How to uninstall Eset Nod32 Antivirus and install FEP (Forefront Endpoint Protection) also known as Microsoft Essentials Antivirus on Windows clients using a vbscript.
In my environment we have been using Eset Nod32 Business Edition antivirus version 4.
Nod32 is a light and stable antivirus with a decent footprint. The Eset Administration is good and powerful if you spend a couple of days learning it.
But!.
Wen we started to use a business web application, using the java editor , from our business partner www.webtopsolutions.se our users complained on that editing tool system, and it was really slow, loading the page in about 40 to 50 seconds, and editing was really slow with 1 to 2 seconds per key stroke .
After some troubleshooting we found that Nod32 was the reason and for some reason there is no way to exclude a web site from the antivirus, there is a setting to exclude URLs from scanning but the URL will still be processed by Nod32 in some way. One possible option is to disable the scanning of web pages completely, but that was not an option I liked.
The quick fix on this problem is to change antivirus to wich is free at least if you have a subscription from Microsoft, else there is the essentials version.
To manage and install FEP you have two options, one is to use (or SCCM) and it requires SQL Server Standard or Enterprise editions. The other option is to install the client manually or by script and.
This is how I install the FEP client using a GPO user logon script, making sure that Nod32 is uninstalled before installing. It is tested on Windows XP and Windows 7, x86 and x64.
Wen running the script on my Windows 7 the UAC popped up, I haven´t tested if that happens when the script is run by the GPO, so you might need to test it and tell the users if the prompt will pop up.
Thanks to Jakob Gottlieb Svendsen, for .
I hope this will be of help, and don´t forget to or the uninstall will fail.
Use this script at your own risk and test it before deploying to production environment.
‘ //*************************************************************************** ‘ // ***** Script Header ***** ‘ File Name: UninstallNod32_InstallFEP.vbs ‘ Author : Jimi Friis, www.newsweb.se ‘ Created: 2012-03-22 ‘ Purpose: Uninstall Eset Nod32 Antivirus (or other program) using “Msiexec.exe” ‘ and install Microsoft Forefront Endpoint Protection (or other program) using installer file and flags ‘ ‘ How it works: 1. Script looks in the registry if the program to install is already installed, if it is the script aborts the rest. ‘ 2. Script tests the system if it is x64 or x86 by checking if systempath %programfiles(x86)% exists ‘ and sets file to copy and install depending on if OS type ‘ and copy the install file to local disk ‘
3. Script then looks in the registry for the progam to uninstall and if it is installed it tries to uninstall it ‘ 4. Script again tests if the program to uninstall really is uninstalled, if not it aborts the script. ‘ 5. Script install the program specified. ‘ ‘ Good to know: No cleanup of install files.. ‘ No forced or prompted reboot.. ‘ Logging: Registry lookup, uninstall and Install are all Logging failed and succeded events to event log. ‘ All events have source WHS and event ID 4 ‘ MsiInstaller is also logging to Application event log ‘ //
‘ // My script is Based on below scripts function.. “Function GetProductCode(strName)” original.. ‘ // Solution: iTunes ‘ // File: GetProductCode.vbs ‘ // Author: Jakob Gottlieb Svendsen, Coretech A/S. ‘ // Purpose: Uninstall old versions and install new. ‘ // Searches registry for the productcodes for the old programs. ‘ // ‘ // Usage: GetProductCode.vbs ‘ // ‘ // ‘ // CORETECH A/S History: ‘ // 1.0.0 JGS 18/10/2010 Created initial version. ‘ // ‘ // Customer History: ‘ // ‘ // ***** End Header ***** ‘ //*************************************************************************** ‘//—————————————————————————- ‘// ‘// Global constant and variable declarations ‘// ‘//—————————————————————————- Dim ReturnVal, ProductCode ProductCode=0
Dim networkPathFull, localPath, installFile, installParameters installFile = “”
Dim appToUninstall Dim appToInstallx64, appToInstallx86, networkPath Dim appToInstallDisplayName
Dim uninstallReturnCode, uninstallProductCode, CopyInstallerReturnCode, TestOSReturnCode TestOSReturnCode=”” ‘//—————————————————————————- ‘//************ User settings **********
‘DisplayName of applications to install and uninstall appToUninstall=”ESET NOD32 Antivirus” appToInstallDisplayName = “Microsoft Antimalware”
‘ Installer file names depending on OS type appToInstallx64 = “FEPInstall_x64.exe” appToInstallx86 = “FEPInstall_x86.exe” ‘ Installer parameters/flags to use (as in command line install) installParameters = “/s /q” ‘ FEP install – tested and ok.. ‘ c:gpoinstallFEPInstall_x86.exe /s /q ‘/s – Specifies that a silent Setup should be performed. ‘/q – Specifies that a silent extraction of the Setup files should be performed.
‘networkpath to copy installer from networkPath = “\MYSERVERNAMESOFTWARE_INSTALL_SHAREForefrontEP” ‘local path to copy installer to localPath = “C:gpoinstall”
‘//************** END User settings ************
‘//—————————————————————————- ‘// Main routines ‘//—————————————————————————-
‘1. *********************************************************** ‘// ** Test if application/program is installed. abort script if it is installed ** If GetProductCode(appToInstallDisplayName) <> “” Then ‘WScript.Echo “appToInstallDisplayName: ” & appToInstallDisplayName & “already installed.. aborting” Wscript.Quit End If ‘WScript.Echo appToInstallDisplayName & ” is NOT installed.. continuing..”
‘2. *********************************************************** ‘// ** Copy installer files ** ‘2.1 *********************************************************** ‘//** Test OS type to copy and install correct files** TestOSReturnCode = TestOS() ‘WScript.Echo “Os is ” & TestOSReturnCode if (TestOSReturnCode=”x64″) Then installFile = appToInstallx64 Else installFile = appToInstallx86 End If
‘2.2 *********************************************************** ‘// ** Set full network path to install file ** networkPathFull = networkPath & installFile
‘2.3 *********************************************************** ‘// ** Copy files for installation to local disk if they dont exist** ‘CopyInstaller=999, “fileExists” | CopyInstaller=0,”CopyOK” | CopyInstaller=4, “fileNotFound” CopyInstallerReturnCode = CopyInstaller() If Not (CopyInstallerReturnCode = 0 Or CopyInstallerReturnCode = 999) Then ‘If Not (CopyInstallerReturnCode = “fileExists”) Then ‘WScript.Echo “Copy Error status is: ” & CopyInstallerReturnCode Wscript.Quit ‘End If Else ‘WScript.Echo “Copy status is: ” & CopyInstallerReturnCode End If
‘3. *********************************************************** ‘ // ** Uninstall application/program if it is installed** uninstallProductCode = GetProductCode(appToUninstall) If uninstallProductCode <> “” Then ‘WScript.Echo “appToUninstall: ” & appToUninstall & ” = ready to uninstall” ‘ uninstall application uninstallReturnCode = Uninstall(uninstallProductCode)
If Not (uninstallReturnCode = 0 Or uninstallReturnCode = 3010) Then ‘ WScript.Echo “appToUninstall: ” & appToUninstall & ” = Failed to uninstall, code: ” & uninstallReturnCode Wscript.Quit End If ‘Else ‘ WScript.Echo “appToUninstall: ” & appToUninstall & ” = not installed” ‘Wscript.Quit ‘not needed.. if this is not installed and replacement app is not installed it should continue End If ‘Nod32 status: 1603 = error caused by password protection of nod32 settings (advanced settings > user interface > access ..
‘4. *********************************************************** ‘// ** check once again if application to uninstall really is uninstalled. and abort if it wasn´t If GetProductCode(appToUninstall) <> “” Then ‘ WScript.Echo “appToUninstall: ” & appToUninstall & “is still installed.. aborting” Wscript.Quit End If
‘5. *********************************************************** ‘// ** install the new application/program if installation files exists** ‘WScript.Echo “Installation status: ” & _ InstallApp()
‘ // Quit script Wscript.Quit
‘//—————————————————————————- ‘// Procedures ‘//—————————————————————————-
‘ install Forefront Endpoint Protection ‘// ********* Install application *********** Function InstallApp() On Error Resume Next InstallApp=”noInstall” If (FileExistsTest(localPath & installFile)) Then
Set ObjShell = CreateObject(“WScript.Shell”)
InstallApp = ObjShell.run (localPath & installFile & ” ” & installParameters, 1, True) ‘WScript.Echo “(InstallApp = 0 Or InstallApp = 3010)?: ” & InstallApp
If (InstallApp = 0 Or InstallApp = 3010) Then ‘ install success. ObjShell.LogEvent 4, “Application install succeded: ” & Vbcrlf & appToInstallDisplayName & Vbcrlf & ” was installed from ” & localPath & installFile Else ‘install failed ObjShell.LogEvent 4, “Application install failed: ” & Vbcrlf & appToInstallDisplayName & Vbcrlf & ” was installed from ” & localPath & installFile _ & Vbcrlf &”Error code: ” & InstallApp End If Set ObjShell=nothing End If End Function
‘// ********* Get ProductCode for application *********** Function GetProductCode(strName)
Dim strComputer, oReg, strKeyPath, strValueNAme, strValue, arrSubKeys, subkey Dim strKeyPathStandard, strKeyPathX64 ” search strings for x86 and x64 (x64 string is not used in this script, ” add it if your application is in that registry section and break it out of the function) ‘strKeyPathX64 = “SOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstall” strKeyPathStandard = “SOFTWAREMicrosoftWindowsCurrentVersionUninstall”
‘set register root path Const HKEY_LOCAL_MACHINE = &H80000002 strComputer = “.” arrSubKeys = Null
‘ Shell obj for logging Set ObjShell = CreateObject(“WScript.Shell”) ObjShell.LogEvent 4, “Searching in registry for installed products by search term: ” & strName
‘ get register root object Set oReg=GetObject(“winmgmts:{impersonationLevel=impersonate}!\” & _ strComputer & “rootdefault:StdRegProv”)
‘ search path and subkey array in registry strKeyPath = strKeyPathStandard oReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys
‘set GetProductCode=”” , default value if no entry is found GetProductCode=””
‘ test each subkey for the program to find using the registry key DisplayName If Not IsNull(arrSubKeys) Then For Each subkey In arrSubKeys ‘ WScript.Echo subkey strKeyPath = strKeyPathStandard & subkey
‘// DisplayName = name on program to find ‘// ********************************* strValueName = “DisplayName” oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue ‘ if strValue is what we look for, strName, return the subkey. If InStr(LCase(strValue), LCase(strName)) > 0 Then ‘ set GetProductCode=subkey ==> try to uninstall GetProductCode=subkey
‘ if we found what we looked for.. exit the loop Exit For End If Next End If ‘WScript.Echo “End of prog : subkey = ” & subkey & ” | strName = ” & strName Set ObjShell=nothing End Function
‘// ********* Uninstall by product code *********** Function Uninstall(ProductCode) On Error Resume Next Set ObjShell = CreateObject(“WScript.Shell”)
Uninstall = “” If ProductCode <> “” Then Uninstall = ObjShell.run (“Msiexec.exe /uninstall ” & ProductCode & ” /quiet /norestart”, 0, True) ‘WScript.Echo “(Uninstall = 0 Or Uninstall = 3010)?: ” & Uninstall If (Uninstall = 0 Or Uninstall = 3010) Then ‘uninstall success. ObjShell.LogEvent 4, “Application uninstall succeded: “& Vbcrlf & appToUninstall & Vbcrlf &” was uninstalled” Else ‘uninstall failed ObjShell.LogEvent 4, “Application uninstall failed: “& Vbcrlf & appToUninstall & Vbcrlf &” was not uninstalled “& Vbcrlf &”Error code: ” & InstallApp End If End If Set ObjShell=nothing End Function
‘// ********* Test if the OS is x64 or x86 *********** ‘ using the environment vaiable %programfiles% for program folder “program files” ‘ x64 system have %programfiles(x86)% and %programfiles% Function TestOS() Set oShell = CreateObject( “WScript.Shell” ) ‘ user=oShell.ExpandEnvironmentStrings(“%UserName%”) ‘ comp=oShell.ExpandEnvironmentStrings(“%ComputerName%”) pathProgr=oShell.ExpandEnvironmentStrings(“%programfiles(x86)%”)
‘ if folder %programfiles(x86)% exists its an x64 machine Set objFSO = CreateObject(“Scripting.FileSystemObject”) If (objFSO.FolderExists (pathProgr)) then ‘WScript.Echo “x64″ TestOS=”x64” Exit Function Else ‘WScript.Echo “x86″ TestOS=”x86” Exit Function End If Set objFSO=nothing Set oShell=nothing End Function
‘// ********* Test if file exists *********** Function FileExistsTest(fileToTest) Set objFSO = CreateObject(“Scripting.FileSystemObject”) FileExistsTest = objFSO.FileExists (fileToTest) ‘ true = -1 ‘ false = 0 ‘WScript.Echo “install file exists?: ” & FileExistsTest Set objFSO=nothing End Function
‘// ********* copy installer file/s *********** Function CopyInstaller() On Error Resume Next Set ObjShell = CreateObject(“WScript.Shell”)
‘ Test if the file exists in betwork path. If (FileExistsTest(localPath & installFile)) then ‘WScript.Echo “install file exists.” CopyInstaller = 999 ‘ set return value “fileExists” ‘Logg result to event log ObjShell.LogEvent 4, “Install files exist: ” & Vbcrlf & networkPathFull & Vbcrlf & ” already exists in” & localPath & installFile Set ObjShell=nothing Exit Function Else ‘copy file using /Z for restartable copy mode, do not show command prompt. CopyInstaller = ObjShell.run (“xcopy.exe ” & networkPathFull & ” ” & localPath & “/Z”,0,True)
‘WScript.Echo “(CopyInstaller = 0 Or CopyInstaller = 3010)?: ” & CopyInstaller If (CopyInstaller = 0 Or CopyInstaller = 3010) Then ‘ success ‘ write to loggfile ObjShell.LogEvent 4, “Copy of install files succeded: ” & Vbcrlf & networkPathFull & Vbcrlf & ” was copied to ” & localPath & installFile ‘ WScript.Echo “install file copied”
Else ‘copy failed ‘ Error: Write to log file ObjShell.LogEvent 4, “Copy of install files failed: ” & Vbcrlf & networkPathFull & Vbcrlf & ” was not copied to ” & localPath & installFile _ & Vbcrlf &”Error code: ” & InstallApp End If End If Set ObjShell=nothing End Function
‘//—————————————————————————- ‘// End Script ‘//—————————————————————————-