Fixlet to run exe from varying local drive paths

(imported topic written by Ahwilson)

I am trying to write a fixlet to run and exe that exist on several computers. The problem is the path location varies and there are several versions of the exe, so I need to run the one on the local drive of each. To add to that I have to supply a password.

Here is what I have

pathname of file is in “C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\THISCHANGES”

The exe string is “smc.exe” -p password -stop"

(imported comment written by nberger91)

try:

value “SAVCE” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps” of registry as string & “\smc.exe -stop”

(imported comment written by Ahwilson)

The service is password protected. I can execute the smc.exe with a -p to pass the password along. So it does not work sending a registry change.

(imported comment written by nberger91)

so try: value “SAVCE” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps” of registry as string & “\smc.exe -
p password
-stop”

or something similar like:

if {exists file “C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\smc.exe”}

wait {“C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\smc.exe -p password -stop”}

elseif {exists file “D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\smc.exe”}

wait {“D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\smc.exe -p password -stop”}

elseif {(not exists file “C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\smc.exe” OR not exists file “D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\smc.exe”) AND (exists keys “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps” whose (exists values whose(name of it = “SAVCE” AND it as string as lowercase does not contain “\Bin” as lowercase) of it) of registry)}

wait {value “SAVCE” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps” of registry as string & “\smc.exe -p password -stop”}

endif

(imported comment written by Ahwilson)

Thanks. Been trying some of these. The part I’m hung up on is the path. In the path example you give, the “12.1.300.1.165.105” folder can vary.

if {exists file “C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\smc.exe”}

I found where I can locate the smc.exe by using “of folders of folders” statements, but can’t figure out how to run the exe.

pathname of file whose (name of it as lowercase contains “smc.exe”) of folders of folders of folder “C:\Program Files (x86)\Symantec\Symantec Endpoint Protection”

(imported comment written by dmoore21)

Why don’t you try pulling the location of the executable from the registry and setting it as a variable, then using the variable as your jumping off point…

(imported comment written by nberger91)

wait {
pathname

of

file

whose

(name

of

it

as

lowercase

contains

“smc.exe”

as

lowercase)

of

folders

of

folders

of

folder

“C:\Program Files (x86)”

&

" -p password -stop"}

(imported comment written by martinc)

If this is possible, I would use the registry like dmoore21 stated. I do not have symantec installed on my system so I cannot verify that this would work.

Ideally this would be in the HKLM\Software\Symantec(?) or in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall. You should be able to get the install path and then get parse together the location of the smc.exe. This is usually better than trying to scan the entire Program files or Program Files (x86) as depending on the contents, it could take a real long time to find the binaries.

Martin

(imported comment written by Ahwilson)

Ran it like this; regset value “SAVCE” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps” of registry as string & “\smc.exe -p Password -stop”

Job ran successful, but the service did not stop. Thinking it has to do with the passing of the password.

(imported comment written by Ahwilson)

Think this is on the right track, but it keeps failing. Seems that the execution of the smc.exe is where the problem lies.

Command failed (Thread execution failed (87)) wait C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -p Password 1 -stop (action:13010)

At 08:48:33 -0400 -

(imported comment written by nberger91)

i don thave sep installed to test but try

wait "{
pathname

of

file

whose

(name

of

it

as

lowercase

contains

“smc.exe”

as

lowercase)

of

folders

of

folders

of

folder

“C:\Program Files (x86)”

&

" -p password -stop"}"

(imported comment written by dmoore21)

Just to give you an idea of what I meant above, here is how I deploy and execute Powershell scripts from the console…

//

//PowerShell Script

//

//1. Save old ExecutionPolicy value

//

parameter “PolicyExisted”="{exists value “ExecutionPolicy” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of (if exists x64 registry then x64 registry else registry)}"

parameter “oldExecutionPolicy”="{if (parameter “PolicyExisted” as boolean) then (value “ExecutionPolicy” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of (if exists x64 registry then x64 registry else registry) as string) else “”}"

//

//2. set to ExecutionPolicy=Unrestricted and Pull PowerShell exe from registry… if 64bit then pull PowerShell x64

//

if {x64 of operating system}

parameter “PowerShellexe”="{value “Path” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of x64 registry}"

regset64 “http://HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” “ExecutionPolicy”=“Unrestricted”

else

parameter “PowerShellexe”="{value “Path” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of registry}"

regset “http://HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” “ExecutionPolicy”=“Unrestricted”

endif

//

//3. Download PowerShell script and check size/hash

//

download http://temserver:52311/Uploads/script.ps1

continue if {(size of it = 5955 AND sha1 of it = “4f9d85970da5511498bc0a5db5e9f05884e897e5”) of file “script.ps1” of folder “__Download”}

//

//4. Execute PowerShell with ps1 script file

//

action uses wow64 redirection false

waithidden “{parameter “PowerShellexe”}” -file “__Download\script.ps1 | Format-Table -AutoSize”

action uses wow64 redirection {x64 of operating system}

//

//5. Restore ExecutionPolicy back

//

if {x64 of operating system}

if {parameter “PolicyExisted” as boolean}

regset64 “http://HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” “ExecutionPolicy”="{parameter “oldExecutionPolicy”}"

else

regdelete64 “http://HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” “ExecutionPolicy”

endif

else

if {parameter “PolicyExisted” as boolean}

regset “http://HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” “ExecutionPolicy”="{parameter “oldExecutionPolicy”}"

else

regdelete “http://HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” “ExecutionPolicy”

endif

endif

//

//END OF SCRIPT

//

You’ll want to pay close attention to section 2…

(imported comment written by Ahwilson)

This ran as completed, but the service did not turn off.

regset value “SAVCE” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps” of registry as string & “\smc.exe -p Password -stop”

(imported comment written by martinc)

You are using “regset” instead of “wait”. This is used to set the registry value, not execute a command.

I think the action would be something like

wait {value “
SAVCE
” of key “
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps
” of registry as string &
"\smc.exe -p Password -stop"
}

(imported comment written by Ahwilson)

wait {value “SAVCE” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps” of registry as string & “\smc.exe -p Password -stop”}

Always does not work. It always fails.

(imported comment written by martinc)

What does the relevance return if you try it in the fixlet debugger? You can also try the action in the fixlet debugger and see what it does, it might have more information.

q:
value “SAVCE” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps” of registry

(imported comment written by Ahwilson)

Martinc after all that found out the password they gave me was the problem. The simple:

dos "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\smc.exe" -p Passwordhere -stop

worked.

Thanks for all your help.