Monday 10 December 2012

Symantec Endpoint Protection 11 Uninstall with a Password

For Windows x64 with Symantec Endpoint Protection 11
Type: Batch file
@echo on
Net stop smcservice
echo y|NET STOP "Symantec Antivirus"
Net stop ccEvtMgr
Net stop ccSetMgr
Net stop SNAC
REG ADD "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\AdministratorOnly\Security" /v LockUnloadServices /d 0 /t REG_DWORD /f
REG ADD "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\AdministratorOnly\Security" /v UseVPUninstallPassword /d 0 /t REG_DWORD /f
 REG DELETE  "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC" /v SmcInstData /f

msiexec /x  {73CA0462-DD49-495D-A6E5-AC4CF6F5FAC1} /passive /norestart
REM - Remove the /norestart flag for the system to reboot when complete

For Windows x86 with Symantec Endpoint Protection 11
 Type: Batch file
@echo on
Net stop smcservice
echo y|NET STOP "Symantec Antivirus"
Net stop ccEvtMgr
Net stop ccSetMgr
Net stop SNAC
REG ADD "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\AdministratorOnly\Security" /v LockUnloadServices /d 0 /t REG_DWORD /f
REG ADD "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\AdministratorOnly\Security" /v UseVPUninstallPassword /d 0 /t REG_DWORD /f
 REG DELETE  "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC" /v SmcInstData /f
msiexec /x {FA272494-8DEA-43CF-9BFF-652553C04265} /passive /norestart
REM - Remove the /norestart flag for the system to reboot when complete

Basically this script adds a few keys required for the removal of the client, stops all the SEP services, removes the password, then removes the client.  A manual restart will be required to complete the removal.  Dropping the "/norestart" option from the msiexec line will cause the workstation or server to restart.

Here is the WQL language for creating an SCCM 2012 Collection (probably will work in 2007, but not tested) for all systems with SEP 11 installed.   You need to have Asset Intelligence configured to gather all .exe files and inventory them.

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName like "%Symantec Endpoint Protection%" and SMS_G_System_ADD_REMOVE_PROGRAMS.Version like "11.%"
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)