The Official Microsoft Forefront Endpoint Protection Team Blog

Your official source for all the latest news and tech tips for System Center Endpoint Protection.

Using a script to automate UNC definition updates

Using a script to automate UNC definition updates

  • Comments 4
  • Likes

The FEP 2010 client has the ability to use a UNC share to host updates for the antimalware definitions. A common question from our TAP community is how to setup the UNC share, and how do I keep the share updated - this article focuses on one method for keeping the UNC share up-to-date.

Microsoft release definition files three times a day. In order for the UNC share update method to work, the definition files must be downloaded and placed in a certain folder structure. This structured process is well suited for automation.

To automate this process we can use a simple VB script and the task scheduler in Windows. The VB script, uses three key objects: WinHTTPRequest, FIleSystemObject, and ADODB streams. When downloading the definitions there are actually 4 files to download: 2 for the 32-bit architecture, and 2 for the 64-bit architecture.

The first step is to create the directory structure and set some variable to hold the URLs and the path to the folders:

strMSEx86URL = "http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86" 

strMSEx86Location = "E:\defs\Updates\x86\mpam-fe.exe"
strNISX86URL = "http://download.microsoft.com/download/DefinitionUpdates/x86/nis_full.exe"
strNISX86Location = "E:\defs\Updates\x86\nis_full.exe"
strMSEx64URL = "http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64"
strMSEx64Location = "E:\defs\Updates\x64\mpam-fe.exe"
strNISX64URL = http://download.microsoft.com/download/DefinitionUpdates/amd64/nis_full.exe"
strNISX64Location = "E:\defs\Updates\x64\nis_full.exe"

Next, using the WinHTTPRequest object, we create a connection to the URL and download the first file (in this case, the x86 antimalware definitions):

Set objWINHTTP = CreateObject("WinHttp.WinHttpRequest.5.1")  

objWINHTTP.open "GET", strMSEx86URL, false
objWINHTTP.send

We then check to see if the download was successful, and then open the ADODB stream, set the type to binary to store the file on the stream, and then set the stream pointer back to the beginning:

If objWINHTTP.Status = 200 Then 

Set objADOStream = CreateObject("ADODB.Stream")
objADOStream.Open
objADOStream.Type = 1 'adTypeBinary
objADOStream.Write objWINHTTP.ResponseBody
objADOStream.Position = 0 'Set the stream position to the start
 

 

A limitation of the ADODB stream object is that if the file you are trying to save already exists, the method will throw an error. Before saving the file within the script, use the fileSystemObject to see if the file exists, and if so, delete it:

Set objFSO = Createobject("Scripting.FileSystemObject") 

'check if file exists if so delete
If objFSO.Fileexists(strMSEx86Location) Then objFSO.DeleteFile strMSEx86Location

After confirming the file no longer exists, we can save the contents of the ADODB stream we used earlier to the file and then close the stream:

objADOStream.SaveToFile strMSEx86Location 

objADOStream.Close

You must then execute this process for each of the remaining files to be downloaded. Once you have created this script and tested it, you can then use the Windows Task Scheduler to run this job three times a day to download the most recent definitions from Microsoft.

References:

WinHTTPRequest : http://msdn.microsoft.com/en-us/library/aa384106(v=VS.85).aspx
objWINHTTP.Status: http://msdn.microsoft.com/en-us/library/aa383887(VS.85).aspx
ADODB Streams: http://msdn.microsoft.com/en-us/library/ms675032(VS.85).aspx
FileSystemObject: http://msdn.microsoft.com/en-us/library/6kxy1a51(VS.85).aspx

Chris Norman
Senior Escalation Engineer, CSS

Comments
  • I have attempted to run this script, but continue to get the error

    WSH

    LIne: 44

    Char: 19

    Error: Expected 'End'

    Code: 800A03F6

    Source: Microsoft VBScript compliation error

    Any ideas what I need to do?  I am not highly skilled at scripting, so troubleshooting has been a major pain.

    Thanks,

    Chris

  • Hi Chris,

    This set of code was provided as a sample only, and needs additional scripting in order to work properly.  For more assistance, try the Scripting forum (social.technet.microsoft.com/.../threads)...

  • what is scripting additional for work proxy.?

  • Hi Julio,

    I'm not sure I understand the question you're asking - but I'll give an answer a shot. The examples above are not given in a complete script - you cannot copy and paste the sections together without appropriate script formatting.

    However, with FEP 2010 Update Rollup 1, there is a Definition Update Automation tool available, which may make the above steps unnecessary.

    You can find UR1 here: www.microsoft.com/.../details.aspx

    Thanks for your question!

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment