Educause Security Discussion mailing list archives
Re: Automated/Scripted UnInstall of Symantec AV
From: "Eric C. Lukens" <eric.lukens () UNI EDU>
Date: Mon, 5 Oct 2009 08:56:36 -0500
Sorry for the mess of links that appears below. For many of the releases of SAV, this article points in the right direction, http://it.toolbox.com/blogs/locutus/how-to-silently-and-remotely-remove-symantec-antivirus-14625. You'll still have to check for all the msi product codes that have been in use in your organization. The comments have quite a bit of helpful information as well. If admins have set uninstall passwords for SAV/SEP, you'll want to script some registry removals before attempting the uninstall. Better yet, alter the policies used by SAV/SEP to remove the uninstall password. The following links help with that: http://www-secure.symantec.com/connect/forums/how-uninstall-symantec-endpoint-protection-sep-client-silently-using-command-line http://it.toolbox.com/blogs/locutus/so-many-computers-so-little-time-14632 Overall, your script is going to have a lot of "msiexec.exe /q/x <product code>" in it, with every product code that may have been used. Uninstalling via MSI logic should take care of most machines. There are probably some you'll have to run Cleanwipe or NoNav on, and there are also some scripts written to try and remove all traces of SAV/SEP. I don't know how good or safe they are, but check out the Symantec Forums (http://www-secure.symantec.com/connect/forums) to find them. The Symantec Forums are fairly useful, criticisms of Symantec and their support do not appear to be censored and usually are addressed. Here are some other helpful links: http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008090908381148?Open&seg=ent for more information on SEP removal http://www-secure.symantec.com/connect/forums/how-uninstall-10000-symantec-endpoint-protection-clients#comment-2723101 http://www-secure.symantec.com/connect/forums/uninstalling-sep-remotely http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2006053113361148?Open&seg=ent http://www-secure.symantec.com/connect/forums/how-remove-sep-thoroughly-without-using-cleanwipe http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/0f678b941118266e88257137007044fa?OpenDocument -Eric -------- Original Message -------- Subject: [SECURITY] Automated/Scripted UnInstall of Symantec AV From: Lazerwitz, Ian <ilazerwitz () PACE EDU> To: SECURITY () LISTSERV EDUCAUSE EDU Date: 10/4/09 7:24 PM
Folks - I know it has been discussed before but I am looking for some assistance on the automated removal of SAV 7,8,9,10 and endpoint. We are dumping SAV and our internal groups are telling me that there is no automated or scripted way to remove all versions of SAV and install Forefront. They want to visit every PC, I would prefer not to have to go that route. I have to believe there are some scripts out there to help with this. Any insight would be appreciated, Ian Lazerwitz
-- Eric C. Lukens IT Security Policy and Risk Assessment Analyst ITS-Network Services Curris Business Building 15 University of Northern Iowa Cedar Falls, IA 50614-0121 319-273-7434 http://www.uni.edu/elukens/ http://weblogs.uni.edu/elukens/
Current thread:
- Automated/Scripted UnInstall of Symantec AV Lazerwitz, Ian (Oct 04)
- <Possible follow-ups>
- Re: Automated/Scripted UnInstall of Symantec AV Eric C. Lukens (Oct 05)
- Re: Automated/Scripted UnInstall of Symantec AV Brad Judy (Oct 05)
- Re: Automated/Scripted UnInstall of Symantec AV Russell Fulton (Oct 05)