Using a script to automate UNC definition updates
The FEP 2010 client has the ability to use a UNC share to host updates for the antimalware definitions. A common question from our TAP community is how to setup the UNC share, and how do I keep the share updated - this article focuses on one method for keeping the UNC share up-to-date.
Microsoft release definition files three times a day. In order for the UNC share update method to work, the definition files must be downloaded and placed in a certain folder structure. This structured process is well suited for automation.
To automate this process we can use a simple VB script and the task scheduler in Windows. The VB script, uses three key objects: WinHTTPRequest, FIleSystemObject, and ADODB streams. When downloading the definitions there are actually 4 files to download: 2 for the 32-bit architecture, and 2 for the 64-bit architecture.
The first step is to create the directory structure and set some variable to hold the URLs and the path to the folders:
strMSEx86URL = "https://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86"
strMSEx86Location = "E:\defs\Updates\x86\mpam-fe.exe"
strNISX86URL = "https://download.microsoft.com/download/DefinitionUpdates/x86/nis_full.exe"
strNISX86Location = "E:\defs\Updates\x86\nis_full.exe"
strMSEx64URL = "https://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64"
strMSEx64Location = "E:\defs\Updates\x64\mpam-fe.exe"
strNISX64URL = https://download.microsoft.com/download/DefinitionUpdates/amd64/nis_full.exe"
strNISX64Location = "E:\defs\Updates\x64\nis_full.exe"
Next, using the WinHTTPRequest object, we create a connection to the URL and download the first file (in this case, the x86 antimalware definitions):
Set objWINHTTP = CreateObject("WinHttp.WinHttpRequest.5.1")
objWINHTTP.open "GET", strMSEx86URL, false
objWINHTTP.send
We then check to see if the download was successful, and then open the ADODB stream, set the type to binary to store the file on the stream, and then set the stream pointer back to the beginning:
If objWINHTTP.Status = 200 Then
Set objADOStream = CreateObject("ADODB.Stream")
objADOStream.Open
objADOStream.Type = 1 'adTypeBinary
objADOStream.Write objWINHTTP.ResponseBody
objADOStream.Position = 0 'Set the stream position to the start
A limitation of the ADODB stream object is that if the file you are trying to save already exists, the method will throw an error. Before saving the file within the script, use the fileSystemObject to see if the file exists, and if so, delete it:
Set objFSO = Createobject("Scripting.FileSystemObject")
'check if file exists if so delete
If objFSO.Fileexists(strMSEx86Location) Then objFSO.DeleteFile strMSEx86Location
After confirming the file no longer exists, we can save the contents of the ADODB stream we used earlier to the file and then close the stream:
objADOStream.SaveToFile strMSEx86Location
objADOStream.Close
You must then execute this process for each of the remaining files to be downloaded. Once you have created this script and tested it, you can then use the Windows Task Scheduler to run this job three times a day to download the most recent definitions from Microsoft.
References:
WinHTTPRequest : https://msdn.microsoft.com/en-us/library/aa384106(v=VS.85).aspx
objWINHTTP.Status: https://msdn.microsoft.com/en-us/library/aa383887(VS.85).aspx
ADODB Streams: https://msdn.microsoft.com/en-us/library/ms675032(VS.85).aspx
FileSystemObject: https://msdn.microsoft.com/en-us/library/6kxy1a51(VS.85).aspx
Chris Norman
Senior Escalation Engineer, CSS