My company is getting rid of Symantec Anti-virus. The final kick in the shins was the new software they brought out called “Symantec Endpoint Protection”. I’m not exactly sure what Symantec was thinking when they brought out this product, but the old Symantec Corporate Server was much easier to administer. The new product just seems to go out of your way to make itself difficult – from installing to reviewing what sort of viruses are found. Anyways, couple that with the 92% virus detection rate that Symantec supposedly has, and you wind up with one heck of a crappy product.In any case, the uninstallation of Symantec was quite a chore. I found a few articles on how to remove it using some Symantec tools – but the tools (just like the Antivirus product) were either not present or didn’t function properly. Next I found an article on how to manually remove Symantec by running the uninstall wizard from a command prompt. After reviewing how this worked for a bit, I wrote a short vb script that basically finds the registry key for the Symantec Endpoint Protection, and then issues the command to uninstall the program. It also leaves entries into the Application event log on what the script is currently doing.
Be aware that as soon as the uninstall is completed, the computer will reboot (it took about 2-3 minutes on average for the uninstall to complete). Note also that sometimes the script can say that it failed to remove the program, I think that just happens because the computer reboots before it can send the “ok” back to the uninstall script (Basically as long as the shield is gone, it’s removed).
Once you have the script, you simply set it up to run as a script to run through Group Policy. Create a new Group Policy and then do Computer Configuration–>Windows Settings–>Scripts–>Startup. Then just add the script. This will make the uninstallation of Symantec occur the next time the computers under that Group Policy are started up. You probably should send an email to those users though and inform them that you are removing Symantec and that upon the next reboot of their computer it wil automatically reboot again after two to three minutes of starting up (again, since the Symantec reboots the machine after it is uninstalled).
One last note – make sure you remove the uninstall password from the program, otherwise the uninstall script will fail to uninstall the program.
How to remove symantec endpoint protection 11 Uninstallation password
in SEPM console go to Clients--->The group which you required to remove/change uninstallation password---->policies(right side)--->General settings--->security settings.
You will get the option here.
copy below code in notepad & rename it to SymantecUninstall.vbs
Option Explicit
const HKEY_LOCAL_MACHINE = &H80000002
dim ProductName, ProductKey
'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sub GetSymantecProductKey()
dim oReg, sPath, aKeys, sName, sKey
Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
sPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
oReg.EnumKey HKEY_LOCAL_MACHINE, sPath, aKeys
For Each sKey in aKeys
oReg.GetStringValue HKEY_LOCAL_MACHINE, sPath & "\" & sKey, "DisplayName", sName
If Not IsNull(sName) Then
if (sName = "Symantec Endpoint Protection") then
ProductKey = sKey
ProductName = sName
end if
end if
Next
end sub
'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sub RemoveSymantec(key, name)
dim cmd, objShell, iReturn
cmd = "C:\windows\system32\msiexec.exe /q/x " & key
set objShell = wscript.createObject("wscript.shell")
objShell.LogEvent 0, "Removing the program [" & name & "] under Product Key [" & key & "]" & vbCrLf & "Executing command: " & vbCrLf & cmd
iReturn=objShell.Run(cmd,1,TRUE)
if (iReturn = 0) then
objShell.LogEvent 0, "Program [" & name & "] was successfully removed"
else
objShell.LogEvent 0, "Failed to remove the program [" & name & "]."
end if
Set objShell = Nothing
end sub
'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ProductKey = ""
ProductName = ""
call GetSymantecProductKey()
if Not (ProductKey = "") then
call RemoveSymantec(ProductKey, ProductName)
end if
it works fine with WinXP. believe me i tried it, works well.
Be aware that as soon as the uninstall is completed, the computer will reboot (it took about 2-3 minutes on average for the uninstall to complete). Note also that sometimes the script can say that it failed to remove the program, I think that just happens because the computer reboots before it can send the “ok” back to the uninstall script (Basically as long as the shield is gone, it’s removed).
Once you have the script, you simply set it up to run as a script to run through Group Policy. Create a new Group Policy and then do Computer Configuration–>Windows Settings–>Scripts–>Startup. Then just add the script. This will make the uninstallation of Symantec occur the next time the computers under that Group Policy are started up. You probably should send an email to those users though and inform them that you are removing Symantec and that upon the next reboot of their computer it wil automatically reboot again after two to three minutes of starting up (again, since the Symantec reboots the machine after it is uninstalled).
One last note – make sure you remove the uninstall password from the program, otherwise the uninstall script will fail to uninstall the program.
How to remove symantec endpoint protection 11 Uninstallation password
in SEPM console go to Clients--->The group which you required to remove/change uninstallation password---->policies(right side)--->General settings--->security settings.
You will get the option here.
copy below code in notepad & rename it to SymantecUninstall.vbs
Option Explicit
const HKEY_LOCAL_MACHINE = &H80000002
dim ProductName, ProductKey
'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sub GetSymantecProductKey()
dim oReg, sPath, aKeys, sName, sKey
Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
sPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
oReg.EnumKey HKEY_LOCAL_MACHINE, sPath, aKeys
For Each sKey in aKeys
oReg.GetStringValue HKEY_LOCAL_MACHINE, sPath & "\" & sKey, "DisplayName", sName
If Not IsNull(sName) Then
if (sName = "Symantec Endpoint Protection") then
ProductKey = sKey
ProductName = sName
end if
end if
Next
end sub
'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sub RemoveSymantec(key, name)
dim cmd, objShell, iReturn
cmd = "C:\windows\system32\msiexec.exe /q/x " & key
set objShell = wscript.createObject("wscript.shell")
objShell.LogEvent 0, "Removing the program [" & name & "] under Product Key [" & key & "]" & vbCrLf & "Executing command: " & vbCrLf & cmd
iReturn=objShell.Run(cmd,1,TRUE)
if (iReturn = 0) then
objShell.LogEvent 0, "Program [" & name & "] was successfully removed"
else
objShell.LogEvent 0, "Failed to remove the program [" & name & "]."
end if
Set objShell = Nothing
end sub
'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ProductKey = ""
ProductName = ""
call GetSymantecProductKey()
if Not (ProductKey = "") then
call RemoveSymantec(ProductKey, ProductName)
end if
it works fine with WinXP. believe me i tried it, works well.
No comments:
Post a Comment