Tuesday, 11 December 2012

Symantec Endpoint Protection 12 Uninstall with a Password

The following script will uninstall Symantec Endpoint Protection.  I am currently using this with an SCCM deployment as we are migrating to SCEP.  The out-of-the-box uninstall from Microsoft does not work when a password is specified, so I created this little script to do it for me.

For Windows 7 x86 with SEP 12
Type: Batch file


@echo on
c:
CD "C:\Program Files\Symantec\Symantec Endpoint Protection"
smc.exe -stop

REG ADD "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\AdministratorOnly\Security" /v LockUnloadServices /d 0 /t REG_DWORD /f
REG ADD "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\AdministratorOnly\Security" /v UseVPUninstallPassword /d 0 /t REG_DWORD /f

REG DELETE  "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC" /v SmcInstData /f

msiexec /x {F4A73EC6-EFC4-488D-AF1A-F2C3CD1BC072} /passive
For Windows 7 x64 with SEP 12
Type: Batch file
@echo on
c:
CD "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection"
smc.exe -stop

REG ADD "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\AdministratorOnly\Security" /v LockUnloadServices /d 0 /t REG_DWORD /f
REG ADD "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\AdministratorOnly\Security" /v UseVPUninstallPassword /d 0 /t REG_DWORD /f

REG DELETE  "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC" /v SmcInstData /f

msiexec /x {87C925D6-F6BF-4FBD-840B-53BAE2648B7B} /passive


These scripts are identical with the exception of the path to the "smc.exe - stop" command and the uninstall command.


Here is the WQL language for creating an SCCM 2012 Collection (probably will work in 2007, but not tested) for all systems with SEP 12 installed. You need to have Asset Intelligence configured to gather all .exe files and inventory them.

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName like "%Symantec Endpoint Protection%" and SMS_G_System_ADD_REMOVE_PROGRAMS.Version like "12.%"
Posted by at
Labels: ,

5 comments:

  1. Unknown11:50 am, February 13, 2014

    I wanted to let you know that at my organization, the above script worked great. However our versions is reported as SEP 11 (11.0.7000.975) The uninstall password is enforced and would be prompted during the uninstall process using your SEP 11 uninstall script. Using your SEP 12 uninstall script and substituting the product code that we have {5C75DA6D-F5E3-4D4B-A381-B52B8CA5B1CF} worked flawlessly.

    ReplyDelete
  2. JBeam1:02 pm, September 05, 2014

    I still get a prompt for the Password to uninstall, is there something I missed in this?

    ReplyDelete
  3. N74JW7:09 pm, April 08, 2015

    I still get an uninstall password prompt as well. Script does uninstall aside from that.

    ReplyDelete
  4. Unknown1:08 pm, May 01, 2015

    I believe this will only work if Tamper Protection is turned off.

    ReplyDelete
  5. Unknown1:08 pm, May 01, 2015

    I believe this will only work if Tamper Protection is turned off.

    ReplyDelete

Subscribe to: Post Comments (Atom)