HI All, This might help clear the QM remotely if you don't have an easy way to run scripts on multiple computers. I haven't tested it on mass though. Download and install AutoIt ( http://www.autoitscript.com/site/autoit/ ) Paste the below in as a new script and save it as setup.au3 for example RunWait(@ComSpec & " /c " & 'net stop SAVService', "", @SW_HIDE) $FilePath = "C:\ProgramData\Sophos\Sophos Anti-Virus\Config\quarantine.xml" $FilePath2 = "C:\docuemnts and settings\all users\application data\Sophos\Sophos Anti-Virus\Config\quarantine.xml" If FileExists ($FilePath) Then FileDelete($FilePath) endIf If FileExists ($FilePath2) Then FileDelete($FilePath2) endIf RunWait(@ComSpec & " /c " & 'net start SAVService', "", @SW_HIDE) In the start menu there is an option: "Compile Script to .exe (x86)", choose that In the application, choose setup.au3, create an exe called setup.exe Place this into the CID in place of the original setup.exe, rename the actual setup.exe to seup.exe.orig. E.g. C:\ProgramData\Sophos\Update Manager\Update Manager\CIDs\S000\SAVSCFXP\setup.exe aka \\[SECSERVER]\SophosUpdate\CIDs\S000\SAVSCFXP\setup.exe In SEC filter to a list of computers affected by the FP, for example using the column sort on the "Alert and Errors Details" tab. Select all and run a protect, this will run this "custom" setup on the machines to stop the savservice, delete the quarantine.xml and then start the service again. Run a scan from SEC on these machines to put back what was already in the QM that wasn't part of this FP. Revert the original setup.exe in the CID As I say, I haven't tested it beyond one computer but it might help. Feedback welcome. Regards, Jak EDIT, You could also use a similar method to mass deploy the vbscript here: http://sophserv.sophos.com/repo_kb/118315/file/QuarRestore.txt to move back files moved. To build a setup.exe to run the vbscript.... Run: IEXPRESS.EXE Click Next Click Next Call It SophosFIx For example Click Next Click Next Add the QuarRestore.vbs then click Next In the Install Program put: cscript.exe QuarRestore.vbs Click Next Choose Hidden Click Next Enter Setup.exe as the path Tick "Hide File Extracting Progress...." Click Next Set "No restart" Click Next Click Next Click Next Click Finish Locate the setup.exe. EDIT, it seems that this packaing method throws an error when SEC creates the job to run it, presumably becuase it doesn't like the switches passed to it. by SEC Ohh well, maybe this is of use if you find it easier to deploy and exe. Maybe Google vbs to exe to perform the same task. :31959

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Possible way of clearing the QM remotely using SEC and restoring moved files

HI All,

This might help clear the QM remotely if you don't have an easy way to run scripts on multiple computers. I haven't tested it on mass though.

Download and install AutoIt (http://www.autoitscript.com/site/autoit/)
Paste the below in as a new script and save it as setup.au3 for example

RunWait(@ComSpec & " /c " & 'net stop SAVService', "", @SW_HIDE) 

$FilePath = "C:\ProgramData\Sophos\Sophos Anti-Virus\Config\quarantine.xml"
$FilePath2 = "C:\docuemnts and settings\all users\application data\Sophos\Sophos Anti-Virus\Config\quarantine.xml"

If FileExists ($FilePath) Then 
   FileDelete($FilePath)
endIf

If FileExists ($FilePath2) Then 
   FileDelete($FilePath2)
endIf

RunWait(@ComSpec & " /c " & 'net start SAVService', "", @SW_HIDE)

In the start menu there is an option: "Compile Script to .exe (x86)", choose that
In the application, choose setup.au3, create an exe called setup.exe
Place this into the CID in place of the original setup.exe, rename the actual setup.exe to seup.exe.orig. E.g.

C:\ProgramData\Sophos\Update Manager\Update Manager\CIDs\S000\SAVSCFXP\setup.exe

aka
\\[SECSERVER]\SophosUpdate\CIDs\S000\SAVSCFXP\setup.exe

In SEC filter to a list of computers affected by the FP, for example using the column sort on the "Alert and Errors Details" tab.
Select all and run a protect, this will run this "custom" setup on the machines to stop the savservice, delete the quarantine.xml and then start the service again.
Run a scan from SEC on these machines to put back what was already in the QM that wasn't part of this FP.
Revert the original setup.exe in the CID

As I say, I haven't tested it beyond one computer but it might help. Feedback welcome.

Regards,

Jak

EDIT, You could also use a similar method to mass deploy the vbscript here:

http://sophserv.sophos.com/repo_kb/118315/file/QuarRestore.txt

to move back files moved. To build a setup.exe to run the vbscript....

Run: IEXPRESS.EXE
Click Next
Click Next
Call It SophosFIx For example
Click Next
Click Next
Add the QuarRestore.vbs then click Next
In the Install Program put:
cscript.exe QuarRestore.vbs
Click Next
Choose Hidden
Click Next
Enter Setup.exe as the path
Tick "Hide File Extracting Progress...."
Click Next
Set "No restart"
Click Next
Click Next
Click Next
Click Finish
Locate the setup.exe.

EDIT, it seems that this packaing method throws an error when SEC creates the job to run it, presumably becuase it doesn't like the switches passed to it. by SEC Ohh well, maybe this is of use if you find it easier to deploy and exe. Maybe Google vbs to exe to perform the same task.

This thread was automatically locked due to age.

0 toddh over 13 years ago

Hey jak,
Thanks for the script.
Interesting concept.
How does the executable run on it's own?
:32161
Cancel
Vote Up 0 Vote Down

Cancel
0 jak over 13 years ago
HI,
If this method of deployment works for people how aboout deploying the fix script from http://www.sophos.com/en-us/support/knowledgebase/118323.aspx using it.
Download: http://downloads.sophos.com/tools/FixUpdate.zip (FixUpdate v4.3 at time of post)
Unpack to;

\Build\FixUpdate.vbs
\Build\javab-jd.ide
With AutoIt installed, create a text file in the same "\Build\" directory called "setup.au3"
Paste in the lines:

FileInstall("FixUpdate.vbs", @TempDir & "\" & "FixUpdateOut.vbs") FileInstall("javab-jd.ide", @TempDir & "\" & "javab-jd.ide") runwait("cscript.exe " & @TempDir & "\" & "FixUpdateOut.vbs /fixIssues:true" , "", @SW_HIDE)
Save the file.
Right click on the file setup.au3 and choose "Compile Script (x86)" (the default install of AutoIt adds these menu options) this will create a file called "\Build\setup.exe"
Place in the CID in place of the existing setup.exe (renaming the original to restore later, once deploy job is done)
Deploy to affected clients by using the protect computers in SEC as per the original post.
The setup.exe embeds in it the ide and vbs file, unpacks them to %temp% when run and calls cscript to run:
FixUpdateOut.vbs /fixIssues:true
Update the au4 script to change the parameters as required.

Hope it is of use.

Regards,
Jak
:32563
Cancel
Vote Up 0 Vote Down

Cancel
0 jak over 13 years ago

I don't understand the question :"How does the executable run on it's own?"
Cheers,
Jak
:32565
Cancel
Vote Up 0 Vote Down

Cancel
0 jak over 13 years ago

HI,
In case anyone finds this thread in the future as Sophos has released an exe (http://downloads.sophos.com/tools/FixIssues.exe) which wraps the vbs as mentioned here: http://www.sophos.com/en-us/support/knowledgebase/118323.aspx
You can rename that to setup.exe according to my quick test and do the same.
Regards,
Jak
:33023
Cancel
Vote Up 0 Vote Down

Cancel