Category Archives: Antivirus

Script to Uninstall Eset Nod32 and install Forefront Endpoint protection from GPO

How to uninstall Eset Nod32 Antivirus and install FEP (Forefront Endpoint Protection) also known as Microsoft Essentials Antivirus on Windows clients using a vbscript.

In my environment we have been using Eset Nod32 Business Edition antivirus version 4.

Nod32 is a light and stable antivirus with a decent footprint. The Eset Administration is good and powerful if you spend a couple of days learning it.

But!.

Wen we started to use a business web application, using the java editor PageFlex .EDIT, from our business partner www.webtopsolutions.se our users complained on that editing tool system, and it was really slow, loading the page in about 40 to 50 seconds, and editing was really slow with 1 to 2 seconds per key stroke .

After some troubleshooting we found that Nod32 was the reason and for some reason there is no way to exclude a web site from the antivirus, there is a setting to exclude URLs from scanning but the URL will still be processed by Nod32 in some way. One possible option is to disable the scanning of web pages completely, but that was not an option I liked.

The quick fix on this problem is to change antivirus to FEP wich is free at least if you have a subscription from Microsoft, else there is the essentials version.

To manage and install FEP you have two options, one is to use System Center 2012 Endpoint Protection (or SCCM) and it requires SQL Server Standard or Enterprise editions. The other option is to install the client manually or by script and use GPO settings to mange the client settings.

This is how I install the FEP client using a GPO user logon script, making sure that Nod32 is uninstalled before installing. It is tested on Windows XP and Windows 7, x86 and x64.

Wen running the script on my Windows 7 the UAC popped up, I haven´t tested if that happens when the script is run by the GPO, so you might need to test it and tell the users if the prompt will  pop up.

Thanks to Jakob Gottlieb Svendsen, http://blog.coretech.dk/jgs, for providing a nice start to this script.

I hope this will be of help, and don´t forget to turn off the password protection in Nod32 or the uninstall will fail.

 

Use this script at your own risk and test it before deploying to production environment.

Continue reading Script to Uninstall Eset Nod32 and install Forefront Endpoint protection from GPO

Eset Remote Administration Console – Nod32

How to disable Password Protection in Nod32 antivirus.

To update a setting in Nod32 the setting must be enabled in the policy, if you just disable a setting in the policy it will not change the setting on the clients.

If Password protection is enabled in Nod32 you will not be able to uninstall it from a logon script

Procedure to disable password protection is as follows

  1. In admin console open up the policy manager from Tools menu
  2. Pick the policy to edit and press edit
  3. Mark “Eset Smart Security…” > ESET Kernel > Setup > Protect setup parameters
  4. Chose “Unmark” to disable the setting
  5. Chose “Mark” to enable the setting, but do NOT enter a password
  6. Save the policy

That´s it.