DoC Computing Support Group

Differences between revisions 7 and 9 (spanning 2 versions)
Revision 7 as of 2020-11-26 12:29:27
Size: 1592
Editor: rkhandke
Comment:
Revision 9 as of 2020-11-26 16:02:08
Size: 2483
Editor: rkhandke
Comment:
Deletions are marked like this. Additions are marked like this.
Line 29: Line 29:

Proposed GPO startup script - removes SEP and deploys Sophos, first checking if registry keys exist
{{{

@echo off
reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E327F586-9CB8-4E97-8F61-8D119C3C78F5} /v UninstallString

IF %ERRORLEVEL% == 0 goto uninstallSEP
IF %ERRORLEVEL% == 1 goto no
goto :end

:uninstallSEP
wmic product where "name='Symantec Endpoint Protection'" call uninstall /nointeractive
goto checkSophos

:no
echo "Not Found"
goto checkSophos

:checkSophos
reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D7BB12C-6854-46DF-A67D-F82D778D75C8} /c UninstallString

IF %ERRORLEVEL% == 1 goto installSophos
IF %ERRORLEVEL% == 0 goto SophosIns
goto :end

:installSophos
\\aythya\Sources\Applications\Sophos\sophossetup.exe --quiet
goto end

:SophosIns
echo "Sophos Already Installed"
goto end

:end

}}}

Sophos for WIndows

Project: Anti-Virus Replacement - ICT Unmanaged devices1



Description: ICT are removing Symantec products, to save on license costs. Sophos will be installed as the new antivirus protection. CSG must carry out this task on the WIN domain.

Progress: FIrst meeting on 23rd November 2020

Second meeting on 25th November 2020: ICT sent the Sophos installation files and Powershell scripts

Files uploaded to \\win\dfs\Admin\Sophos AV\DoC

nraghwan and rkhandke tested Sophos on Windows 10 VMs - successful

rkhandke tested on temp server motmot - unsuccessful, due to licensing. As domain member, sophos accounts appear to have been created in AD, and subsequently disabled by CLAM

rkhandke tested GPO startup scripts using WMI to query for existing Symantec and Sophos installations

To do: test automated deployment of the Sophos installer package

SophosSetup.exe --quiet

Successfully tested script on ladywood-vm1:t

wmic product where "name='Symantec Endpoint Protection'" call uninstall /nointeractive

\\aythya\Sources\Applications\Sophos\sophossetup.exe --quiet

Notes on script: Sophos is configured with an anti-tamper password and cannot be directly uninstalled without the password or ICT procedure

To do: sanity checks, check registry keys before running each command

Proposed GPO startup script - removes SEP and deploys Sophos, first checking if registry keys exist 

@echo off
reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E327F586-9CB8-4E97-8F61-8D119C3C78F5} /v UninstallString

IF %ERRORLEVEL% == 0 goto uninstallSEP
IF %ERRORLEVEL% == 1 goto no
goto :end

:uninstallSEP
wmic product where "name='Symantec Endpoint Protection'" call uninstall /nointeractive
goto checkSophos

:no
echo "Not Found"
goto checkSophos

:checkSophos
reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D7BB12C-6854-46DF-A67D-F82D778D75C8} /c UninstallString

IF %ERRORLEVEL% == 1 goto installSophos
IF %ERRORLEVEL% == 0 goto SophosIns
goto :end

:installSophos
\\aythya\Sources\Applications\Sophos\sophossetup.exe --quiet
goto end

:SophosIns
echo "Sophos Already Installed"
goto end

:end

...

CategoryHomepage

 
 

Sophos for WIndows (last edited 2020-11-26 16:02:08 by rkhandke)