Symantec Endpoint Protection 12 Uninstall with a Password

The following script will uninstall Symantec Endpoint Protection.  I am currently using this with an SCCM deployment as we are migrating to SCEP.  The out-of-the-box uninstall from Microsoft does not work when a password is specified, so I created this little script to do it for me.

For Windows 7 x86 with SEP 12
Type: Batch file

@echo on
c:
CD "C:\Program Files\Symantec\Symantec Endpoint Protection"
smc.exe -stop

REG ADD "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\AdministratorOnly\Security" /v LockUnloadServices /d 0 /t REG_DWORD /f
REG ADD "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\AdministratorOnly\Security" /v UseVPUninstallPassword /d 0 /t REG_DWORD /f

REG DELETE  "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC" /v SmcInstData /f

msiexec /x {F4A73EC6-EFC4-488D-AF1A-F2C3CD1BC072} /passive

For Windows 7 x64 with SEP 12
Type: Batch file

@echo on
c:
CD "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection"
smc.exe -stop

REG ADD "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\AdministratorOnly\Security" /v LockUnloadServices /d 0 /t REG_DWORD /f
REG ADD "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\AdministratorOnly\Security" /v UseVPUninstallPassword /d 0 /t REG_DWORD /f

REG DELETE  "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC" /v SmcInstData /f

msiexec /x {87C925D6-F6BF-4FBD-840B-53BAE2648B7B} /passive

These scripts are identical with the exception of the path to the "smc.exe - stop" command and the uninstall command.


Here is the WQL language for creating an SCCM 2012 Collection (probably will work in 2007, but not tested) for all systems with SEP 12 installed. You need to have Asset Intelligence configured to gather all .exe files and inventory them.

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName like "%Symantec Endpoint Protection%" and SMS_G_System_ADD_REMOVE_PROGRAMS.Version like "12.%"

Symantec Endpoint Protection 11 Uninstall with a Password

For Windows x64 with Symantec Endpoint Protection 11
Type: Batch file

@echo on
Net stop smcservice
echo y|NET STOP "Symantec Antivirus"
Net stop ccEvtMgr
Net stop ccSetMgr
Net stop SNAC

REG ADD "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\AdministratorOnly\Security" /v LockUnloadServices /d 0 /t REG_DWORD /f
REG ADD "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\AdministratorOnly\Security" /v UseVPUninstallPassword /d 0 /t REG_DWORD /f

 REG DELETE  "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC" /v SmcInstData /f

msiexec /x  {73CA0462-DD49-495D-A6E5-AC4CF6F5FAC1} /passive /norestart
REM - Remove the /norestart flag for the system to reboot when complete

For Windows x86 with Symantec Endpoint Protection 11
 Type: Batch file

@echo on
Net stop smcservice
echo y|NET STOP "Symantec Antivirus"
Net stop ccEvtMgr
Net stop ccSetMgr
Net stop SNAC

REG ADD "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\AdministratorOnly\Security" /v LockUnloadServices /d 0 /t REG_DWORD /f
REG ADD "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\AdministratorOnly\Security" /v UseVPUninstallPassword /d 0 /t REG_DWORD /f

 REG DELETE  "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC" /v SmcInstData /f

msiexec /x {FA272494-8DEA-43CF-9BFF-652553C04265} /passive /norestart
REM - Remove the /norestart flag for the system to reboot when complete

Basically this script adds a few keys required for the removal of the client, stops all the SEP services, removes the password, then removes the client.  A manual restart will be required to complete the removal.  Dropping the "/norestart" option from the msiexec line will cause the workstation or server to restart.

Here is the WQL language for creating an SCCM 2012 Collection (probably will work in 2007, but not tested) for all systems with SEP 11 installed.   You need to have Asset Intelligence configured to gather all .exe files and inventory them.

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName like "%Symantec Endpoint Protection%" and SMS_G_System_ADD_REMOVE_PROGRAMS.Version like "11.%"