' Sophos Anti-Virus 7.x -- Remediation Script version 1.0 ' Copyright (c) 2007-2009, Sophos Plc, http://www.sophos.com ' ' DO NOT DISTRIBUTE WITHOUT THE PRIOR CONSENT OF SOPHOS TECHNICAL SUPPORT. ' ' Script intended for use on Windows 2000/XP/2003/Vista ONLY. ' SCRIPT IS PROVIDED "AS IS" UNLESS OTHERWISE STATED. ' Script to perform basic service checks on a install of SAV. ' Attempts basic repair of services if not reprotects (Set intRedeployEnabled to 1 off by default) ' Optionally enable logging to produce a log file in a central share (strLogFilePath) directory. ' Logging is enabled through setting the variable intLoggingOn to 1 ' The log file created has a name beginning 0 or 1 (depending on re-deploy require or not) followed by the hostname ' i.e. re-protect of client recommended log will be named: ' 1--theComputerName--SophosServiceChecker.txt ' services are OK, no re-protect needed log will be named: ' 0--theComputerName--SophosServiceChecker.txt ' below you can comment out whether you want the script to silently carry on if it encounters an error or not on error resume next dim intLoggingOn dim intRedeployEnabled dim intRedeployRequired dim strRedeployString dim objWMIservicesCIMV2 dim intCheckSAV dim strSAVServiceName dim objFSO dim strHostname 'User Vars To Edit PLEASE REPLACE Values below '------------------------------------------------------------------------------------------------------------------------------------------------------------ 'Define Which Products Should be checked. intCheckSAV = 1 intCheckSCF = 0 intCheckSAU = 1 intCheckRMS = 1 'services to monitor arraySAVServices = array("SAVService", "SAVAdminService") arrayRMSServices = array("Sophos Agent", "Sophos Message Router") arraySAUServices = array("Sophos AutoUpdate Service") arraySCFServices = array("Sophos Client Firewall","Sophos Client Firewall Manager") 'Logging Options intLoggingOn = 0 ' [0!1] Enable/Disable logging strLogFilePath = “\\servername\centralLogging\" 'Path to log, requires trailing backslash strLogBaseFileName = "SophosServiceChecker.txt" 'Will Also Contain the Hostname at start 'Re-protect Options see KB: http://www.sophos.com/support/knowledgebase/article/12570.html intRedeployEnabled = 0 ' [0!1] Enable Re-Deploy strRedeployString = "\\servername\sophosupdate\CIDs\S000\SAVSCFXP\Setup.exe" &_ " -updp " & chr(34) & "\\servername\sophosupdate\CIDs\S000\SAVSCFXP" & chr(34) & "" &_ " -mng yes" &_ " -ni" &_ " -s" &_ " -crt R" &_ " -scf" &_ " -ouser " & chr(34) & "Bwj+kEmc8mYyk/gyHii5n79E9MAS7i9FWGmsBh67wu4b+xCdcXxHa49o" & chr(34) & "" &_ " -opwd " & chr(34) & "BwgJHsV/hqnFY6dUVS+/TszzE3U5HgF800A=" & chr(34) & "" 'Suggest using -ouser and -opwd KB13094 intRedeployRequired = 0 ' Default to re-deploy not required '------------------------------------------------------------------------------------------------------------------------------------------------------------ 'Do not Edit Below Here 'Do not Edit Below Here 'Do not Edit Below Here 'Do not Edit Below Here 'Do not Edit Below Here call GetHostName() ' Create Global Objects for re-use Set objWMIservicesCIMV2 = GetObject("WinMgmts:{(Security)}\\.\root\cimv2") if intLoggingOn = 1 then Set objFSO = CreateObject("Scripting.FileSystemObject") strFullPath = strLogFilePath & strHostName & "--" & strLogBaseFileName Set objLogFile = objFSO.CreateTextFile (strFullPath, TRUE) 'Write out Tool info and config objLogFile.WriteLine "Sophos Service Checker" & vbcrlf &_ "Options in use: " & vbcrlf &_ " LoggingOn: " & intLoggingOn & vbcrlf &_ " LogFileName: " & strFullPath & vbcrlf &_ " RedeployEnabled : " & intRedeployEnabled & vbcrlf &_ " RedeployString: " & strRedeployString end if 'Call services checked on applications if intCheckSAV = 1 then CheckServicesForProduct(arraySAVServices) end if if intCheckRMS = 1 then CheckServicesForProduct(arrayRMSServices) end if if intCheckSAU = 1 then CheckServicesForProduct(arraySAUServices) end if if intCheckSCF = 1 then CheckServicesForProduct(arraySCFServices) end if '===================================================================================================================================== 'MAIN FUNCTION '===================================================================================================================================== Function CheckServicesForProduct(arrayServices) 'For each service check state for i = 0 to ubound (arrayServices) ' For each service name dim intStateOfService dim intOutcomeOfStartService intStateOfService = CheckServiceRunning(arrayServices(i)) ' 1 for Stopped, 0 for Running, and 2 for anything else select case intStateOfService case 1 ' Service Status Stopped ' Attempt to start service intOutcomeOfStartService = StartService (arrayServices(i)) select case intOutcomeOfStartService case 1 ' Successfully started service if intLoggingOn = 1 then objLogFile.WriteLine "Successfully started: " & arrayServices(i) end if case 0 ' Could not start service intRedeployRequired = 1 case else ' Could not start service something else intRedeployRequired = 1 end select case 0 ' Service Status Started 'All Ok with the service case 2 'Service Status Unknown intRedeployRequired = 1 end select next End Function 'outcome... if intLoggingOn = 1 then objLogFile.WriteLine vbcrlf & "Suggest re-deploy required: " & intRedeployRequired if intRedeployRequired = 1 and intRedeployEnabled = 1 then objLogFile.WriteLine "Re-deploying..." & vbcrlf & strRedeployString set objShell = createobject("wscript.shell") objShell.run strRedeployString, 0, True end if end if 'Rename file to contain outcome objLogFile.close If objFSO.FileExists (strLogFilePath & "0" & "--" & strHostName & "--" & strLogBaseFileName) then objFSO.deleteFile strLogFilePath & "0" & "--" & strHostName & "--" & strLogBaseFileName end if If objFSO.FileExists (strLogFilePath & "1" & "--" & strHostName & "--" & strLogBaseFileName) then objFSO.deleteFile strLogFilePath & "1" & "--" & strHostName & "--" & strLogBaseFileName end if objFSO.MoveFile strFullPath, strLogFilePath & intRedeployRequired & "--" & strHostName & "--" & strLogBaseFileName set objLogFile = nothing set objFSO = nothing '===================================================================================================================================== '===================================================================================================================================== Function StartService (strServiceName) if intLoggingOn = 1 then objLogFile.WriteLine "Starting Service: " & strServiceName end if ' Returns 1 if starts, 0 if not ' Function variables Dim objWMIService Dim objItem Dim objService Dim colListOfServices Dim nSleep Dim nLoop nSleep = 10000 ' 10 seconds between each restart attempt. nLoop = 0 intServiceRertyCount = 4 ' number of attempts to start the service. ' ' Get a handle to the service through WMI and start it Set colListOfServices = objWMIServicesCIMV2.ExecQuery ("Select * from Win32_Service Where Name ='"& strServiceName & "' ") For Each objService in colListOfServices objService.StartService() Next ' Loop until the service is running Do While nLoop < intServiceRertyCount WScript.Sleep nSleep Set colListOfServices = objWMIServicesCIMV2.ExecQuery ("Select State from Win32_Service Where Name ='"& strServiceName & "' ") For Each objService In colListOfServices If lcase(objService.State) = "running" Then nLoop = intServiceRertyCount + 1 StartService = 1 exit Function Else if intLoggingOn = 1 then objLogFile.WriteLine "Attempt " & nLoop + 1 & " to Start: " & strServiceName end if End If Next nLoop = nLoop + 1 Loop ' If here Failed to Stop StartService = 0 if intLoggingOn = 1 then objLogFile.WriteLine "Unable to start service: " & strServiceName end if End Function '===================================================================================================================================== '===================================================================================================================================== Function CheckServiceRunning(strServiceName) 'returns 0 for Running, 1 for Stopped and 2 for anything else. if intLoggingOn = 1 then objLogFile.WriteLine vbcrlf & "Checking state of service: " & strServiceName end if dim strWMIQuery dim objListOfServices dim objService 'First Check if Exists, if not Exit function and return 2 strWMIQuery = "Select * from Win32_Service Where Name ='"& strServiceName & "' " Set objListOfServices = objWMIServicesCIMV2.ExecQuery (strWMIQuery) if objListOfServices.Count > 0 then if intLoggingOn = 1 then objLogFile.WriteLine strServiceName & " exists" end if else if intLoggingOn = 1 then objLogFile.WriteLine strServiceName & " does not exist" end if CheckServiceRunning = 2 exit function end if strWMIQuery = "Select State, StartMode from Win32_Service Where Name ='"& strServiceName & "' " Set objListOfServices = objWMIServicesCIMV2.ExecQuery (strWMIQuery) For Each objService In objListOfServices select case lcase(objService.State) case "running" if intLoggingOn = 1 then objLogFile.WriteLine strServiceName & " state is running" end if CheckServiceRunning = 0 case "stopped" if intLoggingOn = 1 then objLogFile.WriteLine strServiceName & " state is stopped" objLogFile.WriteLine strServiceName & " start mode: " & objService.StartMode end if CheckServiceRunning = 1 case else if intLoggingOn = 1 then objLogFile.WriteLine strServiceName & " state is Unknown" objLogFile.WriteLine strServiceName & " start mode: " & objService.StartMode end if CheckServiceRunning = 2 intRedeployRequired = 1 end select Next End Function '===================================================================================================================================== '===================================================================================================================================== Function GetHostName() dim objNet set objNet = CreateObject("Wscript.Network") strHostName = objNet.ComputerName set objNet = nothing End Function '=====================================================================================================================================