Setting Up Virus Scan

Oracle iRecruitment is integrated with Symantec AntiVirus Scan engine to perform
a virus scan and repair the documents that managers and candidates upload to the
database.
I am looking these answer ?
1 . Where one should find Symantec AntiVirus for oracle apps.
2. Has oracle given any specific installer?
3 Steps for installing Anti Virus on App server
Appreciate very much for any quick reply?
Avaneesh

Naga, Appreciate your answer..,
We have alredy discussed these issue with DBA Team They are not aware of this Virus Scan Software setup.
This Functionality is part of iRec so i have put on this forum.
We would be thankful to you if you are able find out these answer from your DBA Team if possible.
if you aware any DBA Related forum please let me know?
Thanks

Similar Messages

When setting up virus scan software...

What folders should I have it auto-scan daily at start-up? I don't want to waste time on folders that are unnecessary.
I'm using "ClamXav", Thanks

Hello htowncoog:
Welcome to Apple discussions.
I would suggest that you not bother with AV software at all. You will get differing opinions, but at this time, there are NO documented viruses that affect a Mac running OS X. If one appears, no AV software will catch it initially as there would be no signature file. AV software consumes computer resources, as you know.
Having said all that, if you do run it, I would not be especially concerned about the auto-scan parameters - you have already decided to use the cycles to scan.
Barry

When downloading a file, how do I tell Firefox to not do a virus scan of files with specific extensions such a .gif files?

I'm using AVG Free as my anti-virus program and always use the latest version. I have set scanning options in AVG to skip the scanning of gif and jpg files but that seems to be ignored when I am downloading a very small file of either type. The "Downloads" (Ctrl J) pop-up window shows the progress of the download and scan. At times, the virus scan is so miserably slow for simple gif and jpg files that it is a while until I can once more move my mouse cursor.
By the way, I'm using version 3.6.17 Firefox and WIN 7 Premium.

Unfortunately, I continue to have the problem. Just to make sure, following your suggestion, I shut down Firefox then restarted it but had the same result. Similarly, I rebooted after making the changes but again, no difference. Ah well...
Just thought I'd attach this partial screen print to show that I am in Firefox and that I am downloading a file -- in this case, a daily Doonesbury gif file.
Thanks for the suggestion though.
Larry Stewart

My wife has issues with her AOL email and was told to contact Apple about a virus scan. Has anyone else had a similar issue?

My wife has issues with her AOL email and a tech rep told her to contact Apple for a virus scan. Has anyone else had a problem like this?

You forgot to describe the 'issues' but there are no viruses that affect Apple OS X.
You may find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Security and Privacy, useful:
https://discussions.apple.com/docs/DOC-2435
The User Tip (which you are welcome to print out and retain for future reference) seeks to offer some guidance on the main security threats and how to avoid them
Bear in mind that from April to December 2011 there were only 58 attempted security threats to the Mac - a mere fraction compared to Windows malware:
http://www.f-secure.com/weblog/archives/00002300.html
(I have ClamXav set to scan incoming emails, but nothing else.)

I can't open firefox - I've tried restarting the computer several times - I'm using Microsoft Essentials and this has happened since the last virus scan.

The last virus scan brought up no problems. I can't find anything in Essentials that suggests Firefox is being blocked but I've tried opening it by clicking and right clicking but no luck. I found a suggestion on Firefox support that said I should create a new profile but I can't find the relevant exe -p program despite doing a full Search. This problem is on my desktop which is using XP (I'm sending this from my laptop where there is no problem - and I'm also using Essentials on this.) Hope someone can help as all my links are now gone.

Open your firewall program. First check the settings. Make sure that the
program is set to tell you if a new program wants access to the web. Then
go to the list of programs the firewall has. Make sure that all the programs
you want to access the web are set to '''ALLOW'''. If it is set to '''AUTO''', the
firewall may not allow access.
=================================================
'''Try Firefox Safe Mode''' to see if the problem goes away. [[Troubleshoot Firefox issues using Safe Mode|Firefox Safe Mode]] is a troubleshooting mode that turns off some settings and disables most add-ons (extensions and themes).
''(If you're using an added theme, switch to the Default theme.)''
If Firefox is open, you can restart in Firefox Safe Mode from the Help menu by clicking on the '''Restart with Add-ons Disabled...''' menu item:<br>
[[Image:FirefoxSafeMode|width=520]]<br><br>
If Firefox is not running, you can start Firefox in Safe Mode as follows:
* On Windows: Hold the '''Shift''' key when you open the Firefox desktop or Start menu shortcut.
* On Mac: Hold the '''option''' key while starting Firefox.
* On Linux: Quit Firefox, go to your Terminal and run ''firefox -safe-mode'' <br>(you may need to specify the Firefox installation path e.g. /usr/lib/firefox)
''Once you get the pop-up, just select "'Start in Safe Mode"''
[[Image:Safe Mode Fx 15 - Win]]
'''''If the issue is not present in Firefox Safe Mode''''', your problem is probably caused by an extension, and you need to figure out which one. Please follow the [[Troubleshoot extensions, themes and hardware acceleration issues to solve common Firefox problems]] article to find the cause.
''To exit Firefox Safe Mode, just close Firefox and wait a few seconds before opening Firefox for normal use again.''
When you figure out what's causing your issues, please let us know. It might help others with the same problem.
Thank you.

CG36 - No virus scan profile is selected as the "default profile"

When running transaction CG36 - Import Reports, I'm getting this message in the job log:
"No virus scan profile is selected as the "default profile" VSCAN 034 I"
Do I have to set up a default profile for virus scan? I have never seen this error until recent upgrade. Is there a way to by pass this virus scan if we choose not to activate it?
Thanks!

I encountered the same problem during the CG36 transaction.
"Error during virus scan in file "...\usr\sap\.....\xixoxoxioxo.pdf" with Message class "CM_REPORT_IMP_EXP" 010 E
Job cancelled after system exception ERROR_MESSAGE.
This may be due to BASIS security level virus scan checks on the files being imported to the application server. Is BASIS assistance required on this or any workaround to bypass?
Thank you.

Virus Scan profile Activation and Configuration

Hi Guys,
We need to activate the Virus Scan profile, so that the team could upload the document in SCM System with in SNC Page.
Its AIX 64 bit, DB2 9.1 SCM 7.01
I have seen the document of this and found i need to start with the group creation: Done
Then, We need to create a RFC type T with Registered program:
Q.1 I need to know what would be the external program in this case.
Q.2 I have downloaded Virus Scanner and connector for ClamAV
Q.3 Do i need to install the product in step 2 in the same server AIX 64 or in other machine and what would be the Register program.
Q.4 What is the Role of VSI and SAP VSI 7.01 is available for Windows Server on IA32 32bit only andhow would we install this , when and where?
Thanks
Rajesh
Edited by: Rajesh Sharma on May 28, 2010 2:09 PM

Hi Joerg,
I found some soluation also. They shared a one document. i did the changes but still same problem.
Scan Profile setup
Transaction SM34 -> VSCAN_PROFILE_VC
Transaction /IWFND/VIRUS_SCAN
Set the Zprofile to the default
The Table /IWFND/C_CONFIG should have the entry
Please suggest . i have internal system and we dont have virus server. I am confused.
Regards,
Dharmesh

Virus Scan profile Activation

Hi Guys,
We need to activate the Virus Scan profile, so that the team could upload the document in SCM System with in SNC Page.
Its AIX 64 bit, DB2 9.1 SCM 7.0..
I have seen the document of this and found i need to start with the group creation: Done
Then, We need to create a RFC type T with Registered program:
Q.1 I need to know what would be the exteranl program in this case.
Q.2 There is no Antivirus in AIX 64 bit, so do i need to know where Antivirus Scan engine is ruuning.
If some one has any document and if it is posted somehere in sdn which descibes sterp by step how to proceed with this, it would be higly appreciated..
Thanks
Rajesh

Hi Joerg,
I found some soluation also. They shared a one document. i did the changes but still same problem.
Scan Profile setup
Transaction SM34 -> VSCAN_PROFILE_VC
Transaction /IWFND/VIRUS_SCAN
Set the Zprofile to the default
The Table /IWFND/C_CONFIG should have the entry
Please suggest . i have internal system and we dont have virus server. I am confused.
Regards,
Dharmesh

Virus scan profile activation in ODATA

Hi Experts,
I am facing an issue while uploading Image(*Base64 format)
into SAP through Netweaver Odata Gateway services. The issue is that the
content of the Image is supposed to come in a field that has datatype Xstring
but when we include a field with data type Xstring the framework starts giving
an error no virus scan profile is active . We did try various combinations of
Standard Virus Profile maintained , but no resolution came out of it. Now we
have created a new profile in customer namespace but now it gives an error
Incorrect Configuration for Profile <Profile Name>. We need help in
trying to figure out what is correct configuration that is to be maintained to
fix this issue.
There is an alternative that we deactivate the Virus Scan
profile through transaction /IWFND/VIRUS_SCAN and then we are able to post the
images , but this doesn’t look like an ideal solution as it would involve
transporting Virus scan profile to Production and quality and then deactivating
them over there manually.
I am getting error on "Recursive occurrence of virus scan profile in the sequence"
Please suggest.
Regards,
Dharmesh Sharma

Hi Joerg,
I found some soluation also. They shared a one document. i did the changes but still same problem.
Scan Profile setup
Transaction SM34 -> VSCAN_PROFILE_VC
Transaction /IWFND/VIRUS_SCAN
Set the Zprofile to the default
The Table /IWFND/C_CONFIG should have the entry
Please suggest . i have internal system and we dont have virus server. I am confused.
Regards,
Dharmesh

Web Content Filtering / Virus Scanning appliance

Hello all,
I'm in the market for a content / url / virus scanning device for our network. We are currently using MXLogic's Web Defense service and while it's very cheap it is not suiting our needs. What I'm looking for is an appliance that will do content filtering but also virus / malware / spyware scanning on web traffic. I'd also need to be able to setup policies / groups for different set's of users. For instance the folks who purchase the products we sell need to be able to see our vendors media (streaming video) content while our sales folks don't. I can't currently do this with MXLogic, it's all or nothing.
Our firewall is an ASA5510 and I've looked at the Content Security SSM-10 module with the plus license and while the pricing is definitely attractive I have a few questions about it. Does it integrate with MS Active Directory? In other words and it filter based on groups and policies or is it more IP / ACL based? Also does it perform well?
I've also looked at the IronPort product cisco sell's and have similar questions regarding that mainly what are folks experience with it, is it something you would recommend?

Hi Allen,
To answer your questions related to the CSC module:
1. No, the CSC module does not integrate with Active Directory. This is something that Trend Micro has in the works, but as of now there is no ETA for this functionality.
2. The CSC module will perform fairly well if used in the environment it was designed for. I would recommend taking a look at the CSC sizing guide to see if the CSC-SSM-10 would be something that is scalable enough for your network:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_white_paper0900aecd805c3cd6.html
I cannot speak to the performance/functionality of IronPort as I have not used it personally, but I have heard good things. Also, external appliances from Websense seem to be a popular choice when you need a product that is a bit more scalable or granular than what the CSC module can provide.
Hope that helps.
-Mike

Virus scan service

Dear SAP gurus:),
i am trying to set up the virus scan service in our EP.
I used the virus scan adapter for testing (attachment of note 786179). I did also same steps like in this blog https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/2454. [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken]
I did succesfully all steps in the visual administrator and the virus scan adapter is working fine(i can test it http://portalhostname:port/vscantest).
But there is a problem with configuration of Virus scan service in EP.
I have set up the profile, group and service, but when i try to do some report (Content Administration -> KM content -> Toolbox -> Reports -> Virus scan), the following error will appear:
System error (com.sapportals.wcm.repository.VirusContentException): Operation failed. Error scanning document - contact your system administrator
Any ideas how to solve it?
Does anybody have some experience with the testing VSA from SAP?
Thank you!
Dan

Hi Daniel,
have you been able to solve your problem, unfortunately no answers so far.
greetings,
Richard

How to disable virus scan in downlaod helper

after the download finishes the download helper scan for virus for indefinite time so i want to disable the virus scan for setting of download helper

# Type '''about:config''' into the location bar and press enter
# Accept the warning message that appears, you will be taken to a list of preferences
# Locate the preference '''browser.download.manager.scanWhenDone''' and double-click on it to change its value to '''false'''

Virus Scan for iRecruitment

Hello,
Has anyone ever set up a virus scan for iRecruitment. I am interested in doing the same with symantic ant virus for linux. I found something in the irecruitment setup docs but it is not working for me. I guess I have to do more.

Have a look at this link, it may be helpful --> [iRecruitment anti-virus solutions|http://blogs.oracle.com/millmore/2008/02/irecruitment_antivirus_solutio.html]

Best virus scan and remove software

need suggestion to best virus scan software.

OS X versions 10.6.7 and later have built-in detection of known Mac malware in downloaded files. The recognition database is automatically updated once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders. In most cases, there’s no benefit from any other automated protection against malware.
The most effective defense against malware is your own intelligence. All known malware on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of trojans, which can only work if the victim is duped into running them. If you're smarter than the malware attacker thinks you are, you won't be duped. That means, primarily, that you never install software from an untrustworthy source. How do you know a source is untrustworthy?
Any website that prompts you to install a “codec,” “plug-in,” or “certificate” that comes from that same site, or an unknown site, merely in order to use the site, is untrustworthy.
A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim.
“Cracked” copies of commercial software downloaded from a bittorrent are likely to be infected.
Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. No intermediary is acceptable.
Disable Java (not JavaScript) in your web browser(s). Few websites have Java content nowadays, so you won’t be missing much. This setting is mandatory in OS X 10.5.8 or earlier, because Java in those versions has bugs that make it unsafe to use on the Internet. Those bugs will probably never be fixed, because those older operating systems are no longer being maintained by Apple. Migrate to a newer version of the Mac OS as soon as you can.
Follow these guidelines, and you’ll be as safe from malware as you can reasonably be.
Never install any commercial "anti-virus" products for the Mac, as they all do more harm than good. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.

Automating McAfee Virus Scan Exclusions

So i wanted to share with the community a function I wrote to assist in the automating of virus scan exclusions. In Windows 2008 R2, we were able to import a reg file with the exclusion so it wasn't a big deal. However, we are using 2012 R1/R2
with our Lync 2013 deployment and this option is no longer available to me. The team in charge of the central AV management servers (whatever it is called) are not offering to assist in loading a policy in their management server for our Lync deployment.
Inserting a ton of exclusions manually for over hundred servers (that is just a single customer) isn't something I would be willing to do manually, not to mention things would get missed. I made this relatively generic so it should work (I think)
for other people. It sends key strokes to the OS to accomplish as I couldn't find another way. I haven't found anyone who has a solution so I wrote this one. I could be much much more involved in identifying which roles or what the server
is (SQL, DC, SharePoint, etc), but I am not sure I want to spend that kind of time. Maybe in the future.
Note: My "One Access Scanner" is listed fourth in the Virus Scan Console. If yours is not, this will need some tweaking. This isn't really an appropriate solution (I just hack this stuff together), but it works.
Things you need to know.
Single file or single directory exclusions go into the array $Procs
File Types go into $FileTypes
Any directory that you want the sub directory to be excluded as well goes into $ProcIncludingSubs
Function SetAVExclusions ()
$ErrorActionPreference = "silentlycontinue"
Function GetActiveWindows ()
# sample script to query winapi GetForegroundWindow and GetWindowText
Add-Type @"
// **** every time you make a change to this class, you have to restart powershell session or change class name to new name ****
using System.Runtime.InteropServices;
using System.Text;
public class Win51
[DllImport("user32.dll", SetLastError = true)]
static extern System.IntPtr FindWindow(string className, string windowName);
[DllImport("user32.dll", SetLastError = true)]
static extern System.IntPtr FindWindowEx(System.IntPtr parentHandle, System.IntPtr childAfter, string className, string windowTitle);
[DllImport("user32.dll")]
static extern System.IntPtr GetForegroundWindow();
[DllImport("user32.dll")]
static extern int GetWindowText(System.IntPtr hWnd, System.Text.StringBuilder text, int count);
[DllImport("user32.dll")]
static extern System.IntPtr GetWindow(System.IntPtr hWnd, uint uCmd);
[DllImport("user32.dll")]
static extern bool SetForegroundWindow(System.IntPtr hWnd);
enum UCmd
GW_CHILD = 5,
GW_ENABLEDPOPUP = 6,
GW_HWNDFIRST = 0,
GW_HWNDLAST = 1,
GW_HWNDNEXT = 2,
GW_HWNDPREV = 3,
GW_OWNER = 4
public string getForegroundWindowTitle()
const int nChars = 256;
System.Text.StringBuilder Buff = new System.Text.StringBuilder(nChars);
System.IntPtr handle = getForegroundWindow();
if (GetWindowText(handle, Buff, nChars) > 0)
return Buff.ToString();
return null;
// returns null / 0 if find window fails
public System.IntPtr findWindow(System.IntPtr hWndParent,System.IntPtr hWndChildAfter, string lpszClass, string lpszWindow)
System.IntPtr handle = FindWindowEx(hWndParent,hWndChildAfter, lpszClass, lpszWindow);
// System.IntPtr handle = FindWindow(lpszClass, lpszWindow);
return handle;
public System.IntPtr getForegroundWindow()
System.IntPtr handle = GetForegroundWindow();
return handle;
public bool setForegroundWindow(System.IntPtr hWnd)
return setForegroundWindow(hWnd);
public System.IntPtr getWindow(System.IntPtr hWnd, uint uCmd)
return GetWindow(hWnd,uCmd);
$winObj = New-Object Win51
$text = $winObj.getForegroundWindowTitle();
return $text
} #End Function GetActiveWindows
$Procs = @("{%}Systemroot{%}\system32\GroupPolicy\registry.pol",` # Corporate Defaults
"{%}allusersprofile{%}\NTUser.pol",` #KB822158
"{%}windir{%}\SoftwareDistribution\Datastore\Logs\Edb*.log",`
"{%}windir{%}\SoftwareDistribution\Datastore\Logs\Edb.chk",` #KB822158
"{%}windir{%}\SoftwareDistribution\Datastore\Logs\Edbres00001.jrs",`
"{%}windir{%}\SoftwareDistribution\Datastore\Logs\Edbres00002.jrs",`
"{%}windir{%}\SoftwareDistribution\Datastore\Logs\Res1.log",`
"{%}windir{%}\SoftwareDistribution\Datastore\Logs\Res2.log",`
"{%}windir{%}\SoftwareDistribution\Datastore\Logs\Tmp.edb ",` #KB822158
"{%}windir{%}\SoftwareDistribution\Datastore\datastore.edb",` #KB822158
"{%}windir{%}\security\*.chk",`
"{%}windir{%}\security\*.edb",`
"{%}windir{%}\security\*.log",`
"{%}windir{%}\security\*.sdb",`
"{%}windir{%}\security\database\Security.sdb",`
"C:\quarantine",`
"{%}systemroot{%}\System32\GroupPolicy\Machine\Registry.pol", ` #KB822158
"{%}systemroot{%}\System32\GroupPolicy\User\Registry.pol", ` #KB822158
"{%}windir{%}\security\database\*.edb",` #KB822158
"{%}windir{%}\security\database\*.sdb",` #KB822158
"{%}windir{%}\security\database\*.log",` #KB822158
"{%}windir{%}\security\database\*.chk",` #KB822158
"{%}windir{%}\security\database\*.jrs",` #KB822158
"{%}windir{%}\SoftwareDistribution\Datastore\Logs\Edb*.jrs",` #KB822158
"{%}windir{%}\Ntds\Ntds.dit",` #KB822158 - AD DCs
"{%}windir{%}\Ntds\Ntds.pat",` #KB822158 - AD DCs
"{%}windir{%}\Ntds\ED*.log",` #KB822158 - AD DCs
"{%}windir{%}\Ntds\Res*.log",` #KB822158 - AD DCs
"{%}windir{%}\Ntds\Edb*.jrs",` #KB822158 - AD DCs
"e:\Ntds\Ntds.dit",` #KB822158 - AD DCs
"e:\Ntds\Ntds.pat",` #KB822158 - AD DCs
"e:\Ntds\ED*.log",` #KB822158 - AD DCs
"e:\Ntds\Res*.log",` #KB822158 - AD DCs
"e:\Ntds\Edb*.jrs",` #KB822158 - AD DCs
"{%}windir{%}\Ntfrs\jet\sys\edb.chk",` #KB822158 - AD DCs
"{%}windir{%}\Ntfrs\jet\ntfrs.jdb",` #KB822158 - AD DCs
"{%}windir{%}\Ntfrs\jet\log\*.log",` #KB822158 - AD DCs
"{%}systemroot{%}\Sysvol\Staging areas\Nntfrs_cmp*.*",` #KB822158 - AD DCs
"e:\Sysvol\Staging areas\Nntfrs_cmp*.*",` #KB822158 - AD DCs
"{%}systemroot{%}\System32\Dns\*.log",` #KB822158 - AD DCs
"{%}systemroot{%}\System32\Dns\*.dns",` #KB822158 - AD DCs
"ABServer.exe", ` # Begin Lync 2013 Exclusions
"AcpMcuSvc.exe", `
"ASMCUSvc.exe", `
"AVMCUSvc.exe", `
"ChannelService.exe", `
"ClsAgent.exe", `
"ComplianceService.exe", `
"DataMCUSvc.exe", `
"DataProxy.exe", `
"FileTransferAgent.exe", `
"IMMCUSvc.exe", `
"LysSvc.exe", `
"MasterReplicatorAgent.exe", `
"MediaRelaySvc.exe", `
"MediationServerSvc.exe", `
"MRASSvc.exe", `
"OcsAppServerHost.exe", `
"ReplicaReplicatorAgent.exe", `
"ReplicationApp.exe", `
"RtcHost.exe", `
"RTCSrv.exe", `
"XmppProxy.exe", `
"XmppTGW.exe", `
"Fabric.exe", `
"FabricDCA.exe", `
"FabricHost.exe", `
"{%}ProgramFiles{%}\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLServr.exe", `
"{%}ProgramFiles{%}\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\Bin\ReportingServicesService.exe", `
"{%}ProgramFiles{%}\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\Bin\MSMDSrv.exe", `
"{%}ProgramFiles{%}\Microsoft SQL Server\MSSQL11.LYNCLOCAL\MSMQL\Binn\SQLServr.exe", `
"{%}ProgramFiles{%}\Microsoft SQL Server\MSSQL11.RTCLOCAL\MSMQL\Binn\SQLServr.exe", `
"{%}systemroot{%}\System32\LogFiles", `
"{%}systemroot{%}\SysWow64\LogFiles", `
"{%}programfiles{%}\Microsoft Lync Server 2013", `
"{%}programfiles{%}\commonfiles\Microsoft Lync Server 2013", `
"{%}ProgramFiles{%}\Microsoft Lync Server 2013\Web Components\Mcx\Ext", `
"{%}ProgramFiles{%}\Microsoft Lync Server 2013\Web Components\Mcx\Int", `
"{%}ProgramFiles{%}\Microsoft Lync Server 2013\Web Components\Ucwa\Int", `
"{%}ProgramFiles{%}\Microsoft Lync Server 2013\Web Components\Ucwa\Ext", `
"{%}systemroot{%}\Windows\Microsoft.NET\Framework64\v4.0.30319\Config", `
"{%}ProgramFiles{%}\Microsoft System Center 2012 R2\Server\Health Service State",` #Begin SCOM 2012 R2 Exclusions
"{%}ProgramFiles{%}\System Center Operations Manager\Gateway\Health Service State",`
"{%}ProgramFiles{%}\Microsoft Monitoring Agent\Agent\Health Service State",`
"CShost.exe","Microsoft.Mom.Sdk.ServiceHost.exe","HealthService.exe","MonitoringHost.exe",`
"e:\WAC_Server_Cache","e:\WAC_Server_Logs","e:\WAC_Server_Rendering_Cache"` # WC Server storage locations
# This section will exlude file types
$FileTypes = @("MDF","LDF")
# This section will include sub folders in the exclusion. Path must end in a \
$ProcIncludingSubs = @("{%}programfiles{%}\Microsoft Lync Server 2013\", `
"{%}systemroot{%}\RtcReplicaRoot\", `
"{%}SystemDrive{%}\RtcReplicaRoot\", `
"E:\RtcReplicaRoot\xds-replica\", `
"{%}systemroot{%}\assembly\", `
"{%}systemroot{%}\ServiceProfiles\", `
"{%}systemroot{%}\Windows\Microsoft.NET\", `
"{%}systemroot{%}\system32\inetsrv\", `
"{%}systemroot{%}\system32\LogFiles\", `
"{%}systemroot{%}\SysWOW64\inetsrv\", `
"{%}systemroot{%}\SysWOW64\LogFiles\", `
"{%}systemroot{%}\System32\Dns\Boot\",` #KB822158 - AD DCs
"{%}programfiles{%}\Common Files\Microsoft Lync Server 2013\Watcher Node\" `
$TotalExclusionsinFunction = $Procs.Length + $FileTypes.Length + $ProcIncludingSubs.Length
$TotalExclusionsinRegistry = ((Get-Item -Path 'HKLM:\SOFTWARE\Wow6432Node\McAfee\SystemCore\VSCore\On Access Scanner\McShield\Configuration\Default\').Property -match "ExcludedItem_").count
If ($TotalExclusionsinFunction -eq $TotalExclusionsinRegistry)
Write-Host ""
Write-Host "`tChecking Anti-Virus Exclusions in the Registry"
Write-Host ""
Write-Host "`t`tStatus : " -ForegroundColor White -NoNewline
start-sleep -m 500
Write-Host "Count Matches" -ForegroundColor Yellow
Write-Host ""
Write-Host "`t`t`tThe number of exclusions in this script match the number of exclusions in the registry" -ForegroundColor Yellow
Start-Sleep 5
return $true
[void] [System.Reflection.Assembly]::LoadWithPartialName("'Microsoft.VisualBasic")
[void] [System.Reflection.Assembly]::LoadWithPartialName("'System.Windows.Forms")
Write-Host "`tDisabling Artemis (Hueristic Scanning)" -ForegroundColor Cyan
$VConsole = Get-Process -Name mcconsol -ErrorAction SilentlyContinue
$VConsole1 = Get-Process -Name shcfg32 -ErrorAction SilentlyContinue
If (($VConsole -ne $null) -or ($VConsole1 -ne $null))
If ($VConsole -ne $null)
$VConsole.CloseMainWindow() | Out-Null
If ($VConsole1 -ne $null)
Stop-Process -Processname shcfg32 -ErrorVariable "AOS" -Force
If ($AOS)
Write-Host "`tForce Close Failed - Taking Extrodinary Actions (~20 Secs)" -ForegroundColor Yellow
If ($ActiveApp -eq "On-Access Scan Properties")
[System.Windows.Forms.SendKeys]::SendWait("{ESC}{ESC}{ESC}{ESC}{ESC}")
$ActiveApp = GetActiveWindows
$Count = 0
Write-Host "`t`t`t[" -ForegroundColor Yellow -NoNewline
while (($ActiveApp -ne "On-Access Scan Properties") -and ($Count -lt 10))
[Microsoft.VisualBasic.Interaction]::AppActivate("On-Access Scan Properties")
start-sleep 1
[System.Windows.Forms.SendKeys]::SendWait("{ESC}{ESC}{ESC}{ESC}{ESC}")
Start-Sleep 1
$Count++
$ActiveApp = GetActiveWindows
Write-Host "*" -ForegroundColor Green -NoNewline
Write-Host "]" -ForegroundColor Yellow
$VConsole1 = Get-Process -Name shcfg32 -ErrorAction SilentlyContinue
If ($VConsole1 -ne $null)
Write-Host "`t`tIssue Closing the App"
Pause
Else
start-sleep -m 500
& 'C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHCFG32.EXE'
Write-Host "`t`tClosing all McAfee Windows"
start-sleep -m 500
& 'C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHCFG32.EXE'
Else
& 'C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHCFG32.EXE'
Start-Sleep 2
# Setting Hueristic Settings to disabled
Write-Host "`t`tGrabbing focus of window [On-Access Scan Properties]"
[Microsoft.VisualBasic.Interaction]::AppActivate("On-Access Scan Properties")
start-sleep 1
$ActiveApp = GetActiveWindows
Write-Host "`t`tCurrent Focus is $ActiveApp"
If ($ActiveApp -ne "On-Access Scan Properties")
Write-Host "`t`tUnable to get Focus On-Access Scan Properties"
$Count = 0
start-sleep -m 300
while (($ActiveApp -ne "On-Access Scan Properties") -and ($Count -lt 10))
$Count++
Write-Host "`t`t`t`tTrying again: $Count of 10 times"
[Microsoft.VisualBasic.Interaction]::AppActivate("On-Access Scan Properties")
start-sleep -m 750
$ActiveApp = GetActiveWindows
If ($ActiveApp -ne "On-Access Scan Properties")
Write-Host "`t`tUnable to grab focus of [On-Access Scan Properties]"
Write-Host "`t`tStarting over again"
Stop-Process -Processname shcfg32 -Force
Start-Sleep 5
Return $False
$KeyboardArray1 = "%S","{UP}","{UP}","{UP}","{UP}","{UP}","{UP}","{TAB}","{TAB}","{TAB}","{ENTER}"
ForEach ($z in $KeyboardArray1)
$ActiveApp = GetActiveWindows
If ($ActiveApp -ne "On-Access Scan Properties")
Write-Host "`t`tUnable to keep focus on [On-Access Scan Properties]"
Write-Host "`t`tStarting over again"
Stop-Process -Processname shcfg32 -Force
Start-Sleep 5
Return $False
[System.Windows.Forms.SendKeys]::SendWait($z)
start-sleep -m 300
start-sleep 2
# Start Exclusions
Write-Host "`tStarting VirusScan Exclusions" -ForegroundColor Cyan
$VConsole = Get-Process -Name mcconsol -ErrorAction SilentlyContinue
$VConsole1 = Get-Process -Name shcfg32 -ErrorAction SilentlyContinue
If (($VConsole -ne $null) -or ($VConsole1 -ne $null))
If ($VConsole -ne $null)
$VConsole.CloseMainWindow() | Out-Null
If ($VConsole1 -ne $null)
Stop-Process -Processname shcfg32 -Force
Write-Host "`t`tClosing all McAfee Windows"
start-sleep -m 500
& 'C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHCFG32.EXE'
Else
& 'C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHCFG32.EXE'
Start-Sleep 2
# Removing all On Access Scanner Exclusions
Write-Host "`t`tGrabbing focus of window [On-Access Scan Properties]"
[Microsoft.VisualBasic.Interaction]::AppActivate("On-Access Scan Properties")
start-sleep 1
$ActiveApp = GetActiveWindows
Write-Host "`t`tCurrent Focus is $ActiveApp"
If ($ActiveApp -ne "On-Access Scan Properties")
Write-Host "`t`tUnable to get Focus On-Access Scan Properties"
$Count = 0
start-sleep -m 300
while (($ActiveApp -ne "On-Access Scan Properties") -and ($Count -lt 10))
$Count++
Write-Host "`t`t`t`tTrying again: $Count of 10 times"
[Microsoft.VisualBasic.Interaction]::AppActivate("On-Access Scan Properties")
start-sleep -m 750
$ActiveApp = GetActiveWindows
If ($ActiveApp -ne "On-Access Scan Properties")
Write-Host "`t`tUnable to grab focus of [On-Access Scan Properties]"
Write-Host "`t`tStarting over again"
Stop-Process -Processname shcfg32 -Force
Start-Sleep 5
Return $False
$KeyboardArray1 = "%S","{TAB}","{DOWN}","+{TAB}","+{TAB}","+{TAB}",,"+{TAB}","{RIGHT}","+{TAB}","+{TAB}","+{TAB}",,"+{TAB}","{RIGHT}","%E"
#[System.Windows.Forms.SendKeys]::SendWait("{TAB}{TAB}{TAB}{TAB}{TAB}{TAB}{TAB}{DOWN}{TAB}{TAB}{TAB}{RIGHT}{TAB}{TAB}{TAB}{TAB}{TAB}{TAB}{TAB}{TAB}{TAB}{TAB}{TAB}{TAB}{TAB}{RIGHT}%E")
ForEach ($z in $KeyboardArray1)
$ActiveApp = GetActiveWindows
If ($ActiveApp -ne "On-Access Scan Properties")
Write-Host "`t`tUnable to keep focus on [On-Access Scan Properties]"
Write-Host "`t`tStarting over again"
Stop-Process -Processname shcfg32 -Force
Start-Sleep 5
Return $False
[System.Windows.Forms.SendKeys]::SendWait($z)
start-sleep -m 300
start-sleep 2
# Removing exclusions 150 times.
Write-Host "`t`tRemoving existing virus exlcusions (up to 150)"
[Microsoft.VisualBasic.Interaction]::AppActivate("Set Exclusions")
start-sleep 5
$ActiveApp = GetActiveWindows
Write-Host "`t`tCurrent Focus is $ActiveApp"
If ($ActiveApp -ne "Set Exclusions")
Write-Host "`t`tUnable to get Focus on Set Exclusions"
$Count = 0
start-sleep -m 300
while (($ActiveApp -ne "Set Exclusions") -and ($Count -lt 10))
$Count++
Write-Host "`t`t`t`tTrying again: $Count of 10 times"
[Microsoft.VisualBasic.Interaction]::AppActivate("Set Exclusions")
start-sleep -m 750
$ActiveApp = GetActiveWindows
If ($ActiveApp -ne "Set Exclusions")
Write-Host "`t`tUnable to grab focus of [Set Exclusions]"
Write-Host "`t`tStarting over again"
Stop-Process -Processname shcfg32 -Force
Start-Sleep 5
Return $False
For ($i=1;$i -lt 150; $i++)
$ActiveApp = GetActiveWindows
If ($ActiveApp -ne "Set Exclusions")
Write-Host "`t`tUnable to keep focus on [Set Exclusions]"
Write-Host "`t`tStarting over again"
Stop-Process -Processname shcfg32 -Force
Start-Sleep 5
Return $False
[System.Windows.Forms.SendKeys]::SendWait("%R")
start-sleep 1
# Processing the different Directories and process
ForEach ($y in $ProcIncludingSubs)
$ActiveApp = GetActiveWindows
If ($ActiveApp -ne "Set Exclusions")
Write-Host "`t`tUnable to keep focus on [Set Exclusions]"
Write-Host "`t`tStarting over again"
Stop-Process -Processname shcfg32 -Force
Start-Sleep 5
Return $False
[System.Windows.Forms.SendKeys]::SendWait("%A{TAB}$y{TAB}{ADD}{ENTER}")
Start-Sleep -m 200
ForEach ($y in $Procs)
$ActiveApp = GetActiveWindows
If ($ActiveApp -ne "Set Exclusions")
Write-Host "`t`tUnable to keep focus on [Set Exclusions]"
Write-Host "`t`tStarting over again"
Stop-Process -Processname shcfg32 -Force
Start-Sleep 5
Return $False
[System.Windows.Forms.SendKeys]::SendWait("%A{TAB}$y{ENTER}")
Start-Sleep -m 200
ForEach ($y in $FileTypes)
$ActiveApp = GetActiveWindows
If ($ActiveApp -ne "Set Exclusions")
Write-Host "`t`tUnable to keep focus on [Set Exclusions]"
Write-Host "`t`tStarting over again"
Stop-Process -Processname shcfg32 -Force
Start-Sleep 5
Return $False
[System.Windows.Forms.SendKeys]::SendWait("%A%F{TAB}$y{ENTER}")
Start-Sleep -m 200
[System.Windows.Forms.SendKeys]::SendWait("{ENTER}{TAB}{TAB}{TAB}{ENTER}")
start-sleep 1
Stop-Process -Processname shcfg32 -Force | Out-Null
$TotalExclusionsinRegistry = ((Get-Item -Path 'HKLM:\SOFTWARE\Wow6432Node\McAfee\SystemCore\VSCore\On Access Scanner\McShield\Configuration\Default\').Property -match "ExcludedItem_").count
If ($TotalExclusionsinRegistry -ne $TotalExclusionsinFunction)
Write-Host "`t`tUpdate appears to have failed" -ForegroundColor Yellow
Start-Sleep 1
Return $False
Return $True
} #End Function

So i wanted to share with the community a function I wrote to assist in the automating of virus scan exclusions. In Windows 2008 R2, we were able to import a reg file with the exclusion so it wasn't a big deal. However, we are using 2012 R1/R2
with our Lync 2013 deployment and this option is no longer available to me. The team in charge of the central AV management servers (whatever it is called) are not offering to assist in loading a policy in their management server for our Lync deployment.
Inserting a ton of exclusions manually for over hundred servers (that is just a single customer) isn't something I would be willing to do manually, not to mention things would get missed. I made this relatively generic so it should work (I think)
for other people. It sends key strokes to the OS to accomplish as I couldn't find another way. I haven't found anyone who has a solution so I wrote this one. I could be much much more involved in identifying which roles or what the server
is (SQL, DC, SharePoint, etc), but I am not sure I want to spend that kind of time. Maybe in the future.
Note: My "One Access Scanner" is listed fourth in the Virus Scan Console. If yours is not, this will need some tweaking. This isn't really an appropriate solution (I just hack this stuff together), but it works.
Things you need to know.
Single file or single directory exclusions go into the array $Procs
File Types go into $FileTypes
Any directory that you want the sub directory to be excluded as well goes into $ProcIncludingSubs
Function SetAVExclusions ()
$ErrorActionPreference = "silentlycontinue"
Function GetActiveWindows ()
# sample script to query winapi GetForegroundWindow and GetWindowText
Add-Type @"
// **** every time you make a change to this class, you have to restart powershell session or change class name to new name ****
using System.Runtime.InteropServices;
using System.Text;
public class Win51
[DllImport("user32.dll", SetLastError = true)]
static extern System.IntPtr FindWindow(string className, string windowName);
[DllImport("user32.dll", SetLastError = true)]
static extern System.IntPtr FindWindowEx(System.IntPtr parentHandle, System.IntPtr childAfter, string className, string windowTitle);
[DllImport("user32.dll")]
static extern System.IntPtr GetForegroundWindow();
[DllImport("user32.dll")]
static extern int GetWindowText(System.IntPtr hWnd, System.Text.StringBuilder text, int count);
[DllImport("user32.dll")]
static extern System.IntPtr GetWindow(System.IntPtr hWnd, uint uCmd);
[DllImport("user32.dll")]
static extern bool SetForegroundWindow(System.IntPtr hWnd);
enum UCmd
GW_CHILD = 5,
GW_ENABLEDPOPUP = 6,
GW_HWNDFIRST = 0,
GW_HWNDLAST = 1,
GW_HWNDNEXT = 2,
GW_HWNDPREV = 3,
GW_OWNER = 4
public string getForegroundWindowTitle()
const int nChars = 256;
System.Text.StringBuilder Buff = new System.Text.StringBuilder(nChars);
System.IntPtr handle = getForegroundWindow();
if (GetWindowText(handle, Buff, nChars) > 0)
return Buff.ToString();
return null;
// returns null / 0 if find window fails
public System.IntPtr findWindow(System.IntPtr hWndParent,System.IntPtr hWndChildAfter, string lpszClass, string lpszWindow)
System.IntPtr handle = FindWindowEx(hWndParent,hWndChildAfter, lpszClass, lpszWindow);
// System.IntPtr handle = FindWindow(lpszClass, lpszWindow);
return handle;
public System.IntPtr getForegroundWindow()
System.IntPtr handle = GetForegroundWindow();
return handle;
public bool setForegroundWindow(System.IntPtr hWnd)
return setForegroundWindow(hWnd);
public System.IntPtr getWindow(System.IntPtr hWnd, uint uCmd)
return GetWindow(hWnd,uCmd);
$winObj = New-Object Win51
$text = $winObj.getForegroundWindowTitle();
return $text
} #End Function GetActiveWindows
$Procs = @("{%}Systemroot{%}\system32\GroupPolicy\registry.pol",` # Corporate Defaults
"{%}allusersprofile{%}\NTUser.pol",` #KB822158
"{%}windir{%}\SoftwareDistribution\Datastore\Logs\Edb*.log",`
"{%}windir{%}\SoftwareDistribution\Datastore\Logs\Edb.chk",` #KB822158
"{%}windir{%}\SoftwareDistribution\Datastore\Logs\Edbres00001.jrs",`
"{%}windir{%}\SoftwareDistribution\Datastore\Logs\Edbres00002.jrs",`
"{%}windir{%}\SoftwareDistribution\Datastore\Logs\Res1.log",`
"{%}windir{%}\SoftwareDistribution\Datastore\Logs\Res2.log",`
"{%}windir{%}\SoftwareDistribution\Datastore\Logs\Tmp.edb ",` #KB822158
"{%}windir{%}\SoftwareDistribution\Datastore\datastore.edb",` #KB822158
"{%}windir{%}\security\*.chk",`
"{%}windir{%}\security\*.edb",`
"{%}windir{%}\security\*.log",`
"{%}windir{%}\security\*.sdb",`
"{%}windir{%}\security\database\Security.sdb",`
"C:\quarantine",`
"{%}systemroot{%}\System32\GroupPolicy\Machine\Registry.pol", ` #KB822158
"{%}systemroot{%}\System32\GroupPolicy\User\Registry.pol", ` #KB822158
"{%}windir{%}\security\database\*.edb",` #KB822158
"{%}windir{%}\security\database\*.sdb",` #KB822158
"{%}windir{%}\security\database\*.log",` #KB822158
"{%}windir{%}\security\database\*.chk",` #KB822158
"{%}windir{%}\security\database\*.jrs",` #KB822158
"{%}windir{%}\SoftwareDistribution\Datastore\Logs\Edb*.jrs",` #KB822158
"{%}windir{%}\Ntds\Ntds.dit",` #KB822158 - AD DCs
"{%}windir{%}\Ntds\Ntds.pat",` #KB822158 - AD DCs
"{%}windir{%}\Ntds\ED*.log",` #KB822158 - AD DCs
"{%}windir{%}\Ntds\Res*.log",` #KB822158 - AD DCs
"{%}windir{%}\Ntds\Edb*.jrs",` #KB822158 - AD DCs
"e:\Ntds\Ntds.dit",` #KB822158 - AD DCs
"e:\Ntds\Ntds.pat",` #KB822158 - AD DCs
"e:\Ntds\ED*.log",` #KB822158 - AD DCs
"e:\Ntds\Res*.log",` #KB822158 - AD DCs
"e:\Ntds\Edb*.jrs",` #KB822158 - AD DCs
"{%}windir{%}\Ntfrs\jet\sys\edb.chk",` #KB822158 - AD DCs
"{%}windir{%}\Ntfrs\jet\ntfrs.jdb",` #KB822158 - AD DCs
"{%}windir{%}\Ntfrs\jet\log\*.log",` #KB822158 - AD DCs
"{%}systemroot{%}\Sysvol\Staging areas\Nntfrs_cmp*.*",` #KB822158 - AD DCs
"e:\Sysvol\Staging areas\Nntfrs_cmp*.*",` #KB822158 - AD DCs
"{%}systemroot{%}\System32\Dns\*.log",` #KB822158 - AD DCs
"{%}systemroot{%}\System32\Dns\*.dns",` #KB822158 - AD DCs
"ABServer.exe", ` # Begin Lync 2013 Exclusions
"AcpMcuSvc.exe", `
"ASMCUSvc.exe", `
"AVMCUSvc.exe", `
"ChannelService.exe", `
"ClsAgent.exe", `
"ComplianceService.exe", `
"DataMCUSvc.exe", `
"DataProxy.exe", `
"FileTransferAgent.exe", `
"IMMCUSvc.exe", `
"LysSvc.exe", `
"MasterReplicatorAgent.exe", `
"MediaRelaySvc.exe", `
"MediationServerSvc.exe", `
"MRASSvc.exe", `
"OcsAppServerHost.exe", `
"ReplicaReplicatorAgent.exe", `
"ReplicationApp.exe", `
"RtcHost.exe", `
"RTCSrv.exe", `
"XmppProxy.exe", `
"XmppTGW.exe", `
"Fabric.exe", `
"FabricDCA.exe", `
"FabricHost.exe", `
"{%}ProgramFiles{%}\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLServr.exe", `
"{%}ProgramFiles{%}\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\Bin\ReportingServicesService.exe", `
"{%}ProgramFiles{%}\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\Bin\MSMDSrv.exe", `
"{%}ProgramFiles{%}\Microsoft SQL Server\MSSQL11.LYNCLOCAL\MSMQL\Binn\SQLServr.exe", `
"{%}ProgramFiles{%}\Microsoft SQL Server\MSSQL11.RTCLOCAL\MSMQL\Binn\SQLServr.exe", `
"{%}systemroot{%}\System32\LogFiles", `
"{%}systemroot{%}\SysWow64\LogFiles", `
"{%}programfiles{%}\Microsoft Lync Server 2013", `
"{%}programfiles{%}\commonfiles\Microsoft Lync Server 2013", `
"{%}ProgramFiles{%}\Microsoft Lync Server 2013\Web Components\Mcx\Ext", `
"{%}ProgramFiles{%}\Microsoft Lync Server 2013\Web Components\Mcx\Int", `
"{%}ProgramFiles{%}\Microsoft Lync Server 2013\Web Components\Ucwa\Int", `
"{%}ProgramFiles{%}\Microsoft Lync Server 2013\Web Components\Ucwa\Ext", `
"{%}systemroot{%}\Windows\Microsoft.NET\Framework64\v4.0.30319\Config", `
"{%}ProgramFiles{%}\Microsoft System Center 2012 R2\Server\Health Service State",` #Begin SCOM 2012 R2 Exclusions
"{%}ProgramFiles{%}\System Center Operations Manager\Gateway\Health Service State",`
"{%}ProgramFiles{%}\Microsoft Monitoring Agent\Agent\Health Service State",`
"CShost.exe","Microsoft.Mom.Sdk.ServiceHost.exe","HealthService.exe","MonitoringHost.exe",`
"e:\WAC_Server_Cache","e:\WAC_Server_Logs","e:\WAC_Server_Rendering_Cache"` # WC Server storage locations
# This section will exlude file types
$FileTypes = @("MDF","LDF")
# This section will include sub folders in the exclusion. Path must end in a \
$ProcIncludingSubs = @("{%}programfiles{%}\Microsoft Lync Server 2013\", `
"{%}systemroot{%}\RtcReplicaRoot\", `
"{%}SystemDrive{%}\RtcReplicaRoot\", `
"E:\RtcReplicaRoot\xds-replica\", `
"{%}systemroot{%}\assembly\", `
"{%}systemroot{%}\ServiceProfiles\", `
"{%}systemroot{%}\Windows\Microsoft.NET\", `
"{%}systemroot{%}\system32\inetsrv\", `
"{%}systemroot{%}\system32\LogFiles\", `
"{%}systemroot{%}\SysWOW64\inetsrv\", `
"{%}systemroot{%}\SysWOW64\LogFiles\", `
"{%}systemroot{%}\System32\Dns\Boot\",` #KB822158 - AD DCs
"{%}programfiles{%}\Common Files\Microsoft Lync Server 2013\Watcher Node\" `
$TotalExclusionsinFunction = $Procs.Length + $FileTypes.Length + $ProcIncludingSubs.Length
$TotalExclusionsinRegistry = ((Get-Item -Path 'HKLM:\SOFTWARE\Wow6432Node\McAfee\SystemCore\VSCore\On Access Scanner\McShield\Configuration\Default\').Property -match "ExcludedItem_").count
If ($TotalExclusionsinFunction -eq $TotalExclusionsinRegistry)
Write-Host ""
Write-Host "`tChecking Anti-Virus Exclusions in the Registry"
Write-Host ""
Write-Host "`t`tStatus : " -ForegroundColor White -NoNewline
start-sleep -m 500
Write-Host "Count Matches" -ForegroundColor Yellow
Write-Host ""
Write-Host "`t`t`tThe number of exclusions in this script match the number of exclusions in the registry" -ForegroundColor Yellow
Start-Sleep 5
return $true
[void] [System.Reflection.Assembly]::LoadWithPartialName("'Microsoft.VisualBasic")
[void] [System.Reflection.Assembly]::LoadWithPartialName("'System.Windows.Forms")
Write-Host "`tDisabling Artemis (Hueristic Scanning)" -ForegroundColor Cyan
$VConsole = Get-Process -Name mcconsol -ErrorAction SilentlyContinue
$VConsole1 = Get-Process -Name shcfg32 -ErrorAction SilentlyContinue
If (($VConsole -ne $null) -or ($VConsole1 -ne $null))
If ($VConsole -ne $null)
$VConsole.CloseMainWindow() | Out-Null
If ($VConsole1 -ne $null)
Stop-Process -Processname shcfg32 -ErrorVariable "AOS" -Force
If ($AOS)
Write-Host "`tForce Close Failed - Taking Extrodinary Actions (~20 Secs)" -ForegroundColor Yellow
If ($ActiveApp -eq "On-Access Scan Properties")
[System.Windows.Forms.SendKeys]::SendWait("{ESC}{ESC}{ESC}{ESC}{ESC}")
$ActiveApp = GetActiveWindows
$Count = 0
Write-Host "`t`t`t[" -ForegroundColor Yellow -NoNewline
while (($ActiveApp -ne "On-Access Scan Properties") -and ($Count -lt 10))
[Microsoft.VisualBasic.Interaction]::AppActivate("On-Access Scan Properties")
start-sleep 1
[System.Windows.Forms.SendKeys]::SendWait("{ESC}{ESC}{ESC}{ESC}{ESC}")
Start-Sleep 1
$Count++
$ActiveApp = GetActiveWindows
Write-Host "*" -ForegroundColor Green -NoNewline
Write-Host "]" -ForegroundColor Yellow
$VConsole1 = Get-Process -Name shcfg32 -ErrorAction SilentlyContinue
If ($VConsole1 -ne $null)
Write-Host "`t`tIssue Closing the App"
Pause
Else
start-sleep -m 500
& 'C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHCFG32.EXE'
Write-Host "`t`tClosing all McAfee Windows"
start-sleep -m 500
& 'C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHCFG32.EXE'
Else
& 'C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHCFG32.EXE'
Start-Sleep 2
# Setting Hueristic Settings to disabled
Write-Host "`t`tGrabbing focus of window [On-Access Scan Properties]"
[Microsoft.VisualBasic.Interaction]::AppActivate("On-Access Scan Properties")
start-sleep 1
$ActiveApp = GetActiveWindows
Write-Host "`t`tCurrent Focus is $ActiveApp"
If ($ActiveApp -ne "On-Access Scan Properties")
Write-Host "`t`tUnable to get Focus On-Access Scan Properties"
$Count = 0
start-sleep -m 300
while (($ActiveApp -ne "On-Access Scan Properties") -and ($Count -lt 10))
$Count++
Write-Host "`t`t`t`tTrying again: $Count of 10 times"
[Microsoft.VisualBasic.Interaction]::AppActivate("On-Access Scan Properties")
start-sleep -m 750
$ActiveApp = GetActiveWindows
If ($ActiveApp -ne "On-Access Scan Properties")
Write-Host "`t`tUnable to grab focus of [On-Access Scan Properties]"
Write-Host "`t`tStarting over again"
Stop-Process -Processname shcfg32 -Force
Start-Sleep 5
Return $False
$KeyboardArray1 = "%S","{UP}","{UP}","{UP}","{UP}","{UP}","{UP}","{TAB}","{TAB}","{TAB}","{ENTER}"
ForEach ($z in $KeyboardArray1)
$ActiveApp = GetActiveWindows
If ($ActiveApp -ne "On-Access Scan Properties")
Write-Host "`t`tUnable to keep focus on [On-Access Scan Properties]"
Write-Host "`t`tStarting over again"
Stop-Process -Processname shcfg32 -Force
Start-Sleep 5
Return $False
[System.Windows.Forms.SendKeys]::SendWait($z)
start-sleep -m 300
start-sleep 2
# Start Exclusions
Write-Host "`tStarting VirusScan Exclusions" -ForegroundColor Cyan
$VConsole = Get-Process -Name mcconsol -ErrorAction SilentlyContinue
$VConsole1 = Get-Process -Name shcfg32 -ErrorAction SilentlyContinue
If (($VConsole -ne $null) -or ($VConsole1 -ne $null))
If ($VConsole -ne $null)
$VConsole.CloseMainWindow() | Out-Null
If ($VConsole1 -ne $null)
Stop-Process -Processname shcfg32 -Force
Write-Host "`t`tClosing all McAfee Windows"
start-sleep -m 500
& 'C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHCFG32.EXE'
Else
& 'C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHCFG32.EXE'
Start-Sleep 2
# Removing all On Access Scanner Exclusions
Write-Host "`t`tGrabbing focus of window [On-Access Scan Properties]"
[Microsoft.VisualBasic.Interaction]::AppActivate("On-Access Scan Properties")
start-sleep 1
$ActiveApp = GetActiveWindows
Write-Host "`t`tCurrent Focus is $ActiveApp"
If ($ActiveApp -ne "On-Access Scan Properties")
Write-Host "`t`tUnable to get Focus On-Access Scan Properties"
$Count = 0
start-sleep -m 300
while (($ActiveApp -ne "On-Access Scan Properties") -and ($Count -lt 10))
$Count++
Write-Host "`t`t`t`tTrying again: $Count of 10 times"
[Microsoft.VisualBasic.Interaction]::AppActivate("On-Access Scan Properties")
start-sleep -m 750
$ActiveApp = GetActiveWindows
If ($ActiveApp -ne "On-Access Scan Properties")
Write-Host "`t`tUnable to grab focus of [On-Access Scan Properties]"
Write-Host "`t`tStarting over again"
Stop-Process -Processname shcfg32 -Force
Start-Sleep 5
Return $False
$KeyboardArray1 = "%S","{TAB}","{DOWN}","+{TAB}","+{TAB}","+{TAB}",,"+{TAB}","{RIGHT}","+{TAB}","+{TAB}","+{TAB}",,"+{TAB}","{RIGHT}","%E"
#[System.Windows.Forms.SendKeys]::SendWait("{TAB}{TAB}{TAB}{TAB}{TAB}{TAB}{TAB}{DOWN}{TAB}{TAB}{TAB}{RIGHT}{TAB}{TAB}{TAB}{TAB}{TAB}{TAB}{TAB}{TAB}{TAB}{TAB}{TAB}{TAB}{TAB}{RIGHT}%E")
ForEach ($z in $KeyboardArray1)
$ActiveApp = GetActiveWindows
If ($ActiveApp -ne "On-Access Scan Properties")
Write-Host "`t`tUnable to keep focus on [On-Access Scan Properties]"
Write-Host "`t`tStarting over again"
Stop-Process -Processname shcfg32 -Force
Start-Sleep 5
Return $False
[System.Windows.Forms.SendKeys]::SendWait($z)
start-sleep -m 300
start-sleep 2
# Removing exclusions 150 times.
Write-Host "`t`tRemoving existing virus exlcusions (up to 150)"
[Microsoft.VisualBasic.Interaction]::AppActivate("Set Exclusions")
start-sleep 5
$ActiveApp = GetActiveWindows
Write-Host "`t`tCurrent Focus is $ActiveApp"
If ($ActiveApp -ne "Set Exclusions")
Write-Host "`t`tUnable to get Focus on Set Exclusions"
$Count = 0
start-sleep -m 300
while (($ActiveApp -ne "Set Exclusions") -and ($Count -lt 10))
$Count++
Write-Host "`t`t`t`tTrying again: $Count of 10 times"
[Microsoft.VisualBasic.Interaction]::AppActivate("Set Exclusions")
start-sleep -m 750
$ActiveApp = GetActiveWindows
If ($ActiveApp -ne "Set Exclusions")
Write-Host "`t`tUnable to grab focus of [Set Exclusions]"
Write-Host "`t`tStarting over again"
Stop-Process -Processname shcfg32 -Force
Start-Sleep 5
Return $False
For ($i=1;$i -lt 150; $i++)
$ActiveApp = GetActiveWindows
If ($ActiveApp -ne "Set Exclusions")
Write-Host "`t`tUnable to keep focus on [Set Exclusions]"
Write-Host "`t`tStarting over again"
Stop-Process -Processname shcfg32 -Force
Start-Sleep 5
Return $False
[System.Windows.Forms.SendKeys]::SendWait("%R")
start-sleep 1
# Processing the different Directories and process
ForEach ($y in $ProcIncludingSubs)
$ActiveApp = GetActiveWindows
If ($ActiveApp -ne "Set Exclusions")
Write-Host "`t`tUnable to keep focus on [Set Exclusions]"
Write-Host "`t`tStarting over again"
Stop-Process -Processname shcfg32 -Force
Start-Sleep 5
Return $False
[System.Windows.Forms.SendKeys]::SendWait("%A{TAB}$y{TAB}{ADD}{ENTER}")
Start-Sleep -m 200
ForEach ($y in $Procs)
$ActiveApp = GetActiveWindows
If ($ActiveApp -ne "Set Exclusions")
Write-Host "`t`tUnable to keep focus on [Set Exclusions]"
Write-Host "`t`tStarting over again"
Stop-Process -Processname shcfg32 -Force
Start-Sleep 5
Return $False
[System.Windows.Forms.SendKeys]::SendWait("%A{TAB}$y{ENTER}")
Start-Sleep -m 200
ForEach ($y in $FileTypes)
$ActiveApp = GetActiveWindows
If ($ActiveApp -ne "Set Exclusions")
Write-Host "`t`tUnable to keep focus on [Set Exclusions]"
Write-Host "`t`tStarting over again"
Stop-Process -Processname shcfg32 -Force
Start-Sleep 5
Return $False
[System.Windows.Forms.SendKeys]::SendWait("%A%F{TAB}$y{ENTER}")
Start-Sleep -m 200
[System.Windows.Forms.SendKeys]::SendWait("{ENTER}{TAB}{TAB}{TAB}{ENTER}")
start-sleep 1
Stop-Process -Processname shcfg32 -Force | Out-Null
$TotalExclusionsinRegistry = ((Get-Item -Path 'HKLM:\SOFTWARE\Wow6432Node\McAfee\SystemCore\VSCore\On Access Scanner\McShield\Configuration\Default\').Property -match "ExcludedItem_").count
If ($TotalExclusionsinRegistry -ne $TotalExclusionsinFunction)
Write-Host "`t`tUpdate appears to have failed" -ForegroundColor Yellow
Start-Sleep 1
Return $False
Return $True
} #End Function

Setting Up Virus Scan

Similar Messages

Maybe you are looking for