Using a script to automate UNC definition updates
The FEP 2010 client has the ability to use a UNC share to host updates for the antimalware definitions. A common question from our TAP community is how to setup the UNC share, and how do I keep the share updated - this article focuses on one method for keeping the UNC share up-to-date.
Microsoft release definition files three times a day. In order for the UNC share update method to work, the definition files must be downloaded and placed in a certain folder structure. This structured process is well suited for automation.
To automate this process we can use a simple VB script and the task scheduler in Windows. The VB script, uses three key objects: WinHTTPRequest, FIleSystemObject, and ADODB streams. When downloading the definitions there are actually 4 files to download: 2 for the 32-bit architecture, and 2 for the 64-bit architecture.
The first step is to create the directory structure and set some variable to hold the URLs and the path to the folders:
strMSEx86URL = "https://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86"
strMSEx86Location = "E:\defs\Updates\x86\mpam-fe.exe"
strNISX86URL = "https://download.microsoft.com/download/DefinitionUpdates/x86/nis_full.exe"
strNISX86Location = "E:\defs\Updates\x86\nis_full.exe"
strMSEx64URL = "https://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64"
strMSEx64Location = "E:\defs\Updates\x64\mpam-fe.exe"
strNISX64URL = https://download.microsoft.com/download/DefinitionUpdates/amd64/nis_full.exe"
strNISX64Location = "E:\defs\Updates\x64\nis_full.exe"
Next, using the WinHTTPRequest object, we create a connection to the URL and download the first file (in this case, the x86 antimalware definitions):
Set objWINHTTP = CreateObject("WinHttp.WinHttpRequest.5.1")
objWINHTTP.open "GET", strMSEx86URL, false
objWINHTTP.send
We then check to see if the download was successful, and then open the ADODB stream, set the type to binary to store the file on the stream, and then set the stream pointer back to the beginning:
If objWINHTTP.Status = 200 Then
Set objADOStream = CreateObject("ADODB.Stream")
objADOStream.Open
objADOStream.Type = 1 'adTypeBinary
objADOStream.Write objWINHTTP.ResponseBody
objADOStream.Position = 0 'Set the stream position to the start
A limitation of the ADODB stream object is that if the file you are trying to save already exists, the method will throw an error. Before saving the file within the script, use the fileSystemObject to see if the file exists, and if so, delete it:
Set objFSO = Createobject("Scripting.FileSystemObject")
'check if file exists if so delete
If objFSO.Fileexists(strMSEx86Location) Then objFSO.DeleteFile strMSEx86Location
After confirming the file no longer exists, we can save the contents of the ADODB stream we used earlier to the file and then close the stream:
objADOStream.SaveToFile strMSEx86Location
objADOStream.Close
You must then execute this process for each of the remaining files to be downloaded. Once you have created this script and tested it, you can then use the Windows Task Scheduler to run this job three times a day to download the most recent definitions from Microsoft.
References:
WinHTTPRequest : https://msdn.microsoft.com/en-us/library/aa384106(v=VS.85).aspx
objWINHTTP.Status: https://msdn.microsoft.com/en-us/library/aa383887(VS.85).aspx
ADODB Streams: https://msdn.microsoft.com/en-us/library/ms675032(VS.85).aspx
FileSystemObject: https://msdn.microsoft.com/en-us/library/6kxy1a51(VS.85).aspx
Chris Norman
Senior Escalation Engineer, CSS
Comments
Anonymous
January 01, 2003
Hi Julio, I'm not sure I understand the question you're asking - but I'll give an answer a shot. The examples above are not given in a complete script - you cannot copy and paste the sections together without appropriate script formatting. However, with FEP 2010 Update Rollup 1, there is a Definition Update Automation tool available, which may make the above steps unnecessary. You can find UR1 here: www.microsoft.com/.../details.aspx Thanks for your question!Anonymous
January 01, 2003
Hi Chris, This set of code was provided as a sample only, and needs additional scripting in order to work properly. For more assistance, try the Scripting forum (social.technet.microsoft.com/.../threads)...Anonymous
April 13, 2011
The comment has been removedAnonymous
July 22, 2011
what is scripting additional for work proxy.?