7/16/03 - Replaced the McAfee Install and Update script with
one updated for VirusScan 7.0.0.
4/10/02 - Replaced the McAfee Install and Update script with one updated for KiXtart version 4.02
4/12/02 - Added the VS403uninst.kix script, which uninstalls VirusScan 4.0.3 and edited mcafee.kix
1/18/02 - Replaced the Dialup Users Choice Script with a completely rewritten one
I wrote these scripts to automate the process of installing and updating McAfee across campus after I tested Management Edition™ for two months and found it really frustrating to use. (I've since tested ePolicy Orchestrator™, and I wasn't much more impressed with it, so we're keeping the scripts.) The scripts have lots of remarks to make it easy to understand the logic behind them. You're welcome to use them, modify them to suit your needs or just incorporate some of the ideas in a script you've already written.
Please note: I make every effort to check these scripts completely on each OS platform and each version of McAfee that we use. I also use them on our network to automate McAfee for over 3400 PCs. However, it is still possible that I made a mistake in copying the material to the web site or missed an obscure error somewhere, so if you have a problem with the scripts not working on your network, please don't hesitate to ask me for help. (Each script is displayed using server-side includes, so when I make edits to the scripts, the updated script is displayed immediately.
NO ONE should ever use one of these scripts without first testing it to see if it works on your network the way you expect it to. I can't stress this enough. You should NEVER roll out a script like this to your production environment without first testing it to make sure it does what you want it to do. McAfee constantly changes the registry keys that contain program information, so if your versions are different than the ones I've coded for, these scripts may not work at all, or may attempt to run the update every time the user logs in.
My email address is pauls@utdallas.edu. When I do find errors, I correct them as soon as possible. If you find errors, or have problems with the scripts, or just can't get it working, please email me. I'm very busy, so I may not respond instantly, but I WILL get back to you, and to the best of my ability to do so, I will help you.
Here's how it works here at UTD. Each week (usually Thursdays) we download the SuperDAT when it's released. Then we install it on a handful of test machines representing each platform; Win 95, Win 98, ME, NT 4.0, Win2K and XP. If the software performs without problems, we put it in the SuperDAT directory on one of our servers. That's it. The script does the rest.
Why the SuperDATs instead of incremental updates? The SuperDATs always include the latest scan engine, and the incrementals (IMHO) are still experimental. With the advent of VirusScan 4.5.1 with Service Pack 1, extensions can be automatically updated through the SuperDAT.
This script was completely redone on 7/16/03. It uninstalls VirusScan 4.5.1 on Win2K and XP and installs VirusScan 7.0.0. I also added a section to allow us to exclude subnets for labs that have their own builds, and I added a section to detect if a user has admin rights on the box. If they don't, the script pops up a warning box and then creates a cookie in their home directory which allows me to pop up the warning once a month rather than on every login. Detection for versions older than 4.5.1 has been removed. Regchange.kix is no longer called because it's no longer needed as of version 4.5.1. and we no longer use the extra.dats for incremental protection. Our gateway protection allows us to forego those. I haven't yet incorporated the incremental dats, so we're still using the SuperDATs.
One important thing to consider is running this script on NT and Win2K. Program installs can only be done by an account with Administrator rights on the box. SuperDAT installs require the account to have at least Power User rights. (If a user is only a User, the SuperDATs will update the DAT files, but the scan engine version won't change. You won't see any Access Denied errors during the running of the script, so you may not realize the scan engine isn't being updated.) The way we "solve" the problem here is by creating a Global Domain Group, putting our trusted techs in it, and granting that group Administrator rights on the client workstation. (We have a different group that has Add Workstation rights, and that group has a larger number of techs in it.) When a new box comes in, they have to configure it for our network anyway, and when they login the first time, the script starts the software install, which is customized to use all the settings we want and to include the SuperDAT update. The second time they log in, the Service Pack 1 installation begins. By the time they finish configuring the box, McAfee is installed and up-to-date. So long as the normal user of that machine is a Power User, the SuperDATs and the rest will run with no errors. NOTE: This is not true of XP. XP requires the user to be Admin for SuperDAT updates as well.
I saw a script on the Brainbuzz site that got around the problem by using SU, but I would strongly discourage doing that. In order for SU to work in a script, you have to include the Domain Admin password in the script. Since the script is at the very least READ ONLY for Authenticated Domain Users (and more likely is READ ONLY for Everyone!), that means that anyone inside your domain can open the script file and discover the Domain Admin password. This is an egregious violation of basic security! Don't do it! Over 80% of network security incidents are traced to "inside" attackers; disgruntled employees, pranksters, hackers, etc.
You may either copy and paste this script or right-click and download a copy.
; McAfee.kix - a script to automate McAfee installs and upgrades
; on Windows 95, 98, ME, NT, 2000 and XP machines.
; Exclude the CS Labs subnets, because they use their own build
$address = @IPADDRESS0
$subnet = SUBSTR($address,9,3)
; NOTE - octets are returned in sets of three characters
; regardless of the actual number of the subnet, so the
; spaces inside the double quotes are ESSENTIAL. If you
; remove them, you break the detection - subnet 3, for example,
; would be " 3", not "3".
IF ($subnet = " 92" OR $subnet = " 97")
GOTO END
ENDIF
; Check for group membership to see if we run McAfee
IF (InGroup ("NoMcAfee"))
GOTO "END"
ENDIF
; exclude all Servers and Domain Controllers from login updates and
; installs just in case some idiot logs in locally at the console
$OSVal = @PRODUCTTYPE
IF ( (INSTR ($OSVal,"Server") <> 0) OR
(INSTR ($OSVal,"Domain Controller") <> 0) )
GOTO "END"
ENDIF
; Check to see if the user has local admin rights so we can install and update
; If they don't, popup a warning and set a cookie, then send them on to install
; If the cookie already exists, check to see if it's a month old, and popup the
; warning again if it is - otherwise just go on to install
IF INGROUP ("\\@WKSTA\ADMINISTRATORS")
$Admin = "1"
ENDIF
$priv_cookie = @HOMEDRIVE + "priv_cookie.txt"
$month = SUBSTR(@DATE,6,2)
IF Open(1,$priv_cookie,2) = 0
$x = ReadLine(1)
$last = SUBSTR($x,6,2)
IF $last <> $month
OPEN(1,$priv_cookie,5)
WRITELINE (1,@DATE)
CLOSE(1)
$TypeOS = @INWIN
IF $TypeOS = 1
IF $Admin <> "1"
GOTO "WARNING"
ENDIF
ENDIF
ELSE
GOTO "INSTALL"
ENDIF
Close (1)
ELSE
OPEN(1,$priv_cookie,5)
WRITELINE(1,@DATE)
CLOSE (1)
$TypeOS = @INWIN
IF $TypeOS = 1
IF $Admin <> "1"
GOTO "WARNING"
ENDIF
ENDIF
ENDIF
:INSTALL
; Create some string values for use later
$regPath="HKEY_LOCAL_MACHINE\SOFTWARE\"
$appsPath="\\utdfp3\allshare\Installs\NAI\"
; Get the present SuperDAT filename
$sDATString=DIR ($appsPATH + "SuperDAT\sdat*.exe")
; Parse the SuperDAT string for the version number
$sDATVer=SUBSTR($sDATString,5,4)
; Determine which version (if any) of McAfee is installed
$VS45Code=KeyExist($regPath + "Network Associates\TVD\VirusScan\AVConsol")
$VS70Code=KeyExist($regPath + "Network Associates\TVD\VirusScan Enterprise")
; Go to the right subroutine based on McAfee version or "None"
SELECT
CASE $VS45Code=1
GOTO "VS45"
CASE $VS70Code=1
GOTO "VS70"
CASE 1
GOTO "DETECTOS"
ENDSELECT
:DETECTOS
$OS = @DOS
$OSNum = substr($OS,1,1)
IF $OSNum = 5
GOTO "VIRUSSCAN_7.0.0"
ELSE
GOTO "VIRUSSCAN_4.5.1"
ENDIF
:VS45
$VS45DATValue = READVALUE($RegPath + "Network Associates\TVD\Shared Components\VirusScan Engine\4.0.xx","szDatVersion")
$VS45DATNum = SUBSTR($VS45DATValue,5,4)
$VS45CurrentVersion = READVALUE($RegPath + "Network Associates\TVD\VirusScan","szCurrentVersionNumber")
$VS45VersionNum = SUBSTR($VS45CurrentVersion,7,4)
$VS450VersionNum = SUBSTR($VS45CurrentVersion,5,1)
$installDir=READVALUE($regPath + "Network Associates\TVD\Shared Components\VirusScan Engine\4.0.xx","szInstallDir")
; If they're running Win2k or XP and they have VS 4.5.1, uninstall so we can install 7.0.0
$OS = @DOS
$OSNum = substr($OS,1,1)
IF $OSNum = 5
$return = MESSAGEBOX("The system has determined that a newer version of McAfee "
+ "is available for your computer. Before it can be installed "
+ "the present version must be removed. When the uninstall is "
+ "completed, a reboot will be required. To begin the removal "
+ "please click on OK.", "VirusScan 4.5.1 Uninstall", 64)
RUN $appsPath + "VirusScan 4.5.1\setup.exe" + " REMOVE=ALL REBOOT=F/qb+/i"
GOTO "END"
ENDIF
; If they're running WIn9x, NT or ME, upgrade from 4.5.0 to 4.5.1, SP1 or update the DATs
IF VAL ($VS450VersionNum) = 0
GOTO "VIRUSSCAN_4.5.1"
ELSE
IF VAL($VS45VersionNum) <> VAL("1306")
$return = MESSAGEBOX("The system has determined that your anti-virus software needs an update. "
+ "When you click on OK, the system will begin the Service Pack 1 "
+ "installation", "Service Pack 1 Install", 64)
RUN ($appsPath + "VirusScan 4.5.1\SP1\VSC451S1.EXE" + " /silent /prompt")
GOTO "END"
ELSE
IF VAL($sDATVer) > VAL($VS45DATNum) ; if the SuperDAT is not up-to-date
GOTO "SuperDAT"
ELSE
GOTO "END"
ENDIF
ENDIF
ENDIF
; warn the user if they aren't admin on the box and then go to install
:WARNING
$return = MESSAGEBOX("The system has determined that you do not have sufficient rights "
+ "to install or uninstall software on this computer. This means that "
+ "you cannot update your antivirus software or apply any security "
+ "patches.@CRLF@CRLFThis may or may not be what your department policy "
+ "is. If you're not sure what the policy is, please check with your "
+ "department to be sure. If you do have sufficient rights to install "
+ "software but you're getting this message anyway, please contact your "
+ "departmental techs or call the UTD Campus Help Desk at x2911 and ask "
+ "for assistance.@CRLF@CRLFThis message will appear each month, as a "
+ "reminder. ","Monthly Reminder", 64)
GOTO "INSTALL"
:VS70
$VS70DATVal = READVALUE($regPath + "Network Associates\TVD\Shared Components\VirusScan Engine\4.0.xx","szVirDefVer")
$VS70DATNum = SUBSTR($VS70DATVal,5,4)
$MidCfgDir=READVALUE($regPath + "Network Associates\TVD\VirusScan Enterprise\CurrentVersion","szMidConfigDir")
$MidPath = ($appsPath + "VirusScan 7.0.0\VSECFG_W.CAB")
$MidFile = "VSECFG_W.CAB"
; make sure the midfile is installed and up to date
; and update the DATs for VS 7.0.0 installs
IF EXIST ($MidCfgDir + $Midfile)
$Result = CompareFileTimes($MidPath,$MidCfgDir + $Midfile)
IF $Result = 1
COPY $MidPath $MidCfgDir + $Midfile
ENDIF
ELSE
COPY $MidPath $MidCfgDir + $Midfile
ENDIF
IF VAL($sDATVer) > VAL($VS70DATNum)
GOTO "SuperDAT"
ELSE
GOTO "END"
ENDIF
; Install the SuperDAT
:SuperDAT
IF @INWIN=2
SLEEP 2
ENDIF
$return = MESSAGEBOX("The system has determined that your anti-virus DAT files are out of date. "
+ "When you click on OK, the system will start the McAfee SuperDAT update. "
+ "You will be prompted if you need to reboot.", "SuperDAT update", 64)
RUN ($appsPath + "SuperDAT\" + $sDATString + " /silent /prompt")
GOTO "END"
; Install McAfee VirusScan 4.5.1
:VIRUSSCAN_4.5.1
$return = MESSAGEBOX("The system has determined that your computer did not have the latest version "
+ "of McAfee VirusScan installed. When you click on OK, the system will start "
+ "the McAfee VirusScan 4.5.1 installation. You may be prompted to reboot when "
+ "the installation is complete.","VirusScan Install",64)
RUN $appsPath + "VirusScan 4.5.1\setup.exe" + " /qb+"
GOTO "END"
; Install McAfee VirusScan 7.0.0
:VIRUSSCAN_7.0.0
$return = MESSAGEBOX("The system has determined that your computer did not have the latest version "
+ "of McAfee VirusScan installed. When you click on OK, the system will start "
+ "the McAfee VirusScan 7.0.0 installation. You will be prompted to reboot when "
+ "the installation is complete.","VirusScan Install",64)
RUN $appsPath + "VirusScan 7.0.0\setup.exe" + " ENABLEONACCESSSCANNER=True REBOOT=True /qb+"
;$RC = Shutdown("", "System is being rebooted to enable new settings.", 60, 0, 1)
GOTO "END"
:END
The "VS403uninst.kix" script was called from the mcafee.kix script and began the uninstall of VirusScan 4.0.3. Since it's obsolete, it's no longer used here.
You may either copy and paste this script or right-click and download a copy.
[an error occurred while processing this directive]
This script determines if our users are on a dialup connection, and then offers them a choice to opt out of the McAfee updates, because they are very slow on a dialup connection. The script also remembers their choice (using a small text file) so they won't be prompted again if they don't want to be.
As with the others, you can either copy and past this script or right-click and download it here.
; Dialup.scr
; This script checks to see if a user is a remote user, either dialup or VPN.
; If they are, it offers them the choice of running the McAfee updates or not
; running them, and then it asks them if they want us to "remember" their choice.
; If they choose Yes, it creates a registry key in the VirusScan hive with the appropriate
; value in it. The next time the script runs, it looks at that value and takes
; the appropriate action based upon their previous choice
; Check for group membership to see if we run McAfee
IF (InGroup ("NoMcAfee"))
GOTO "END"
ENDIF
; Get the user's IP address
$address=@IPADDRESS0
; Parse the subnet from the IP
$subnet=SUBSTR($address,9,3)
; Parse the node address, but make it an integer value first
; (KiX variables assume the type that they are first assigned
; and we need an integer value here to limit the node range.)
$node=1
$node=SUBSTR($address,13,3)
; If they're dialup users or vpn users, run the following script portion
; otherwise, run the McAfee script (mcafee.scr)
IF ($subnet=" 82" OR $subnet=" 40" OR ($subnet=" 27" AND ($node > 237 AND $node < 246)))
; In this section we determine if a registry key exists. If it doesn't, we create it. If
; it does, we check for its value. The value determines whether we proceed or exit. The
; key varies depending on the version of VirusScan, so we have to branch to three sections.
; If they don't have McAfee installed, we branch to the Choose subroutine.
$regPath = "HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\"
$VS403Code=ExistKey($regPath + "McAfee VirusScan")
$NetShield403Code=ExistKey($regPath + "NetShield NT")
$VS45Code=ExistKey($regPath + "TVD\VirusScan")
SELECT
CASE $VS403Code = 0
GOTO "VirusScan403"
CASE $NetShield403Code = 0
GOTO "NetShieldNT403"
CASE $VS45Code = 0
GOTO "VirusScan45"
CASE 1
GOSUB "Choose"
ENDSELECT
:VirusScan403
$VS403Choice=EXISTKEY($regPath + "McAfee VirusScan\Dialup")
IF $VS403Choice = 0
$choice = READVALUE($regPath + "McAfee VirusScan\Dialup", "")
IF $choice = 7
GOTO "END"
ELSE
GOTO "RunMcAfee"
ENDIF
ELSE
$regValue = ($regPath + "McAfee VirusScan\Dialup")
GOSUB "Choose"
ENDIF
:NetShieldNT403
$NS403Choice=EXISTKEY($regPath + "NetShieldNT\Dialup")
IF $NS403Choice = 0
$choice = READVALUE($regPath + "NetShieldNT\Dialup", "")
IF $choice = 7
GOTO "END"
ELSE
GOTO "RunMcAfee"
ENDIF
ELSE
$regValue = ($regPath + "NetShieldNT\Dialup")
GOSUB "Choose"
ENDIF
:VirusScan45
$VS45Choice=EXISTKEY($regPath + "TVD\VirusScan\Dialup")
IF $VS45Choice = 0
$choice = READVALUE($regPath + "TVD\VirusScan\Dialup", "")
IF $choice = 7
GOTO "END"
ELSE
GOTO "RunMcAfee"
ENDIF
ELSE
$regValue = ($regPath + "TVD\VirusScan\Dialup")
GOSUB "Choose"
ENDIF
; This "else" routes all non-dialup or VPN users to the McAfee.scr script
ELSE
CALL "McAfee.scr"
GOTO "END"
ENDIF
; Everything below here is subroutines
; This section calls the McAfee.scr script
:RunMcAfee
CALL "McAfee.scr"
GOTO "END"
; Give the user a choice of running the updates or not running them and
; set a registry value if they want their choice remembered.
:Choose
$return = MESSAGEBOX("When you log in to our NT domains, we offer automatic virus updates."
+ " On a dialup connection, these virus installs and updates can "
+ "take quite some time, depending on the speed of your connection."
+ "Therefore, we give you the option of opting out of the updates."
+ " If you would like the update to run, click on Yes. If you "
+ "don't want it to run, click on No.","Install and Update McAfee?",68)
$repeat = MESSAGEBOX("If you'd like us to remember your choice we can set a registry key "
+ "on your system. If you click on Yes, we will never prompt "
+ "you again, but you would not be able to change your choice "
+ "later unless you remove the registry key. (The registry key is "
+ $regValue + ") If you click No, you will see these prompts "
+ "each time you log in (until you click Yes.)","Never Prompt Again?", 68)
IF $return=6
IF $repeat=6
GOSUB "WriteKey"
GOTO "RunMcafee"
ELSE
GOTO "RunMcAfee"
ENDIF
ELSE
IF $repeat=6
GOSUB "WriteKey"
GOTO "END"
ENDIF
GOTO "END"
ENDIF
; If they chose to save their choice, we write the registry key
:WriteKey
$newKey = ADDKEY($regValue)
IF $newKey = 0
WRITEVALUE($regValue,"","$return",REG_SZ)
IF @ERROR = 0
RETURN
ELSE
$errVal = MESSAGEBOX("The system was unable to create the necessary registry "
+ "value. Check to make sure you are using an account that "
+ "has Administrator rights to the computer you're using, "
+ "or contact the Help Desk for assistance at 972-883-2911."
+ " The error code generated was: " + @ERROR,"ERROR",16,60)
RETURN
ENDIF
ELSE
$errKey = MESSAGEBOX("The system was unable to create the necessary registry "
+ "key. Check to make sure you are using an account that "
+ "has Administrator rights to the computer you're using, "
+ "or contact the Help Desk for assistance at 972-883-2911."
+ " The error code generated was: " + @ERROR,"ERROR",16,60)
RETURN
ENDIF
:END
This script will update the registry (and the configuration files in VS 4.0.3 and NetShield NT 4.0.3a) to reflect all the extensions you want to scan for. Once the updating is done, the script will simply exit without doing anything unless you make changes to add new extensions. (Then it will update again.) All you need to do is add any new extensions to $newString that you want to include (this list came from the registry key for VirusScan 4.5, the latest corporate version of VirusScan) and then change the value of $newStringKey so each section tests for that new string in the registry.
In other words, if you wanted to include .DAT files in the list of files to check for, just add DAT to the $newString variable (somewhere between the quotes, but since they're alphabetized.......), and then change the value of $newStringKey to "DAT".
After extensive testing, I updated this script today (5/25/00.) I *think* I've found every single configuration file and registry key that McAfee has an extensions list in, so I updated the script to edit all of them. (The lists for VS 4.0.3 and VS 4.5.0 are quite a bit larger than they were in the previous version.) Then I wrote a separate IF loop for each subkey. First the script checks for the existence of the registry key or configuration file. If it exists, it then checks to see if the value of $newStringKey is contained in that subkey or file. If it's not, it edits it.
Finally, the VSBEdit section was added to change the default behavior of VBS scripts so that they open Notepad instead of running Windows Scripting Host. Once this is done, if a user double clicks on an attachment that contains a vbs worm, Notepad will open, and they will not be infected. (I may add some other extensions to this, such as .wsh files.)
You may either copy this script and paste it into a file or right click and download a copy.
; regchange.kix
; A script to edit the registry (and the configuration files for VirusScan 4.0.3 and
; NetShield NT 4.0.3a) changing the extensions that McAfee scans by default to all the
; latest "dangerous" ones and setting the bScanOnShutdown value to 0 - this clears up
; a hang on shutdown problem in Win9x machines.
;
; To change the extensions string, just overwrite $newString by putting the new string
; you want between the quotes. Or you can add extensions by typing them in (alphabetically)
; in the existing string. Once you've done that, choose an extension you've added, and put
; its value inside $newStringKey. This will change the value each section looks for and thus
; update all the extensions settings.
$newString="??_ ASP BAT CDR COM CSC DL? DOC DOT EXE GMS GZ? HLP HT? IM? INI JS? MD? MPP MPT MSG MSO OCX OLE OV? POT PP? RTF SCR SHS SMM SYS VBS VS? VXD WBK WPD XL? XML"
$newStringKey="VBS"
$regPath="HKEY_LOCAL_MACHINE\SOFTWARE\"
$VS403Code=ExistKey($regPath + "Network Associates\McAfee VirusScan")
$NetShield403Code=ExistKey($regPath + "Network Associates\NetShield NT")
$VS45Code=ExistKey($regPath + "Network Associates\TVD\VirusScan")
SELECT
CASE $VS403Code = 0
GOTO "VirusScan403"
CASE $NetShield403Code = 0
GOTO "NetShieldNT403"
CASE $VS45Code = 0
GOTO "VirusScan45"
CASE 1
GOTO "VBSEdit"
ENDSELECT
:VirusScan403
$keyPath=($regPath + "Network Associates\McAfee VirusScan\Exchange Scan\CurrentVersion\DetectionOptions")
$installDir=READVALUE($regPath + "McAfee\Scan95","szProductLocation")
$vshFile=($installDir +"\default.vsh")
$vscFile=($installDir + "\default.vsc")
$alldriveFile=($installDir + "\alldrive.vsc")
$scan_cFile=($installDir + "\scan_c.vsc")
$vshCode=EXIST($vshFile)
$vscCode=EXIST($vshFile)
$alldriveCode=EXIST($alldriveFile)
$scan_cCode=EXIST($scan_cFile)
$keyCode=EXISTKEY($keyPath)
$vshStr=READPROFILESTRING($vshFile,"DetectionOptions","szDefaultProgramExtensions")
$vscStr=READPROFILESTRING($vscFile,"DetectionOptions","szDefaultProgramExtensions")
$alldriveStr=READPROFILESTRING($alldriveFile,"DetectionOptions","szDefaultProgramExtensions")
$scan_cStr=READPROFILESTRING($scan_cFile,"DetectionOptions","szDefaultProgramExtensions")
$keyStr=READVALUE($keyPath,"szProgramExtensions")
IF $vshCode=1
$ShutdownStr=READPROFILESTRING($vshFile,"DetectionOptions","bScanOnShutdown")
IF INSTR($ShutdownStr,"1")
WRITEPROFILESTRING($vshFile,"DetectionOptions","bScanOnShutdown","0")
ENDIF
ENDIF
IF $vshCode=1
IF INSTR($vshStr,$newStringKey)
ELSE
WRITEPROFILESTRING($vshFile,"DetectionOptions","szProgramExtensions",$newString)
WRITEPROFILESTRING($vshFile,"DetectionOptions","szDefaultProgramExtensions",$newString)
WRITEPROFILESTRING($vshFile,"EMailDetectionOptions","szProgramExtensions",$newString)
WRITEPROFILESTRING($vshFile,"EMailDetectionOptions","szDefaultProgramExtensions",$newString)
WRITEPROFILESTRING($vshFile,"DownloadDetectionOptions","szProgramExtensions",$newString)
ENDIF
ENDIF
IF $vscCode=1
IF INSTR($vscStr,$newStringKey)
ELSE
WRITEPROFILESTRING($vscFile,"DetectionOptions","szProgramExtensions",$newString)
WRITEPROFILESTRING($vscFile,"DetectionOptions","szDefaultProgramExtensions",$newString)
ENDIF
ENDIF
IF $alldriveCode=1
IF INSTR($alldriveStr,$newStringKey)
ELSE
WRITEPROFILESTRING($alldriveFile,"DetectionOptions","szProgramExtensions",$newString)
WRITEPROFILESTRING($alldriveFile,"DetectionOptions","szDefaultProgramExtensions",$newString)
ENDIF
ENDIF
IF $scan_cCode=1
IF INSTR($scan_cStr,$newStringKey)
ELSE
WRITEPROFILESTRING($scan_cFile,"DetectionOptions","szProgramExtensions",$newString)
WRITEPROFILESTRING($scan_cFile,"DetectionOptions","szDefaultProgramExtensions",$newString)
ENDIF
ENDIF
IF $keyCode = 0
IF INSTR($keyStr,$newStringKey)
ELSE
WRITEVALUE($keyPath,"szProgramExtensions",$newString,REG_SZ)
ENDIF
ENDIF
GOTO "VBSEdit"
:NetShieldNT403
$installDir=READVALUE($regPath + "McAfee\VirusScan","szInstallDir")
$vscFile=($installDir + "\default.vsc")
$vscStr=READPROFILESTRING($vscFile,"ScanOptions","szDefaultProgramExtensions")
$vscCode=EXIST($vscFile)
$McShieldPath=($regPath + "McAfee\VirusScan\McShield\CurrentVersion")
$McShieldKey=READVALUE($McShieldPath,"szProgExts")
$McShieldCode=EXISTKEY($McShieldPath)
$DefTaskPath=($regPath + "McAfee\VirusScan\DefaultTask")
$DefTaskKey=READVALUE($DefTaskPath,"szProgExts")
$DefTaskCode=EXISTKEY($DefTaskPath)
IF $vscCode=1
IF INSTR($vscStr,$newStringKey)
ELSE
WRITEPROFILESTRING($vscFile,"ScanOptions","szProgramExtensions",$newString)
WRITEPROFILESTRING($vscFile,"ScanOptions","szDefaultProgramExtensions",$newString)
ENDIF
ENDIF
IF $McShieldCode=0
IF INSTR($McShieldKey,$newStringKey)
ELSE
WRITEVALUE($McShieldPath,"szProgExts",$newString,REG_SZ)
WRITEVALUE($McShieldPath,"szDefProgExts",$newString,REG_SZ)
ENDIF
ENDIF
IF $DefTaskCode=0
IF INSTR($DefTaskKey,$newStringKey)
ELSE
WRITEVALUE($DefTaskPath,"szProgExts",$newString,REG_SZ)
WRITEVALUE($DefTaskPath,"szDefProgExts",$newString,REG_SZ)
ENDIF
ENDIF
GOTO "VBSEdit"
:VirusScan45
$OnAccessPath=($regPath + "Network Associates\TVD\Shared Components\On Access Scanner\")
$McShieldPath=($OnAccessPath + "McShield\Configuration")
$McShieldKey=READVALUE($McShieldPath,"szProgExts")
$McShieldCode=EXISTKEY($McShieldPath)
$DownLoadPath=($OnAccessPath + "Vshield\Download Scan\DetectionOptions")
$DownLoadKey=READVALUE($DownLoadPath,"szProgramExtensions")
$DownLoadCode=EXISTKEY($DownLoadPath)
$EmailPath=($OnAccessPath + "VShield\E-Mail Scan\DetectionOptions")
$EmailKey=READVALUE($EmailPath,"szProgramExtensions")
$EmailCode=EXISTKEY($EmailPath)
$SystemPath=($OnAccessPath + "VShield\System Scan\DetectionOptions")
$SystemKey=READVALUE($SystemPath,"szProgramExtensions")
$SystemCode=EXISTKEY($SystemPath)
$OnDemandPath=($regPath + "Network Associates\TVD\Shared Components\On Demand Scanner\")
$ExchScanPath=($onDemandPath + "Exchange Scan\DetectionOptions")
$ExchScanKey=READVALUE($ExchScanPath,"szProgramExtensions")
$ExchScanCode=EXISTKEY($ExchScanPath)
$Scan32Path=($onDemandPath + "Scan32\DetectionOptions")
$Scan32Key=READVALUE($Scan32Path,"szProgramExtensions")
$Scan32Code=EXISTKEY($Scan32Path)
$ScanTasksPath=($regPath + "Network Associates\TVD\VirusScan\AVConsol\ScanTasks\")
$item_0Path=($ScanTasksPath + "item_0\DetectionOptions")
$item_0Key=READVALUE($item_0Path,"szProgramExtensions")
$item_0Code=EXISTKEY($item_0Path)
$item_1Path=($ScanTasksPath + "item_1\DetectionOptions")
$item_1Key=READVALUE($item_1Path,"szProgramExtensions")
$item_1Code=EXISTKEY($item_1Path)
$item_2Path=($ScanTasksPath + "item_2\DetectionOptions")
$item_2Key=READVALUE($item_2Path,"szProgramExtensions")
$item_2Code=EXISTKEY($item_2Path)
$item_3Path=($ScanTasksPath + "item_3\DetectionOptions")
$item_3Key=READVALUE($item_3Path,"szProgramExtensions")
$item_3Code=EXISTKEY($item_3Path)
$item_4Path=($ScanTasksPath + "item_4\DetectionOptions")
$item_4Key=READVALUE($item_4Path,"szProgramExtensions")
$item_4Code=EXISTKEY($item_4Path)
IF $McShieldCode=0
IF INSTR($McShieldKey,$newStringKey)
ELSE
WRITEVALUE($McShieldPath,"szProgExts",$newString,REG_SZ)
WRITEVALUE($McShieldPath,"szDefProgExts",$newString,REG_SZ)
ENDIF
ENDIF
IF $DownLoadCode=0
IF INSTR($DownLoadKey,$newStringKey)
ELSE
WRITEVALUE($DownLoadPath,"szProgramExtensions",$newString,REG_SZ)
ENDIF
ENDIF
IF $EMailCode=0
IF INSTR($EMailKey,$newStringKey)
ELSE
WRITEVALUE($EMailPath,"szProgramExtensions",$newString,REG_SZ)
WRITEVALUE($EmailPath,"szDefaultProgramExtensions",$newString,REG_SZ)
ENDIF
ENDIF
IF $SystemCode=0
IF INSTR($SystemKey,$newStringKey)
ELSE
WRITEVALUE($SystemPath,"szProgramExtensions",$newString,REG_SZ)
WRITEVALUE($SYstemPath,"szDefaultProgramExtensions",$newString,REG_SZ)
ENDIF
ENDIF
IF $ExchScanCode=0
IF INSTR($ExchScanKey,$newStringKey)
ELSE
WRITEVALUE($ExchScanPath,"szProgramExtensions",$newString,REG_SZ)
ENDIF
ENDIF
IF $Scan32Code=0
IF INSTR($Scan32Key,$newStringKey)
ELSE
WRITEVALUE($Scan32Path,"szProgramExtensions",$newString,REG_SZ)
WRITEVALUE($Scan32Path,"szDefaultProgramExtensions",$newString,REG_SZ)
ENDIF
ENDIF
IF $item_0Code=0
IF INSTR($item_0Key,$newStringKey)
ELSE
WRITEVALUE($item_0Path,"szProgramExtensions",$newString,REG_SZ)
WRITEVALUE($item_0Path,"szDefaultProgramExtensions",$newString,REG_SZ)
ENDIF
ENDIF
IF $item_1Code=0
IF INSTR($item_1Key,$newStringKey)
ELSE
WRITEVALUE($item_1Path,"szProgramExtensions",$newString,REG_SZ)
WRITEVALUE($item_1Path,"szDefaultProgramExtensions",$newString,REG_SZ)
ENDIF
ENDIF
IF $item_2Code=0
IF INSTR($item_2Key,$newStringKey)
ELSE
WRITEVALUE($item_2Path,"szProgramExtensions",$newString,REG_SZ)
WRITEVALUE($item_2Path,"szDefaultProgramExtensions",$newString,REG_SZ)
ENDIF
ENDIF
IF $item_3Code=0
IF INSTR($item_3Key,$newStringKey)
ELSE
WRITEVALUE($item_3Path,"szProgramExtensions",$newString,REG_SZ)
WRITEVALUE($item_3Path,"szDefaultProgramExtensions",$newString,REG_SZ)
ENDIF
ENDIF
IF $item_4Code=0
IF INSTR($item_4Key,$newStringKey)
ELSE
WRITEVALUE($item_4Path,"szProgramExtensions",$newString,REG_SZ)
WRITEVALUE($item_4Path,"szDefaultProgramExtensions",$newString,REG_SZ)
ENDIF
ENDIF
GOTO "VBSEdit"
:VBSEdit
$keyPath=($regPath + "Classes\VBSFile\Shell")
$keyCode=EXISTKEY($keyPath)
$presentKey=READVALUE($keyPath,"")
IF $keyCode<>0
GOTO "END"
ENDIF
IF INSTR($presentKey,"Edit")
GOTO "END"
ELSE
WRITEVALUE($keyPath,"","Edit","REG_SZ")
ENDIF
GOTO "END"
:END
This script automates the "scriplet.typelib/eyedog patch" that protects machines against the KAK worm and other scripted HTML emails that run simply by previewing or reading an email message. You can either copy and paste the script from this page or right click and download it.
; eyedog.kix - a script to check for (and install if necessary) the scriptlet.typelib/eyedog
; patch that protects machines against the KAK worm and other devices used to run scripted
; email simply by previewing it or reading it.
; The path to the patch
$patchPath="\\servername\sharename\directoryname\"
; the registry keys to check for. If scriptletkey exists, then the patch hasn't been run
; If the eyedogkey is set to 1024, then the patch has been run.
$scriptletPath="HKEY_CLASSES_ROOT\CLSID\"
$scriptletKey=EXISTKEY($scriptletPath + "{06290BD5-48AA-11D2-8432-006008C3FBFC}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}")
$EyedogPath="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\"
$EyedogKey=READVALUE($EyedogPath + "ActiveX Compatibility\{06A7EC63-4E21-11D0-A112-00A0C90543AA}","Compatibility Flags")
; if $scriptletkey exists, the patch needs to be run
IF $scriptletKey=0
GOTO "Install"
ELSE
IF (INSTR($EyedogKey,"1024") OR INSTR($EyedogKey,"04")) ; if $eyedogkey is set to 1024 (or hex 04), the patch has been run
GOTO "END"
ELSE
GOTO "Install"
ENDIF
ENDIF
; Fortunately, the patch is the same for all platforms, so we only need one install section
:Install
$return=MESSAGEBOX("The system has determined that your computer is missing a critical security update. "
+ "When you click on OK, the installation will begin. This will take about 1 second to complete "
+ "and should not require a reboot.","scriptlet.typelib/Eyedog Security Patch",64)
RUN ($patchPath + "Q240308.exe")
GOTO "END"
:END
This page last modified: Tuesday, 04-Apr-2006 01:11:17 CDT.
Paul Schmehl ©2000-2002
All rights reserved