Endpoint Protection

Is there a way (script?) or a tool out there that will restart smc.exe remotely on a client. I'm making changes to the client remotely and need smc.exe to be restarted in order for it to contact SEPM.

Will PSExec work?

smc.exe is your symantec management client service
you can try net start / net stop symantec management client service

I used psexec.
create a *.bat with command:

@ Blenahan

Thanks for the script, very simple. However, I get the following error:

The service cannot be started, eithe rbecause it is disabled or because it has no enabled devices associated with it

I'm researching now, just curious if you've run into this one before

is remote registry enabled on the clients?

Yes it is.

I tihnk the problem is because we have psexec blocked via hash.

We had a clampi outbreak last yr and it used psexec to propagate itself across the network so we blocked it

However, it was only for one specific version of psexec that clampi was using. Assuming I can find an earlier or later version, it should work

Latest and greatest...

http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

Even easier, put this in your BAT file.

SET /P COMPNAME=Machine Name:
psexec \\%COMPNAME% "c:\program files\symantec endpoint protection\smc.exe" -p [password] -stop
psexec \\%COMPNAME% "c:\program files\symantec endpoint protection\smc.exe" -start
psexec \\%COMPNAME% "c:\program files\symantec antivirus\smc.exe" -p [password] -stop
psexec \\%COMPNAME% "c:\program files\symantec antivirus\smc.exe" -start

It will prompt you for the machine name when you run it, this way you do not have to edit the script each time to enter a machine name.  I have both types of directories because my clients have one or the other.

Put the psexec.exe in teh same folder as this bat and you're good to go.

It if returns a -0 error, it actually did work on the remote end.  If it says file not found, that is when it tried one of the two directories of which did not exist on the client.

Now I'm getting unknown user name or bad password. I'm guessing it wants local admin creds.

Sorry not much of a scripter, I got a guy here helping me but he keeps running off

Yeah, sorry I should have mentioned that.  You'll need admin level access to remote workstations when running this.  If you have an elevated account, you can create a shortcut to the BAT and then change the properties of the shortcut to Run with different credentials.  This way it will prompt you for admin credentials each time you run it without having to necessarily login with an admin account to Windows.

Which is why I'm confused because i'm a domain admin

do you have a password required to stop the service?  If not, is any part of the -p [password] string remaining in the BAT file?

No passwords, and no I did not edit your script. Just copied and pasted as is

I did this a while ago, no third party tools required.

I wrote a little VBScript that did the following:

Remote Registry connection to remote host to determine correct location for SMC
WMI to run "smc -stop" appending password if required
WMI to wait for the processes to actually stop
WMI to run "smc -start"

it worked very well, I can try and find it again if you want... its been a while...

@ Paul,

if you can, that would be great.

PsExec is being blocked so I need another workaround.

That's why.  Take out the -p [password] so that is just says -stop.  I have mine password protected and part of my script.  Yours should then look like:

SET /P COMPNAME=Machine Name:
psexec \\%COMPNAME% "c:\program files\symantec endpoint protection\smc.exe" -stop
psexec \\%COMPNAME% "c:\program files\symantec endpoint protection\smc.exe" -start
psexec \\%COMPNAME% "c:\program files\symantec antivirus\smc.exe" -stop
psexec \\%COMPNAME% "c:\program files\symantec antivirus\smc.exe" -start

It changed it

I even had to add c:\program files\symantec client security\symantec antiVirus\smc.exe as this is another location

Still says its disabled

You might still be having issues with PSEXEC being allowed to run.  Their might be traffic blocked from that file and maybe as well as an MD5 hashs block somewhere.

There is a hash block in place. My understanding is that it was for one specific version of PsExec, the one Clampi was using. And now I can't find our GPO guy. Either way if appears to disabled for all versions, sadly.

I can use dameware ntu but it takes too much time, your script would be quick and easy

Well, I'm sorry it's not going to work for you.  I'll see if I have something else handy as well.

Definitely bummed. I tried psservice as well but continue to get errors. Unfortunately, admins at other locations like to deviate from policy and tweak permission, etc. I just don't have the time now to fix what they broke as I'm trying to get SEP rolled out company wide.

Copy the below code into notepad and save as whatever you like WITH A .vbs extension.  Then double click on it.  This one references the static c:\program files\symantec client security\symantec antivirus path you referred to.  Do you clients have other install locations?  I'll get you a new one that scans several directories here shortly.  Try this one out on a machine though.  This will always be dependent on the SMC service NOT being password protected.  If you ever decide to do so, it is a very simple edit to the code.

strComputer = ""
strMsg = "This script will restart the SMC services on the remote machine."
strComputer = UCase(Trim(InputBox(strMsg,"Enter Target Computer Name", strComputer)))
If Len(strComputer) = 0 Then
   WScript.Echo "Machine name not specified" & vbCrlf &  "Terminating Script"
   WScript.Quit
End If

Set objShell = CreateObject("Wscript.Shell")
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2:Win32_Process")
intReturn = objWMIService.Create("c:\program files\symantec client security\symantec antivirus\smc.exe -stop", Null, Null, intProcessID)
Wscript.Sleep 10000
intReturn2 = objWMIService.Create("c:\program files\symantec client security\symantec antivirus\smc.exe -start", Null, Null, intProcessID)

 

It kept formatting the code weird and I was afraid it would break up code that needed to be on one line and would causes problems.  Below is the script.  Save it locally and rename it from RestartRemoteSEP.txt to RestartRemoteSEP.vbs

Beautiful! Quick, quiet, and easy.....much appreciated, thanks for taking time out of your day to lend a hand

Thanks again
Brian

And yes, most of my clients have the referenced path in the vbs script but I have also seen the other two paths above in the batch file. I can always edit if necessary or just create two more, one for each path. I'm just excited to be able to do it now!

Thanks

Ok sounds good.  My pleasure, glad I could help.

Blenaha,

Have you created one that will take a list of IP addresses by any chance?
I used to have a fantastic version a vbs guru wrote for me that would take a list of IP's or comp names, stop smc, drop the sylink and restart smc.
As well as write the results to a log file but have since lost it somewhere :(

Z

I have a batch file that does with with PSEXEC already.  If you are in Brian's situation where he can't use PSEXEC, it shouldn't be too hard to get one running.  It might be a couple days as I got something going on, but I can provide you with a VBS if you need that vs. the PSEXEC one.

psexec rules!!
There is no way that is getting blocked anywhere I work  :)

Hope you can find that Paul.  :-)  
Thanks, Paul,  blenahan and others.

blenahan's script has been flawless for me

Hello,

I am facing problems with SEP clinets. After shifting server to different loaction and IP , few clients are gettings updates. It in same LAN and network.
I checked the following

Symantec macnagemet Client Service  cannot be restarted. Its aalready started and Automatic but when right click on this service show all options as faded [ start , stop, pause,resume , restart]. The green betton in the SEP icon in task bas is also not appearing.

I have tried removing using clean wipe and reinstalled it again. Still the same.

Please help me on this ASAP .

With Regards
MJ
mail2janub@gmai.com

Hello,

I am facing problems with SEP clinets. After shifting server to different loaction and IP , few clients are gettings updates. It in same LAN and network.
I checked the following

Symantec macnagemet Client Service  cannot be restarted. Its aalready started and Automatic but when right click on this service show all options as faded [ start , stop, pause,resume , restart]. The green betton in the SEP icon in task bas is also not appearing.

I have tried removing using clean wipe and reinstalled it again. Still the same.

Please help me on this ASAP .

With Regards
MJ
mail2janub@gmai.com

Please create a new thread so we can address separately from this one as it has already been solved and might be overlooked

Would love it if we could restart SMC from SEPM.

Well, I haven't installed RU6 yet...maybe we can now. If not, vote here: https://www-secure.symantec.com/connect/idea/remote-smc-restart-sepm