Posts Tagged ‘broken smc’

Repair a Broken Symantec Management Client Service

As mentioned in a previous post, a SEP client can have a broken SMC service and you may very well never know that there is anything wrong (unless you use the script found in that post :-) ).  This is the Powershell script that will allow you to remotely repair most of those broken clients.  Again, as with the audit script, you must have admin rights to the computer that you are running this script on.  Since it uses WMI to run a remote process, WMI must also be working properly on the remote computer.

The script will repair one client at a time using the “-compname” parameter.  However, you can modify the script to read a text file by adding another “ForEach” and a “Get-Content” to the script.

#################################################################
#							        #
#- Antivirus SMC service repair for clients with corrupt        #
#     security policies.                                        #
#- Requires a commandline parm of -compname          		#
# - Parms can be changed to accept a list for multiple PCs	#
#								#
#- Written by Jim Melton					#
#								#
#################################################################
 
## Accept computer name from the commandline with -compname
param ([string]$CompName = $(throw "Text Input is Required"))
Write-Host $CompName
 
## Load the System.ServiceProcess .net class, set the Error Action to
## Sliently Continue, and initialize some variables.
[System.Reflection.Assembly]::LoadWithPartialName('system.serviceprocess')
$ErrorActionPreference = "Continue"
$SEPreg = "SOFTWARE\Symantec\Symantec Endpoint Protection\AV"
$SEPhome = "Home Directory"
$SEPinstall = ""
$DefPaths = "SOFTWARE\Symantec\SharedDefs"
$SMCkey = "SOFTWARE\Symantec\Symantec Endpoint Protection\SMC"
$SMCsvc = "Symantec Management Client"
$SEPnetwork = ""
 
## Create a new Pint object to test to see if the remote computer
## is online so the script doesn't bomb, assign -compname to a
## variable and ping the computer.
$ping = New-Object System.Net.NetworkInformation.Ping
$computer = $CompName
$reply = $ping.send($computer)
 
## If the computer replies, open a remote process on the broken computer,
## open the registry (HKLM in this case), and count the SEP registry entries
## to make sure SEP is actually installed.
If ($reply.status -eq 'Success'){
	$remoteProcess = [WmiClass]"\\$computer\ROOT\CIMV2:Win32_Process"
	$OpenRegistry = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey([Microsoft.Win32.RegistryHive]::LocalMachine,$computer)
	$DefsKey = $OpenRegistry.OpenSubKey($DefPaths,$true)
	[int]$ValueCount = $DefsKey.ValueCount
 
	## If SEP is installed and has valid registry entries to get paths from,
	## find the SEP install path, write it to the screen, rename the existing
	## serdef.dat, copy a new serdef.dat, and restart the SMC service using
	## our remote WMI process.
	If ([int]$ValueCount -gt 0){
 
		If ($DefsKey.GetValueNames() -ne $null){
			$SEPpath = $OpenRegistry.OpenSubKey($SEPreg,$true)
			$SEPinstall = $SEPpath.GetValue("$SEPhome")
			$SEPtemp = $SEPinstall.length
			[int]$SEPtemp = [int]$SEPtemp - 3
			$SEPinstall = $SEPinstall.substring($SEPinstall.length - [int]$SEPtemp)
			Write-Host "Symantec Endpoint Protection is installed at $SEPinstall."
			Copy-Item "\\$computer\c$\$SEPinstall\serdef.dat" "\\$computer\c$\$SEPinstall\serdef.old" -Recurse
			$remoteProcess.Create("c:\$SEPinstall\smc.exe -start")
			Write-Host "Starting SMC service."
 
			Write-Host "Finished"
			}
		Else{
			Write-Host "SEP Install Not Found"
			}
	}
	Else{
		Write-Host "Not installed"
	}
}
 
Else{
	Write-Host "Computer is not responding to a ping"
#	}
}