Help

SEP (symantec) scheduling, updating, and Deployment

joemamasmac
New Contributor III

Posted on ‎04-02-2013 10:52 AM

Hello All,

We are about to roll out SEP (symantec enterprise protection) to both our Win and Mac machines on campus. Based on some of the other posts I have SEP packaged and included the "sylink.xml" file based on if they are labs or workstations to auto join our SEP 12 management server. I have some questions though on what others are doing for updates and scanning as well as my package.

  1. I only added the sylink.xml file from the Additional Resources folder. Are the other files needed? I couldn't find anything about where they should go or what if anything was needed. They include sep.slf, setAid.ini, setup.ini and the dat file which I think the system can just download.

  2. What does everyone do for liveupdates? Do you liveupdate all products, just virus definitions and then push product updates via casper?

  3. I am also looking at a scan schedule. I am thinking about making all labs scan daily, and then have office scan weekly. Anyone else in education have any suggestions?

Thanks for any feedback.

Joe

0 Kudos
Reply
4 REPLIES 4

evanmellichampe
New Contributor III

Posted on ‎04-02-2013 02:13 PM

We are evaluating the option to replace Sophos AV with SEP 12.1 and are looking for deployment answers as well. What we know so far is that the SEP Manager Server should be set up to provide definition updates to multiple Group Update Providers (GUP's) on the Windows side and then we "may" need to stand up several LiveUpdate Administrator Servers (LUAS) for the Mac side. At present, we don't have either of these in place and are still just using the SEPM server to generate installation packages for Win32, Win64 and Mac OS X for early testing.

Our main concern going forward is update traffic. We were told that only three LUAS machines were needed for nearly 20,000 Macs, and that's only if pointing them all directly to Symantec for updates seems to generate too much traffic.

0 Kudos
Reply

mojo21221
Contributor II

Posted on ‎04-03-2013 10:30 AM

It took me a little while to figure the whole process out, but I was able to create a silent install by putting the additional resources folder and the Symantec Endpoint Protection.pkg installer in an embedded folder like private mpsep12.12. Then I created a .dmg of the private folder and its contents using Composer. I then created the following script:

#!/bin/sh
cd /private/tmp/SEP12.1.2
/usr/sbin/installer -pkg "Symantec Endpoint Protection.pkg" -target /
if [ $? -eq 0 ]; then
exit 0
else
exit 1
fi

I uploaded both to Casper Admin. To deploy I created a Policy with the package SEP12.1.2.dmg and the script Symantec Managed install.sh with priority 'After'. For the Display and execution settings I have it triggered by any and set to once per computer. For the Scope, I have it set to a smart group that looks to see if SEP is installed. This works great, for when a mac is finished imaging and you want SEP to be automatically installed. Also, make sure you have JAVA 6 installed on you the mac prior to installing SEP. I have it pre-installed on our master image so its a non-issue for us. Hope this helps and I didn't leave anything out.

0 Kudos
Reply

jhalvorson
Valued Contributor

Posted on ‎04-03-2013 12:00 PM

We used SEP but didn't have the Mac's managed by Symantec console because lack of trust in the console at that time. So I used JAMF to set the schedule and to routinely force an update.

Once a month, this policy would set the live update schedule. Of course if it already existed, it would simple delete any schedule and reset it to our preferred settings.

#!/bin/sh

#   This script will set the Symantec LiveUpdate schedule to
#   download and install the latest virus definitions available from Symantec.
#
#   This script expects Symantec LiveUpdate to be installed at:
#
#       /Applications/Symantec Solutions/Symantec Scheduler.app/Contents/Resources/symsched
#
########
# 
# LOGGING FUNCTION
#
####################################################################################################
logFile="/private/var/log/YourCompanyName-SEPupdateSched.log"

log () {
    echo $1
    echo $(date "+%Y-%m-%d %H:%M:%S: ") $1 >> $logFile  
}
####################################################################################################
# 
# SCRIPT CONTENTS
#
####################################################################################################

if [ -f "/Applications/Symantec Solutions/LiveUpdate.app/Contents/MacOS/LiveUpdate" ]; then   
####################################################################################################
# DELETE ALL EXISTING SYMSCHED TASKS and WRITE TO LOG
####################################################################################################
symsched -d all
log "Deleted all existed symsched tasks."

####################################################################################################
# CREATE SCHEDULEDS
####################################################################################################
symsched LiveUpdate "AllUpdate monthy01" 1 1 -monthly 01 10:20 "All Products" -quiet
symsched LiveUpdate "AllUpdate monthy15" 1 1 -monthly 15 15:45 "All Products" -quiet
symsched LiveUpdate "Mon VDefs Update" 1 1 -weekly 1 08:00 "Virus Definitions" -quiet
symsched LiveUpdate "Tue VDefs Update" 1 1 -weekly 2 10:00 "Virus Definitions" -quiet
symsched LiveUpdate "Wed VDefs Update" 1 1 -weekly 3 12:00 "Virus Definitions" -quiet
symsched LiveUpdate "Thu VDefs Update" 1 1 -weekly 4 14:00 "Virus Definitions" -quiet
symsched LiveUpdate "Fri VDefs Update" 1 1 -weekly 5 16:00 "Virus Definitions" -quiet

log "YourCompanyName Symantec Schedule have been created."

else    
    log "Error:  Symantec LiveUpdate was not found on this machine."
    exit 1
fi
exit 0

In case that failed for whatever reason, I also had this script that ran once a month. The idea is that it instructs LiveUpdate on our command. I got it from the JAMF resource kit and Nick Amundsen.

#!/bin/sh
####################################################################################################
#
# Copyright (c) 2010, JAMF Software, LLC.  All rights reserved.
#
#       Redistribution and use in source and binary forms, with or without
#       modification, are permitted provided that the following conditions are met:
#               * Redistributions of source code must retain the above copyright
#                 notice, this list of conditions and the following disclaimer.
#               * Redistributions in binary form must reproduce the above copyright
#                 notice, this list of conditions and the following disclaimer in the
#                 documentation and/or other materials provided with the distribution.
#               * Neither the name of the JAMF Software, LLC nor the
#                 names of its contributors may be used to endorse or promote products
#                 derived from this software without specific prior written permission.
#
#       THIS SOFTWARE IS PROVIDED BY JAMF SOFTWARE, LLC "AS IS" AND ANY
#       EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
#       WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
#       DISCLAIMED. IN NO EVENT SHALL JAMF SOFTWARE, LLC BE LIABLE FOR ANY
#       DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
#       (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
#       LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
#       ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
#       (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
#       SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
####################################################################################################
#
# SUPPORT FOR THIS PROGRAM
#
#       This program is distributed "as is" by JAMF Software, LLC's Resource Kit team. For more
#       information or support for the Resource Kit, please utilize the following resources:
#
#               http://list.jamfsoftware.com/mailman/listinfo/resourcekit
#
#               http://www.jamfsoftware.com/support/resource-kit
#
#       Please reference our SLA for information regarding support of this application:
#
#               http://www.jamfsoftware.com/support/resource-kit-sla
#
####################################################################################################
#
# ABOUT THIS PROGRAM
#
# NAME
#   runSAVLiveUpdate.sh -- Run Symantec LiveUpdate.
#
# SYNOPSIS
#   sudo runSAVLiveUpdate.sh
#   sudo runSAVLiveUpdate.sh <mountPoint> <computerName> <currentUsername>
#
# DESCRIPTION
#   This script will run the Symantec LiveUpdate application in the background which will silently
#   download and install the latest virus definitions available from Symantec.
#
#   This script expects Symantec LiveUpdate to be installed at:
#
#       /Applications/Symantec Solutions/LiveUpdate.app
#
####################################################################################################
#
# HISTORY
#
#   Version: 1.1
#
#   - Created by Nick Amundsen on August 6th, 2008
#   - Updated by Nick Amundsen on November 22nd, 2010
#       - Fixed an issue that prevents LiveUpdate from running when the machine is at the loginwindow
#         and improved error logging.
#
####################################################################################################
# 
# LOGGING FUNCTION
#
####################################################################################################
logFile="/private/var/log/runSAVLiveUpdate.log"

log () {
    echo $1
    echo $(date "+%Y-%m-%d %H:%M:%S: ") $1 >> $logFile  
}

####################################################################################################
# 
# SCRIPT CONTENTS
#
####################################################################################################

if [ -f "/Applications/Symantec Solutions/LiveUpdate.app/Contents/MacOS/LiveUpdate" ]; then   
    checkForLoggedInUsers=`who | grep console`
    if [ "$checkForLoggedInUsers" == "" ]; then
        #Nobody is logged in - Launch LiveUpdate with a LaunchDaemon
        log "Running LiveUpdate using a LaunchDaemon..."
        log "  Creating LaunchDaemon..."
        /usr/bin/defaults write '/Library/LaunchDaemons/com.jamfsoftware.runSAVLiveUpdate' Label -string 'com.jamfsoftware.runSAVLiveUpdate'
        /usr/bin/defaults write '/Library/LaunchDaemons/com.jamfsoftware.runSAVLiveUpdate' LaunchOnlyOnce -bool 'true'
        /usr/bin/defaults write '/Library/LaunchDaemons/com.jamfsoftware.runSAVLiveUpdate' ProgramArguments -array '/Applications/Symantec Solutions/LiveUpdate.app/Contents/MacOS/LiveUpdate'
        /usr/bin/defaults write '/Library/LaunchDaemons/com.jamfsoftware.runSAVLiveUpdate' ProgramArguments -array-add '-update'
        /usr/bin/defaults write '/Library/LaunchDaemons/com.jamfsoftware.runSAVLiveUpdate' ProgramArguments -array-add 'LUal'
        /usr/bin/defaults write '/Library/LaunchDaemons/com.jamfsoftware.runSAVLiveUpdate' ProgramArguments -array-add '-liveupdatequiet'
        /usr/bin/defaults write '/Library/LaunchDaemons/com.jamfsoftware.runSAVLiveUpdate' ProgramArguments -array-add 'YES'
        /usr/bin/defaults write '/Library/LaunchDaemons/com.jamfsoftware.runSAVLiveUpdate' ProgramArguments -array-add '-liveupdateautoquit'
        /usr/bin/defaults write '/Library/LaunchDaemons/com.jamfsoftware.runSAVLiveUpdate' ProgramArguments -array-add 'YES'
        /usr/bin/defaults write '/Library/LaunchDaemons/com.jamfsoftware.runSAVLiveUpdate' LimitLoadToSessionType -array 'Aqua'
        /usr/bin/defaults write '/Library/LaunchDaemons/com.jamfsoftware.runSAVLiveUpdate' LimitLoadToSessionType -array-add 'LoginWindow'
        /usr/bin/defaults write '/Library/LaunchDaemons/com.jamfsoftware.runSAVLiveUpdate' RunAtLoad -bool 'true'
        /usr/bin/defaults write '/Library/LaunchDaemons/com.jamfsoftware.runSAVLiveUpdate' UserName -string 'root'
        chown root:wheel /Library/LaunchDaemons/com.jamfsoftware.runSAVLiveUpdate.plist
        chmod 644 /Library/LaunchDaemons/com.jamfsoftware.runSAVLiveUpdate.plist
        log "  Loading LaunchDaemon..."
        /bin/launchctl load -S Aqua -S LoginWindow /Library/LaunchDaemons/com.jamfsoftware.runSAVLiveUpdate.plist
        if [ $? == 0 ]; then
            log "Loaded LiveUpdate using a LaunchDaemon."
        else
            log "There was an error loading the LaunchDaemon. Exit Code: $?"
        fi
        #Move the LaunchDaemon to /private/tmp so it does not get called again
        /bin/mv /Library/LaunchDaemons/com.jamfsoftware.runSAVLiveUpdate.plist /private/tmp/com.jamfsoftware.runSAVLiveUpdate.plist
    else
        #Someone is logged in - Launch LiveUpdate providing the path to the app
        log "Running LiveUpdate..."
        /Applications/Symantec Solutions/LiveUpdate.app/Contents/MacOS/LiveUpdate -update LUal -liveupdatequiet YES -liveupdateautoquit YES
        if [ $? == 0 ]; then
            log "Finished running LiveUpdate."
        else
            log "There was an error running LiveUpdate. Exit Code: $?"
        fi
    fi
else    
    log "Error:  Symantec LiveUpdate was not found on this machine."
    exit 1
fi

For the most part it was successful at keeping the clients up to date. If I had to do them today, I would increase the frequency of each to appease our Windows admins.

0 Kudos
Reply

evanmellichampe
New Contributor III

Posted on ‎08-29-2013 07:37 AM

My thanks to both of you for your response. Surprisingly enough, we've reverted back over to using Sophos 9 for OS X and then using their VShield product as well. Symantec will remain our endpoint solution for Windows users.

0 Kudos
Reply