Kaseya Community

I need a working Symantec removal script

  • Does anyone know of a working Symantec Endpoint Protection 11 removal Script?

  • We've considered creating removal scripts to eradicate competative products, but through all of our testing it turns out to be fraught with too many variables for us to control and support.  

    The best we can do is to recommend using the vendor's removal tools--which in the case of Symantec EP11--turns out to be a bit tougher to get a hold of than other Symantec products.  View the link below for more information:

    www.symantec.com/.../endpoint-removal-tool

    Sorry, I don't have a silver bullet for this one.  But that's not to say we've given up looking.  If anybody out there stumbles across a universal AV removal tool (similar to "crapcleaner" or Ninite, but in reverse) let me know and I'll look into it.  

    Jeff Keller

    Product Manager

    Kaseya

  • I just had great luck using a tool from Symantec called SEPprep.  It consists of an exe file and an ini file.  You have to customise the ini file and upload both to the VSA.  Then write a procedure that copies both files (write file) to the endpoing and executes the exe file (you can use the -silent switch.  I threw in a final step to reboot the computer at the end.  I tried not doing the reboot but ran into trouble, so I recommend the reboot at the end.  Here is a link to the files  

    www.symantec.com/.../sepprep

    The original purpose of this tool was to remove competitor products before installing SEP, but they threw in theor own products to make upgrades easier.  It claims to uninstall many different packages.

    Give it a try and good luck,

    Mike

  • Very interesting stuff, thanks

  • I have used this in the past. Email me so i can send you the two EXEs in the script. We've had great success with it. But try it first and see how it works for you. Even though it says SAV it also works for SEP.

     

    Enjoy... 

     

    <?xml version="1.0" encoding="utf-8"?>

    <ScriptExport xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.kaseya.com/vsa/2008/12/Scripting">

      <Procedure name="SAV Uninstall" treePres="3" id="934018010">

        <Body description="AL™&#xA;Silent Uninstall of SAV Versions 7-11 Client &amp; LiveUpdate. Reboot is recommended after running the script.">

          <If description="AL™&#xA;Silent Uninstall of SAV Versions 7-11 Client &amp; LiveUpdate. Reboot is recommended after running the script.">

            <Condition name="True" />

            <Then>

              <Statement description="Use the user logon credentials set for the machine ID to execute a file or shell command - Windows 2000 and above only." name="UseCredential" continueOnFail="false" osType="Windows" />

              <Statement description="" name="WriteFile" continueOnFail="false" osType="NT4|2000|XP|2003|Vista|2008">

                <Parameter xsi:type="StringParameter" name="Path" value="c:\temp\Regfind.exe" />

                <Parameter xsi:type="StringParameter" name="ManagedFile" value="VSASharedFiles\Regfind.exe" />

                <Parameter xsi:type="BooleanParameter" name="DeleteAfter" value="False" />

              </Statement>

              <Statement description="" name="WriteFile" continueOnFail="false" osType="NT4|2000|XP|2003|Vista|2008">

                <Parameter xsi:type="StringParameter" name="Path" value="c:\temp\SymantecReg.exe" />

                <Parameter xsi:type="StringParameter" name="ManagedFile" value="VSASharedFiles\SymantecReg.exe" />

                <Parameter xsi:type="BooleanParameter" name="DeleteAfter" value="False" />

              </Statement>

              <Statement description="" name="ExecuteFile" continueOnFail="false" osType="NT4|2000|XP|2003|Vista|2008">

                <Parameter xsi:type="StringParameter" name="Path" value="c:\temp\SymantecReg.exe" />

                <Parameter xsi:type="StringParameter" name="Arguments" value="/B" />

                <Parameter xsi:type="EnumParameter" name="ExecuteAccount" value="User" />

                <Parameter xsi:type="BooleanParameter" name="WaitComplete" value="True" />

              </Statement>

              <Statement description="" name="GetVariable" continueOnFail="false" osType="NT4|2000|XP|2003|Vista|2008">

                <Parameter xsi:type="EnumParameter" name="VariableType" value="FileContent" />

                <Parameter xsi:type="StringParameter" name="SourceContent" value="c:\temp\sym_reg_key.txt" />

                <Parameter xsi:type="StringParameter" name="VariableName" value="UKEY" />

              </Statement>

              <Statement description="" name="ExecuteShellCommand" continueOnFail="false" osType="NT4|2000|XP|2003|Vista|2008">

                <Parameter xsi:type="StringParameter" name="Command" value="reg add HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\AdministratorOnly\Security /v LockUnloadServices /t REG_DWORD /d 00000000 /f" />

                <Parameter xsi:type="EnumParameter" name="ExecuteAccount" value="System" />

                <Parameter xsi:type="BooleanParameter" name="Is64Bit" value="False" />

              </Statement>

              <Statement description="" name="ExecuteShellCommand" continueOnFail="false" osType="NT4|2000|XP|2003|Vista|2008">

                <Parameter xsi:type="StringParameter" name="Command" value="reg add HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\AdministratorOnly\Security /v UseVPUninstallPassword /t REG_DWORD /d 00000000 /f" />

                <Parameter xsi:type="EnumParameter" name="ExecuteAccount" value="System" />

                <Parameter xsi:type="BooleanParameter" name="Is64Bit" value="False" />

              </Statement>

              <Statement description="" name="ExecuteFile" continueOnFail="false" osType="NT4|2000|XP|2003|Vista|2008">

                <Parameter xsi:type="StringParameter" name="Path" value="msiexec.exe" />

                <Parameter xsi:type="StringParameter" name="Arguments" value="/norestart /q /x#UKEY# REMOVE=ALL" />

                <Parameter xsi:type="EnumParameter" name="ExecuteAccount" value="System" />

                <Parameter xsi:type="BooleanParameter" name="WaitComplete" value="True" />

              </Statement>

              <Statement description="" name="ExecuteFile" continueOnFail="true" osType="NT4|2000|XP|2003|Vista|2008">

                <Parameter xsi:type="StringParameter" name="Path" value="C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" />

                <Parameter xsi:type="StringParameter" name="Arguments" value="/u /q" />

                <Parameter xsi:type="EnumParameter" name="ExecuteAccount" value="System" />

                <Parameter xsi:type="BooleanParameter" name="WaitComplete" value="True" />

              </Statement>

              <Statement description="" name="WriteScriptLogEntry" continueOnFail="false">

                <Parameter xsi:type="StringParameter" name="Comment" value="Symantec Anti-Virus has been removed." />

              </Statement>

            </Then>

          </If>

        </Body>

      </Procedure>

    </ScriptExport>

  • Thanks rattrap!

  • Hello, could I have the files to help with the uninstall please.

  • I too, would like to know how I can get those two executables. Thanks!

  • Does this software require a license? (does it cost money?)

  • **Disregard my last question**

    rattrap, can you send me those files too? (etabush@tabush.com)

  • rattrap,

    Could you email a copy of those files to me to evaulate?  Thanks.  support@crusolutions.com

  • you can download it from

    www.symantec.com/.../sepprep

  • managed to get the latest version 11 off with the following

     

     

  • NIKNAKS456,

    Thanks for the snippet.  I have tried the code and it fails on step 3.  I am testing it on a Window 7 32-bit machine.  I'm not sure I am dealing with the UAC correctly.

    What operating systems has that script worked on for you?

    Rick R.

  • Holy crap... thank you for the heads up on SepPrep. If it works as advertised, this will be massively valuable to MSP's.