Kaseya Community

Script to remove Symantec AV v8-10

  • savremove_script.zip
    I wrote a script to uninstall SAV and it seems to work pretty well. It works so well, in fact, I'm wondering whether I've been overlooking something after all these years of struggling with NoNav, etc. Your feedback would be greatly appreciated!

    The script deposits 3 files on the target machine. A text file containing the GUIDs for each of the SAV products to be removed; A .reg file that contains the registry settings to turn off the password requirement for uninstalling SAV; and a short batch file that does all the work.

    The batch file does 3 things: It uses reg.exe to dump the HKLM\...\Uninstall registry entries to a text file; It searches the dump file for each of GUIDs; If it finds one, it imports the .reg file using reg.exe to turn off password protection then runs msiexec.exe to uninstall SAV (using the GUID as the product ID).

    That's it. It can be safely run against any machine. It only uninstalls products found in the GUID text file. And the only problem I've had so far is that occassionally the target will reboot itself after the script runs even though I've set the msiexec.exe flag to suppress reboot.

    I haven't tried it, but I don't see why this technique couldn't be expanded to remove other AV products prior to deploying KES. (Add product IDs to the GUIDs.TXT file. Create a different .reg file to turn off password protection.)

    I've attached a zip file containing the components, including the script.

    Jim Lancaster
    Sagiss, LLC

    Legacy Forum Name: Script to remove Symantec AV v8-10,
    Legacy Posted By Username: jlancaster@sagiss.com
  • Does this work for all Windows operating systems?

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: boudj
  • Good question. I wrote it to run on XP Pro. I requires the presence of both REG.EXE and MSIEXEC.EXE in the search path. I'm not sure when the REG.EXE utility appeared--Was it included with the original XP Pro? Or did it come via SP or update? Did it get pushed out to all Windows OS's?

    My guess is that the script will run fine on Vista and that you'll probably have to copy REG.EXE down to Windows 2000 machines along with the script components to make it work on that OS.

    Jim

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: jlancaster@sagiss.com
  • Sweet! I agree with the nonav fight. This is a great bit of work. Thanks for sharing!

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: ttroyer@emaple.net
  • Here is my version - it sets the reg keys correctly before uninstalling - seems to work fine for me..also removes Live Update...dotn worry about the Version 6 ref below - I believe Symantec use the same value in 7 and 8...

    Script Name: JD - Uninstall Symantec 10.1
    Script Description:

    IF True
    THEN
    Set Registry Value - (Continue on Fail)
    Parameter 1 : HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\AdministratorOnly\Security\LockUnloadServices
    Parameter 2 : 0
    Parameter 3 : REG_DWORD
    OS Type : 0
    Set Registry Value - (Continue on Fail)
    Parameter 1 : HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\AdministratorOnly\Security\UseVPUninstallPassword
    Parameter 2 : 0
    Parameter 3 : REG_DWORD
    OS Type : 0
    Execute Shell Command - (Continue on Fail)
    Parameter 1 : MsiExec.exe /norestart /q/x{33CFCF98-F8D6-4549-B469-6F4295676D83} REMOVE=ALL
    Parameter 2 : 0
    OS Type : 0
    Execute Shell Command - (Continue on Fail)
    Parameter 1 : reg delete HKEY_LOCAL_MACHINE\SOFTWARE\SymantecVolatile /f
    Parameter 2 : 0
    OS Type : 0
    Execute Shell Command
    Parameter 1 : rmdir /s /q "C:\Program Files\Symantec AntiVirus"
    Parameter 2 : 0
    OS Type : 0
    Execute Shell Command
    Parameter 1 : rmdir /s /q "C:\Program Files\Symantec_Client_Security"
    Parameter 2 : 0
    OS Type : 0
    Execute Shell Command - (Continue on Fail)
    Parameter 1 : reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Symantec /f
    Parameter 2 : 0
    OS Type : 0
    Execute Shell Command - (Continue on Fail)
    Parameter 1 : "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE” /U /q
    Parameter 2 : 0
    OS Type : 0
    Execute Shell Command
    Parameter 1 : "C:\Progra~1\Symantec\LiveUpdate\LSETUP.EXE” /U /q
    Parameter 2 : 0
    OS Type : 0
    ELSE

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: jamesdwy
  • ps it runs in silent/quiet mode so no end user prompts - we execute before rolling out KES...

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: jamesdwy
  • jamesdwy
    Here is my version - it sets the reg keys correctly before uninstalling - seems to work fine for me..also removes Live Update...dotn worry about the Version 6 ref below - I believe Symantec use the same value in 7 and 8...

    Script Name: JD - Uninstall Symantec 10.1
    Script Description:

    IF True
    THEN
    Set Registry Value - (Continue on Fail)
    Parameter 1 : HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\AdministratorOnly\Security\LockUnloadServices
    Parameter 2 : 0
    Parameter 3 : REG_DWORD
    OS Type : 0
    Set Registry Value - (Continue on Fail)
    Parameter 1 : HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\AdministratorOnly\Security\UseVPUninstallPassword
    Parameter 2 : 0
    Parameter 3 : REG_DWORD
    OS Type : 0
    Execute Shell Command - (Continue on Fail)
    Parameter 1 : MsiExec.exe /norestart /q/x{33CFCF98-F8D6-4549-B469-6F4295676D83} REMOVE=ALL
    Parameter 2 : 0
    OS Type : 0
    Execute Shell Command - (Continue on Fail)
    Parameter 1 : reg delete HKEY_LOCAL_MACHINE\SOFTWARE\SymantecVolatile /f
    Parameter 2 : 0
    OS Type : 0
    Execute Shell Command
    Parameter 1 : rmdir /s /q "C:\Program Files\Symantec AntiVirus"
    Parameter 2 : 0
    OS Type : 0
    Execute Shell Command
    Parameter 1 : rmdir /s /q "C:\Program Files\Symantec_Client_Security"
    Parameter 2 : 0
    OS Type : 0
    Execute Shell Command - (Continue on Fail)
    Parameter 1 : reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Symantec /f
    Parameter 2 : 0
    OS Type : 0
    Execute Shell Command - (Continue on Fail)
    Parameter 1 : "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE” /U /q
    Parameter 2 : 0
    OS Type : 0
    Execute Shell Command
    Parameter 1 : "C:\Progra~1\Symantec\LiveUpdate\LSETUP.EXE” /U /q
    Parameter 2 : 0
    OS Type : 0
    ELSE


    Hi James,

    Can you repost using CODE tags around the script to eliminate superfluous spacing? Thanks for sharing!

    Michael

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: RCS-Michael
  • Remove SAV.txt
    Attached as txt file

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: jamesdwy
  • jamesdwy

    Execute Shell Command - (Continue on Fail)
    Parameter 1 : reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Symantec /f
    Parameter 2 : 0
    OS Type : 0


    I'm not a big fan of Symantec products, but I'd bet some of their other products also store settings under that branch of the registry.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: derekd
  • Just recreated the script on our Kaseya server, ran it..

    and it promptly broke PC Anywhere.

    So, take note, if there are any other symantec products installed, they could be broken with the script!

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: jrule@cforward.com
  • been looking for a script to use, the removal tool from avg's site doesn't work with symantec antivirus 9. i'll give this a try tomorrow.

    Also, couldn't you just run this as a shell command?

    MsiExec.exe /q /x{848AC794-8B81-440A-81AE-6474337DB527} REMOVE=ALL


    replacing what's in the {}'s with the correct code for the version you're uninstalling?

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: rchiocchio
  • Has anyone been able to come up with a comprehensive list of all the GUID's for removing Symantec Corporate/Endpoint Security? I tried out the script posted at the beginning of the thread, but it often doesn't work. It seems that every minor version number has a different GUID, for example 10.1.5000 and 10.1.5010 have two separate GUID's. The right GUID has to be in the text file or the removal doesn't work.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: Aaron Craft
  • I did some research today, looking at the different versions of SAVCE and SEP installed on our clients machines. I found the following versions, and corresponding GUIDs.

    {33CFCF98-F8D6-4549-B469-6F4295676D83}
    Symantec AntiVirus 10.1.5000.5

    {50E125D1-88E5-48CE-80AE-98EC9698E639}
    Symantec AntiVirus 10.1.6000.6

    {2085C617-589C-40F8-BE40-EDBC9E2CA2EB}
    Symantec AntiVirus 10.1.7000.7

    {3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}
    Symantec Endpoint Protection 11.0.4000.2295


    Hope this helps everyone!

    Lloyd

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: lwolf
  • It looks like they may change the GUID less often than I thought. The GUID I found for 10.1.5010 was the same as your GUID for 10.1.5000.5. I'll post more as I can find them.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: Aaron Craft
  • NoNav 2.49 contains everything you need to remove Symantec AV versions prior to 11.

    Scripts have been posted in here in the past that utilizes NoNav 2.49 to remove Symantec AV without affecting other Symantec software.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: Lmhansen