How to install Microsoft Forefront or Security Essentials so it can update while frozen
Posted by Richard Z on 03 June 2013 03:34 PM

The script was tested on Windows XP, 7 (x86/x64) with both the Forefront client 2010, Security Center Endpoint Protection client, and Microsoft Security Essentials. This is not compatible with Windows 8 as this is now integrated into the OS and cannot be uninstalled.  The script must be run as administrator in later versions of Windows.    

1. Uninstall Microsoft Forefront/Security Essentials client, and remove any folders left behind after the uninstallation. There may be residual folders and files under 'ProgramData' (or Documents and Settings\All Users\Application data); the script will fail to create the folder redirection if these folders have lock on them.

2. Install the Deep Freeze client on the workstation if you are using a thawspace. Note, that the thawspace must be >500MB minimum to allow the antivirus updates, and it is strongly recommended to create a separate thawspace just for the antivirus files. The drive letter being used is not important as the script used to perform the mapping will detect the ThawSpace installed on the client machine.

3. Thaw the machine.

4. Open a command prompt, and run as administrator in Windows Vista/7.

5. Please rename the attachment's extension from .abc to .zip so you can extract the .vbs file within.  Run the script "Microsoft AV redirection.vbs" with elevated privileges. This will create the registry keys, folders, and folder redirections, for which administrator rights are required. Verify the folders have been created:

'Program Files\Microsoft Security Client'
'Program Files (x86)\Microsoft Security Client'
'ProgramData\Microsoft Antimalware'
'ProgramData\Microsoft Security Client'

(hint: these will have a special folder icon with a small blue arrow in the bottom left corner in Windows VIsta/7 indicating they are a junction point to another location)

6. Download and install Faronics Data Igloo:

7. Run Data Igloo

8. Under the 'Registry Key Redirection' tab, click to enable 'Redirect registry key changes to', and select the destination. When the script runs, it will create a folder in the thawspace or specified location called '%thawdrive%\Antivirus\Registry'. This should be selected as the default save location.

9. Redirect the following keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft Antimalware
HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft Antimalware setup
HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft Security Client
HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Microsoft Antimalware (only if you are using a Windows Vista/7 64 bit OS)

10. Install the Microsoft client, and system updates.

11. Freeze the machine.

 microsoft av (3.94 KB)
(21 vote(s))
Not helpful

Comments (0)