Script to Uninstall Eset Nod32 and install Forefront Endpoint protection from GPO

How to uninstall Eset Nod32 Antivirus and install FEP (Forefront Endpoint Protection) also known as Microsoft Essentials Antivirus on Windows clients using a vbscript.

In my environment we have been using Eset Nod32 Business Edition antivirus version 4.

Nod32 is a light and stable antivirus with a decent footprint. The Eset Administration is good and powerful if you spend a couple of days learning it.

But!.

Wen we started to use a business web application, using the java editor PageFlex .EDIT, from our business partner www.webtopsolutions.se our users complained on that editing tool system, and it was really slow, loading the page in about 40 to 50 seconds, and editing was really slow with 1 to 2 seconds per key stroke .

After some troubleshooting we found that Nod32 was the reason and for some reason there is no way to exclude a web site from the antivirus, there is a setting to exclude URLs from scanning but the URL will still be processed by Nod32 in some way. One possible option is to disable the scanning of web pages completely, but that was not an option I liked.

The quick fix on this problem is to change antivirus to FEP wich is free at least if you have a subscription from Microsoft, else there is the essentials version.

To manage and install FEP you have two options, one is to use System Center 2012 Endpoint Protection (or SCCM) and it requires SQL Server Standard or Enterprise editions. The other option is to install the client manually or by script and use GPO settings to mange the client settings.

This is how I install the FEP client using a GPO user logon script, making sure that Nod32 is uninstalled before installing. It is tested on Windows XP and Windows 7, x86 and x64.

Wen running the script on my Windows 7 the UAC popped up, I haven´t tested if that happens when the script is run by the GPO, so you might need to test it and tell the users if the prompt will  pop up.

Thanks to Jakob Gottlieb Svendsen, http://blog.coretech.dk/jgs, for providing a nice start to this script.

I hope this will be of help, and don´t forget to turn off the password protection in Nod32 or the uninstall will fail.

 

Use this script at your own risk and test it before deploying to production environment.

‘ //***************************************************************************
‘ // ***** Script Header *****
‘ File Name:      UninstallNod32_InstallFEP.vbs
‘ Author : Jimi Friis, www.newsweb.se
‘ Created: 2012-03-22
‘ Purpose:  Uninstall Eset Nod32 Antivirus (or other program) using “Msiexec.exe”
‘             and install Microsoft Forefront Endpoint Protection (or other program) using installer file and flags

‘ How it works:    1. Script looks in the registry if the program to install is already installed, if it is the script aborts the rest.
‘                 2. Script tests the system if it is x64 or x86 by checking if systempath %programfiles(x86)% exists
‘                    and sets file to copy and install depending on if OS type
‘                    and copy the install file to local disk

3. Script then looks in the registry for the progam to uninstall and if it is installed it tries to uninstall it
‘                4. Script again tests if the program to uninstall really is uninstalled, if not it aborts the script.
‘                5. Script install the program specified.

‘ Good to know: No cleanup of install files..
‘                No forced or prompted reboot..
‘    Logging:    Registry lookup, uninstall and Install are all Logging failed and succeded events to event log.
‘                All events have source WHS and event ID 4
‘                MsiInstaller is also logging to Application event log
‘ //

‘ // My script is Based on below scripts function.. “Function GetProductCode(strName)”  original..
‘ // Solution:  iTunes
‘ // File:      GetProductCode.vbs
‘ // Author:    Jakob Gottlieb Svendsen, Coretech A/S. http://blog.coretech.dk/jgs
‘ // Purpose:   Uninstall old versions and install new.
‘ //            Searches registry for the productcodes for the old programs.
‘ //
‘ // Usage:     GetProductCode.vbs
‘ //
‘ //
‘ // CORETECH A/S History:
‘ // 1.0.0     JGS 18/10/2010  Created initial version.
‘ //
‘ // Customer History:
‘ //
‘ // ***** End Header *****
‘ //***************************************************************************
‘//—————————————————————————-
‘//
‘//  Global constant and variable declarations
‘//
‘//—————————————————————————-
Dim ReturnVal, ProductCode
ProductCode=0

Dim networkPathFull, localPath, installFile, installParameters
installFile = “”

Dim appToUninstall
Dim appToInstallx64, appToInstallx86, networkPath
Dim appToInstallDisplayName

Dim uninstallReturnCode, uninstallProductCode, CopyInstallerReturnCode, TestOSReturnCode
TestOSReturnCode=””
‘//—————————————————————————-
‘//************ User settings **********

‘DisplayName of applications to install and uninstall
appToUninstall=”ESET NOD32 Antivirus”
appToInstallDisplayName = “Microsoft Antimalware”

‘ Installer file names depending on OS type
appToInstallx64 = “FEPInstall_x64.exe”
appToInstallx86 = “FEPInstall_x86.exe”
‘ Installer parameters/flags to use (as in command line install)
installParameters = “/s /q”
‘ FEP install – tested and ok..
‘ c:gpoinstallFEPInstall_x86.exe /s /q
‘/s – Specifies that a silent Setup should be performed.
‘/q – Specifies that a silent extraction of the Setup files should be performed.

‘networkpath to copy installer from
networkPath = “\MYSERVERNAMESOFTWARE_INSTALL_SHAREForefrontEP”
‘local path to copy installer to
localPath = “C:gpoinstall”

‘//************** END User settings ************

‘//—————————————————————————-
‘//  Main routines
‘//—————————————————————————-

‘1. ***********************************************************
‘// ** Test if application/program is installed. abort script if it is installed **
If GetProductCode(appToInstallDisplayName) <> “” Then
‘WScript.Echo “appToInstallDisplayName: ” & appToInstallDisplayName & “already installed.. aborting”
Wscript.Quit
End If
‘WScript.Echo appToInstallDisplayName & ” is NOT installed.. continuing..”

‘2. ***********************************************************
‘// ** Copy installer files **
‘2.1 ***********************************************************
‘//** Test OS type to copy and install correct files**
TestOSReturnCode = TestOS()
‘WScript.Echo “Os is ” & TestOSReturnCode
if (TestOSReturnCode=”x64″)    Then
installFile = appToInstallx64
Else
installFile = appToInstallx86
End If

‘2.2 ***********************************************************
‘// ** Set full network path to install file **
networkPathFull = networkPath & installFile

‘2.3 ***********************************************************
‘// ** Copy files for installation to local disk if they dont exist**
‘CopyInstaller=999, “fileExists” | CopyInstaller=0,”CopyOK” | CopyInstaller=4, “fileNotFound”
CopyInstallerReturnCode = CopyInstaller()
If Not (CopyInstallerReturnCode = 0 Or CopyInstallerReturnCode = 999) Then
‘If Not (CopyInstallerReturnCode = “fileExists”) Then
‘WScript.Echo “Copy Error status is: ” & CopyInstallerReturnCode
Wscript.Quit
‘End If
Else
‘WScript.Echo “Copy status is: ” & CopyInstallerReturnCode
End If

‘3. ***********************************************************
‘ // ** Uninstall application/program if it is installed**
uninstallProductCode = GetProductCode(appToUninstall)
If uninstallProductCode <> “” Then
‘WScript.Echo “appToUninstall: ” & appToUninstall & ” = ready to uninstall”
‘ uninstall application
uninstallReturnCode = Uninstall(uninstallProductCode)

If Not (uninstallReturnCode = 0 Or uninstallReturnCode = 3010) Then
‘    WScript.Echo “appToUninstall: ” & appToUninstall & ” = Failed to uninstall, code: ” & uninstallReturnCode
Wscript.Quit
End If
‘Else
‘    WScript.Echo “appToUninstall: ” & appToUninstall & ” = not installed”
‘Wscript.Quit ‘not needed.. if this is not installed and replacement app is not installed it should continue
End If
‘Nod32 status: 1603 = error caused by password protection of nod32 settings (advanced settings > user interface > access ..

‘4. ***********************************************************
‘// ** check once again if application to uninstall really is uninstalled. and abort if it wasn´t
If GetProductCode(appToUninstall) <> “” Then
‘    WScript.Echo “appToUninstall: ” & appToUninstall & “is still installed.. aborting”
Wscript.Quit
End If

‘5. ***********************************************************
‘// ** install the new application/program if installation files exists**
‘WScript.Echo “Installation status: ” & _
InstallApp()

‘ // Quit script
Wscript.Quit

‘//—————————————————————————-
‘//  Procedures
‘//—————————————————————————-

‘ install Forefront Endpoint Protection
‘// ********* Install application ***********
Function InstallApp()
On Error Resume Next
InstallApp=”noInstall”
If (FileExistsTest(localPath & installFile)) Then

Set ObjShell = CreateObject(“WScript.Shell”)

InstallApp = ObjShell.run (localPath & installFile & ” ” & installParameters, 1, True)
‘WScript.Echo “(InstallApp = 0 Or InstallApp = 3010)?: ” & InstallApp

If (InstallApp = 0 Or InstallApp = 3010) Then
‘ install success.
ObjShell.LogEvent 4, “Application install succeded: ” & Vbcrlf & appToInstallDisplayName & Vbcrlf & ” was installed from ” & localPath & installFile
Else
‘install failed
ObjShell.LogEvent 4, “Application install failed: ” & Vbcrlf & appToInstallDisplayName & Vbcrlf & ” was installed from ” & localPath & installFile _
& Vbcrlf &”Error code: ” & InstallApp
End If
Set ObjShell=nothing
End If
End Function

‘// ********* Get ProductCode for application ***********
Function GetProductCode(strName)

Dim strComputer, oReg, strKeyPath, strValueNAme, strValue, arrSubKeys, subkey
Dim strKeyPathStandard, strKeyPathX64
” search strings for x86 and x64 (x64 string is not used in this script,
”        add it if your application is in that registry section and break it out of the function)
‘strKeyPathX64 = “SOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstall”
strKeyPathStandard = “SOFTWAREMicrosoftWindowsCurrentVersionUninstall”

‘set register root path
Const HKEY_LOCAL_MACHINE = &H80000002
strComputer = “.”
arrSubKeys = Null

‘ Shell obj for logging
Set ObjShell = CreateObject(“WScript.Shell”)
ObjShell.LogEvent 4, “Searching in registry for installed products by search term: ” & strName

‘ get register root object
Set oReg=GetObject(“winmgmts:{impersonationLevel=impersonate}!\” & _
strComputer & “rootdefault:StdRegProv”)

‘ search path and subkey array in registry
strKeyPath = strKeyPathStandard
oReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys

‘set GetProductCode=”” , default value if no entry is found
GetProductCode=””

‘ test each subkey for the program to find using the registry key DisplayName
If Not IsNull(arrSubKeys) Then
For Each subkey In arrSubKeys
‘ WScript.Echo subkey
strKeyPath = strKeyPathStandard & subkey

‘// DisplayName = name on program to find
‘// *********************************
strValueName = “DisplayName”
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
‘ if strValue is what we look for, strName, return the subkey.
If InStr(LCase(strValue), LCase(strName)) > 0 Then
‘ set GetProductCode=subkey ==> try to uninstall
GetProductCode=subkey

‘ if we found what we looked for.. exit the loop
Exit For
End If
Next
End If
‘WScript.Echo “End of prog : subkey = ” & subkey & ” | strName = ” & strName
Set ObjShell=nothing
End Function

‘// ********* Uninstall by product code ***********
Function Uninstall(ProductCode)
On Error Resume Next
Set ObjShell = CreateObject(“WScript.Shell”)

Uninstall = “”
If ProductCode <> “” Then
Uninstall = ObjShell.run (“Msiexec.exe /uninstall ” & ProductCode & ” /quiet /norestart”, 0, True)
‘WScript.Echo “(Uninstall = 0 Or Uninstall = 3010)?: ” & Uninstall
If (Uninstall = 0 Or Uninstall = 3010) Then
‘uninstall success.
ObjShell.LogEvent 4, “Application uninstall succeded: “& Vbcrlf & appToUninstall & Vbcrlf &” was uninstalled”
Else
‘uninstall failed
ObjShell.LogEvent 4, “Application uninstall failed: “& Vbcrlf & appToUninstall & Vbcrlf &” was not uninstalled “& Vbcrlf &”Error code: ” & InstallApp
End If
End If
Set ObjShell=nothing
End Function

‘// *********  Test if the OS is x64 or x86 ***********
‘ using the environment vaiable %programfiles% for program folder “program files”
‘ x64 system have %programfiles(x86)% and %programfiles%
Function TestOS()
Set oShell = CreateObject( “WScript.Shell” )
‘    user=oShell.ExpandEnvironmentStrings(“%UserName%”)
‘    comp=oShell.ExpandEnvironmentStrings(“%ComputerName%”)
pathProgr=oShell.ExpandEnvironmentStrings(“%programfiles(x86)%”)

‘ if folder %programfiles(x86)% exists its an x64 machine
Set objFSO = CreateObject(“Scripting.FileSystemObject”)
If  (objFSO.FolderExists (pathProgr)) then
‘WScript.Echo “x64″
TestOS=”x64”
Exit Function
Else
‘WScript.Echo “x86″
TestOS=”x86”
Exit Function
End If
Set objFSO=nothing
Set oShell=nothing
End Function

‘// *********  Test if file exists ***********
Function FileExistsTest(fileToTest)
Set objFSO = CreateObject(“Scripting.FileSystemObject”)
FileExistsTest = objFSO.FileExists (fileToTest)
‘ true = -1
‘ false = 0
‘WScript.Echo “install file exists?: ” & FileExistsTest
Set objFSO=nothing
End Function

‘// ********* copy installer file/s ***********
Function CopyInstaller()
On Error Resume Next
Set ObjShell = CreateObject(“WScript.Shell”)

‘ Test if the file exists in betwork path.
If  (FileExistsTest(localPath & installFile)) then
‘WScript.Echo “install file exists.”
CopyInstaller = 999 ‘ set return value “fileExists”
‘Logg result to event log
ObjShell.LogEvent 4, “Install files exist: ” & Vbcrlf & networkPathFull & Vbcrlf & ” already exists in” & localPath & installFile
Set ObjShell=nothing
Exit Function
Else
‘copy file using /Z for restartable copy mode, do not show command prompt.
CopyInstaller = ObjShell.run (“xcopy.exe ” & networkPathFull & ” ” & localPath & “/Z”,0,True)

‘WScript.Echo “(CopyInstaller = 0 Or CopyInstaller = 3010)?: ” & CopyInstaller
If (CopyInstaller = 0 Or CopyInstaller = 3010) Then
‘ success
‘ write to loggfile
ObjShell.LogEvent 4, “Copy of install files succeded: ” & Vbcrlf & networkPathFull & Vbcrlf & ” was copied to ” & localPath & installFile
‘ WScript.Echo “install file copied”

Else
‘copy failed
‘ Error: Write to log file
ObjShell.LogEvent 4, “Copy of install files failed: ” & Vbcrlf & networkPathFull & Vbcrlf & ” was not copied to ” & localPath & installFile _
& Vbcrlf &”Error code: ” & InstallApp
End If
End If
Set ObjShell=nothing
End Function

‘//—————————————————————————-
‘//  End Script
‘//—————————————————————————-

 

2 thoughts on “Script to Uninstall Eset Nod32 and install Forefront Endpoint protection from GPO

  1. Hi Jimmi! Excelent website and very good information. In our enterprise, i need to uninstall de NOD 32 from clients and this script is great for what i see by now.

    I have a question that you may know, since you are an expert 😀

    I had installed System Center 2012 Configuration Manager, to others tasks and i see there is a endpoint protection section. My question is … i still need to install System Center 2012 EndPoint Protection software or the Configuration Manager already had it in the bundle ?

    Another question is … the Forefront EndPoint Protection 2010 is the same as the System Center 2012 Endpoint Protection ?

    Thanks a lot in advance.

    João

Leave a Reply to Joao Ferreira Cancel reply

Your email address will not be published. Required fields are marked *


*