About implementing a silent installation for Windows

The Symantec Protection Engine silent installation feature in Windows lets you provide the installation parameters on the command line before you run the installation. If you do not specify a value on the command-line, the default value is used.
Input values on the command line lists the input values that you can use on the command line for the silent installation.
Input values on the command line
Input name
Description
RPC_NAS
Type of the NAS device.
Possible values are as follows:
  • Empty string
    NAS device other than NetApp.
    This is the default value.
  • 1
    NetApp device that communicates over RPC protocol.
NAS_DEPLOYMENT
Possible values are as follows:
  • 0
    7 Mode NAS device.
  • 1
    Cluster Mode NAS device.
  • 2
    Cluster and 7-Mode both.
    This is the default value.
INSTALLDIR
The location to install Symantec Protection Engine.
The default location is
\"c:\Program Files\Symantec\Scan Engine\"
for Windows platform
AUTHENTICATIONMODE
The authentication mode for accessing Symantec Protection Engine console.
Possible values are as follows:
  • AD
    Use this value if you want to use Windows Active Directory-based authentication.
  • SSE
    Use this value if you want to use Symantec Protection Engine-based authentication.This value is the default value.
  • To enable the AD- based (LDAP) authentication, make sure you have provided
    ENABLE_LDAP_AUTHENTICATION=true
    and
    AUTHENTICATIONMODE="AD"
    .
    • Both
      ENABLE_LDAP_AUTHENTICATION
      and
      AUTHENTICATIONMODE
      parameters are required. Ensure that you have provided
      LDAP_URL
      ,
      LDAP_PORT
      ,
      LDAP_BASE_DN
      ,
      LDAP_GROUP_DN
      value for complete LDAP based authentication configuration.
    • LDAP_SSL_ENABLED is required only if secure connection is required with LDAP server.
ENABLE_LDAP_AUTHENTICATION
The authentication mode for accessing Symantec Protection Engine console.
Enables or disables the Windows Active Directory-based authentication in Symantec Protection Engine. It is used for authentication with REST API service. The same authentication mode is used to configure the Symantec Protection Engine console.
Possible values are as follows:
  • true:
    Use this value if you want to enable Windows Active Directory-based authentication.
  • false:
    Use this value if you want to disable Windows Active Directory-based authentication. This is the default value.
  • To enable the AD- based (LDAP) authentication, make sure you have provided
    ENABLE_LDAP_AUTHENTICATION=true
    and
    AUTHENTICATIONMODE="AD"
    .
    • Both
      ENABLE_LDAP_AUTHENTICATION
      and
      AUTHENTICATIONMODE
      parameters are required. Ensure that you have provided
      LDAP_URL
      ,
      LDAP_PORT
      ,
      LDAP_BASE_DN
      ,
      LDAP_GROUP_DN
      value for complete LDAP based authentication configuration.
    • LDAP_SSL_ENABLED is required only if secure connection is required with LDAP server.
GROUP_NAME
The fully qualified security group name in the Domain\Groupname format.
This parameter is required when the authentication mode is set to Windows Active Directory-based authentication.
During installation if value is not entered for this parameter, then you must go to configuration.xml and enter a valid security group name in correct format.
ENCRYPTED_PASSWORD
The encrypted password for the administrative account that you use to manage Symantec Protection Engine using the Symantec Protection Engine-based authentication. This parameter is required when the authentication mode is set to Symantec Protection Engine-based authentication.
The default password is
ChangeMe@123
.
USERUPGRADESELECTION
Specifies that the installation is an upgrade.
Possible values are as follows:
  • UPGRADE
    Use this value to preserve your existing settings. All other input values are ignored.
  • CLEAN
    Use this value to uninstall and reinstall the product. Configure the input values that you want to modify.
ADMIN_PORT
The port number on which the Web-based console listens.
The default port number is 8004.
SSL_PORT
The Secure Socket Layer (SSL) port number on which encrypted files are transmitted for increased security.
The default port number is 8005.
ENABLE_URL_FILTERING
Enables URL Filtering and downloading of the URL definitions.
Possible values are as follows:
  • true: Use this value if you want to enable URL filtering in filtering mode and Download URL definitions.
  • false: Use this value if you want to disable URL Filtering and Definition Download.
    This value is the default value.
ENABLE_URL_REPUTATION
Enables URL Reputation
Possible values are:
  • true:
    Enables URL Reputation and downloads URL definitions.
  • false:
    Disables URL Reputation
SSE_SERVICE _ACC_PWD
The password for the service account if the previous Symantec Protection Engine's service account is not Local System.
This parameter is valid only for an upgrade where you preserve your existing settings. When you install Symantec Protection Engine the service does not start if this parameter is incorrect. Once the installation is complete, you should type the correct service account password and start the service manually.
UPDATE_SERVER
Enter the LiveUpdate server name or IP address to which you want to connect.
This parameter is valid only for an upgrade where you preserve your existing settings. The default value is liveupdate.symantec.com.
UPDATE_SERVER_PORT
Enter the LiveUpdate server port number.
This parameter is valid only for an upgrade where you preserve your existing settings. The default value is 80.
UPDATE_SERVER_PATH
Enter the directory path on the LiveUpdate server that contains the LiveUpdate packages.
This parameter is valid only for an upgrade where you preserve your existing settings. If you do not specify a value, the default is blank.
UPDATE_SERVER_PROXY_NAME
Enter the LiveUpdate proxy server name or IP address.
This parameter is valid only for an upgrade where you preserve your existing settings. If you do not specify a value, the default is blank.
UPDATE_SERVER_PROXY_PORT
Enter the LiveUpdate proxy server port number.
This parameter is valid only for an upgrade where you preserve your existing settings. The default value is 0.
DEPLOYMENT
Enter the application type.
Possible values are as follows:
  • 0 for Email Server
  • 1 for Proxy/Web cache server
  • 2 for Other Application
    This is the default value.
APPLICATIONNAME
Enter the name of the application for which Symantec Protection Engine will be used. This parameter will be considered only if
DEPLOYMENT
value is
2 (Other Application)
.
INSIGHTAGGRESSIONLEVEL
Enter the Insight aggression level.
Possible values are:
  • 0 (Known Bad)
  • 1 (Low)
  • 2 (Medium)
    This is the default value.
  • 3 (High)
The Insight aggression level defines how sensitive the Symantec Insight feature is to a file's reputation score.
ENABLEJAVAUI
Lets you continue to use the Core server with user interface feature.
This parameter is required only in case of preserve upgrade scenario.
Possible values are:
  • true: Use this value if Java based applet user interface is enabled in earlier installed version and if you want to keep it enabled, otherwise it will get disabled. This method requires JRE to be installed.
  • false: Use this value if you want to use the Core server only mode.
    This method does not require JRE to be installed.
The default value is, false.
Enables URL Reputation
Possible values are:
  • true:
    Enables URL Reputation and downloads URL definitions.
  • false:
    Disables URL Reputation
ENABLERESTAPI
Enables/disables the REST API Service in SPE.
true/false, true
JAVA_INSTALL_LOCATION
Java location needed to start REST API service format.
For Windows Valid path to java location along with java binary name e.g. "Java_install_location\bin\java.exe"
By default, it is blank.
RESTAPI_SERVICE_PORT
REST Service port.
Integer value between 1 and 65535
The default value is 8008.
LDAP_URL
Active Directory URL.
Active Directory URLExample: server.example.com
By default, empty.
LDAP_PORT
Active Directory Port.
Integer value between 1 and 65535389 : default port for non-SSL LDAP636 : default port for SSL LDAP
By default, 389
LDAP_BASE_DN
Active Directory Base DN.
Base DN in string Example : dc=example,dc=com
By default, empty.
LDAP_GROUP_DN
Active Directory group DN.
Group DN  string Example:cn=testgroup,dc=example,dc=com
By default, empty.
LDAP_SSL_ENABLED
Enables/disables the secure connection with configured Active Directory server.
true/false
false
  • Make sure you provide 'JavaLocation' value in silent install parameter list when EnableRestAPI or EnableJavaUI value is set to 'true'.
  • Requirement for ENCRYPTED_PASSWORD (on Windows) value: Hashed value of password needed.
    Password complexity rules are now implemented and now the password must meet below requirements:
    • Minimum 8 characters and maximum 40 characters long
    • At least one lowercase character (a through z)
    • At least one uppercase character (A through Z)
    • At least one numeral (0 through 9)
    • At least one special character from !, @, #, $, %, ^, &, *
    If this password parameter is not provided during the silent installation, default password is set to 'ChangeMe@123'. It is recommended to change this password after the installation.
  • Applet-based Java UI is now deprecated and will not be enabled by default during the fresh or clean upgrade installation. During the preserve upgrade, if you have enabled Java Applet based UI, you are prompted to specify whether you want to enable or disable this feature.