This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Manual Update Via Command Line/Script

Hello,

I have searched both the web and these forums for a way to kick off a manual update for Sophos Endpoint Security and Control 9.5 via a script or the command line.  I can right click on the Sophos tray icon and choose 'Update now' just fine, but need a script or command line to be able to manually force an update on a machine remotely.  Is there a way to do that?


Thanks

:12573


This thread was automatically locked due to age.
  • Hi,

    The following piece of VBS will kick off an update:

    dim objALC : set objALC = CreateObject("ActiveLinkClient.ClientUpdate.1")
    objALC.UpdateNow 1,1

    CreateObject (http://msdn.microsoft.com/en-us/library/dcw63t7z(v=vs.85).aspx) can take a location as a parameter otherwise PsExec (http://technet.microsoft.com/en-us/sysinternals/bb897553) to run it remotely could be an option.

    Regards,

    Jak

    :12575
  • This works perfectly. Thanks!
    :12585
  • I call this after after an install and reboot.

    "C:\Program Files\Sophos\AutoUpdate\ALUpdate.exe" -ManualUpdate

    Thanks,

    Jason

    :12853
  • Hi,

    If you take a look in the AutoUpdate trace logs (e.g. "\ProgramData\Sophos\AutoUpdate\Logs \ALUpdate[timestamp].log) you can see the line:
    -ScheduledUpdate -NoGUI -RootPath "C:\Program Files (x86)\Sophos\AutoUpdate"

    to denote the start of a scheduled update and essentially the command line arguments being passed to Alupdate.exe.  The other being  -ManualUpdate for a forced update.

    Also, if you run something like Process Explorer while kicking off an update, the AutoUpdate service (ALSvc.exe) calls Alupdate.exe with the following parameters:

    "C:\Windows\TEMP\sophos_autoupdate1.dir\alupdate.exe" -ManualUpdate  -NoGUI -RootPath "C:\Program Files (x86)\Sophos\AutoUpdate"  

    So Alupdate does take such a parameter, the problem might come however when Alupdate has to update iself if you're running the Alupdate.exe from the current install set as you suggest.  As AutoUpdate can update AutoUpdate, this is the reason why it copies the minimum set of files to "\Windows\TEMP\sophos_autoupdate1.di r\" and runs a copy from there.

    For that reason I would suggest sticking with the VBS approach as this more closely mirrors what takes place.

    Regads,

    Jak 

    :12855
  • Hi,

    I know this is an older thread, but this fall inline with what I am trying to accomplish.

    I recently updated to the latest version of Sophos (SEC ver: 5.0.0.8 , AntiVirus ver: 10)

    In the past, systems have updated, requested restart, and when the users shutdown their PC's at night normally the next morning most requests to restart the computer are cleared.

    This time around though I have a higher volume of machines that didn't clear this message. 

    What I would like to do is to automate the process of clearing this message. I found this KB that explains the process of resolving this issue. I was wondering though, is this the correct course of action? 

    On most of the machines I have confirmed that they absolutely have been shutdown and restarted since the inital update of the software, but the message requesting a restart still remains. So would using this method be the correct course of action? Or should I be digging more to investigate why these weren't cleared?

    Back to the automation part, this is a great little piece of code that I would like to use in conjunction with the KB listed above. I would like to write a VB script (still learning VB so it might take me a while, but that is part of the fun) that will create the reg key with a value of 1, run an update, edit the reg key and give it value of 0, and then run the update again.

    Does this sound like a good, or bad idea? My primary goal here is to try and limit the disruption to the users machines and make the process as easy as possible on myself. Using a small script, I think I could accomplish this.

    Anyway, thank you for this post it has been helpful!

    :20905
  • How about something like this as an idea:

    'Script to check if the uptime of a machine is greater than 5 minutes.
    ' if so it sets the reboot required to 0 and calls update now to force state to SEC.
    
    const HKEY_LOCAL_MACHINE = &H80000002
    
    dim strRegistryKey, strKeyPath, intRestartRequired
    
    intRestartRequired = 0 ' set 0 to clear reboot, set to 1 to mark as reboot required.
    
    if Is64() then
    	strKeyPath = "SOFTWARE\Wow6432Node\Sophos\AutoUpdate\UpdateStatus"
    else
    	strKeyPath = "SOFTWARE\Sophos\AutoUpdate\UpdateStatus"
    end if
    
    if datediff ("n", GetLastBoot(), Date() & " " & Time() ) > 5 then
    	'The machine has been rebooted
    	SetKey()	
    	CallUpdate()	
    end if
    
    
    'Functions ---------------------------------------------------------------------
    '-------------------------------------------------------------------------------
    Function GetLastBoot()
    	
    	on error resume next
    	
    	set objWMIDateTime = CREATEOBJECT("WbemScripting.SWbemDateTime")
    	set objWMI = GETOBJECT("winmgmts:\\.\root\cimv2")
    	set colOS = objWMI.InstancesOf("Win32_OperatingSystem")
    	
    	for each objOS in colOS
    		objWMIDateTime.Value = objOS.LastBootUpTime
    		GetLastBoot = objWMIDateTime.GetVarDate 
    	next
    
    	set objWMIDateTime = nothing
    	set objWMI = nothing
    	set colOS = nothing
    		
    End Function
    
    '-------------------------------------------------------------------------------
    
    '-------------------------------------------------------------------------------
    Function Is64()
        
    	on error resume next
        
    	dim objWMIService, objColSettings, strDesc, objProcessor
    	
    	Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
    	Set objColSettings = objWMIService.ExecQuery ("SELECT * FROM Win32_Processor") 
    	
       	For Each objProcessor In objColSettings 
    		strDesc = objProcessor.AddressWidth 
    	Next 
    	
        if strDesc = "32" then
            Is64 = false
        end if
        if strDesc = "64" then
            Is64 = true
        end if
    	
        Set objWMIService = nothing
    	set objColSettings = nothing
    	
    End Function
    '-------------------------------------------------------------------------------
    
    '-------------------------------------------------------------------------------
    Function SetKey()
    
    	dim objReg
    	
    	set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
    	objReg.SetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, "RebootRequired", intRestartRequired
    
    	set objReg = nothing
    
    End Function
    '-------------------------------------------------------------------------------
    
    
    '-------------------------------------------------------------------------------
    Function CallUpdate()
      
      dim objALC
      
      set objALC = CreateObject("ActiveLinkClient.ClientUpdate.1")
      objALC.UpdateNow 1,1
     
    End Function 
    '-------------------------------------------------------------------------------

    This will set the RebootRequired key to 0 if the machine has been up for more than 5 minutes (adjust as required) then call an update now.  At the end of the update the endpoint will send back a message to clear the alert in SEC.

    Hope it's useful.  I haven't tested it much, just threw together a few functions I had already.

    Regards,

    Jak

    :20917
  • Hey Jak,

    Wow you didn't have to go through all the trouble of coding that up!

    That looks really good, it probably would have taken me all week to code something half as good as this!

    I will give this a try and let you know how it goes, but this looks like it accomplishes exactly what I had in mind!

    Thank you for your help!!!!!!

    Cheers

    :20947
  • No problems. It was quite late at night when I put that together.  In the light of day I've just thought, that checking if the uptime is greater than 5 minutes doesn't really help.  As a machine that hasn't been rebooted would also match this condition.  In some ways you want the opposite.  I.e. if the uptime is less than 5 days for example.

    Which I guess would make the conditional line:

    if datediff ("d ", GetLastBoot(), Date() & " " & Time() ) < 5 then

    To be honest, if you role out a similar script as a startup script in AD, you wouldn't even need to test the uptime, you could just set the registry key to 0, optionally call updatenow and you're done as you know the machine has just started.

    E.g.

    'Script to set the updatestatus to 0 and call update now, could be set as a startup script
    
    const HKEY_LOCAL_MACHINE = &H80000002
    
    dim strKeyPath, intRestartRequired
    
    intRestartRequired = 0 ' set 0 to clear reboot, set to 1 to mark as reboot required.
    
    if Is64() then
    	strKeyPath = "SOFTWARE\Wow6432Node\Sophos\AutoUpdate\UpdateStatus"
    else
    	strKeyPath = "SOFTWARE\Sophos\AutoUpdate\UpdateStatus"
    end if
    
    SetKey()	
    CallUpdate()	
    
    '-------------------------------------------------------------------------------
    'Functions
    '-------------------------------------------------------------------------------
    Function Is64()
        
    	on error resume next
        
    	dim objWMIService, objColSettings, strDesc, objProcessor
    	
    	Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
    	Set objColSettings = objWMIService.ExecQuery ("SELECT * FROM Win32_Processor") 
    	
       	For Each objProcessor In objColSettings 
    		strDesc = objProcessor.AddressWidth 
    	Next 
    	
        if strDesc = "32" then
            Is64 = false
        end if
        if strDesc = "64" then
            Is64 = true
        end if
    	
        Set objWMIService = nothing
    	set objColSettings = nothing
    	
    End Function
    '-------------------------------------------------------------------------------
    
    '-------------------------------------------------------------------------------
    Function SetKey()
    
    	dim objReg
    	
    	set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
    	objReg.SetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, "RebootRequired", intRestartRequired
    
    	set objReg = nothing
    
    End Function
    '-------------------------------------------------------------------------------
    
    '-------------------------------------------------------------------------------
    Function CallUpdate()
      
      dim objALC
      
      set objALC = CreateObject("ActiveLinkClient.ClientUpdate.1")
      objALC.UpdateNow 1,1
     
    End Function 
    '-------------------------------------------------------------------------------

    Jak

    :20953
  • Hey Jak,

    thanks again for the response.

    I see what you are saying about the check for LastBoot. I can see why it might return a false claim that the system had actually been rebooted.

    I like the idea of pushing a startup script out through AD. Currently though, our infrastructure is not supported by AD. We are a Samba/OpenLDAP domain so working with our client machines we sometimes have to get creative.

    I took the script that you wrote (which worked perfectly I might add!!!!) and combined it with a small batch file.

    @ECHO OFF
    FOR /F %%G IN (<path to text file containing IP>\ipaddr.txt) DO ( 
    copy /y <path to VBscript>\sophosUpdateFix.vbs \\%%G\c$\Windows\System32psexec \\%%G -u <username > C:\Windows\System32\cscript.exe sophosUpdateFix.vbs
    del /F \\%%G\c$\Windows\System32\sophosUpdateFix.vbs
    :: pause
    )

    I populated a txt file with the IP addresses of the affected machines.

    I then copy the VBscript to the clients computer, then us PsExec to execute the VBscript on the clients machine.

    Then follow up by deleting the VBscript off the clients machine.

    I realize that this may not necessarily be the preferred way, or the most secure way of doing it, but given the number of machines that were causing issues I decided to go ahead with it and see if it would clear up the issues I was having.

    It has successfully cleaned up all the machines that were reporting the error. 

    Thank you again for your help, I am going to hang onto this in case I require it again in the future.

    Cheers

    :20955
  • Hi,

    Glad it was of use and you could use at least some of the code.  I'm not sure what I was thinking last night with that logic :)

    Cheers,

    Jak

    :20959