Manually uninstall Endpoint Protection 11 clients on Windows Vista, 7 or Windows Server 2008 (32-bit)

Article:TECH102286  |  Created: 2007-01-02  |  Updated: 2014-11-21  |  Article URL http://www.symantec.com/docs/TECH102286
Article Type
Technical Solution


Environment

Issue



This article describes how to manually uninstall Symantec Endpoint Protection client from 32-bit versions of Windows Vista, Windows 7, and Windows 2008.


Solution



 


Warning: These removal steps can disable other Symantec products that are installed on the computer. It is recommended that all Symantec products be uninstalled by using Add or Remove Programs before starting this process.




Log on as Administrator
Manual removal of Symantec Endpoint Protection must be done from the Administrator account. To enable the Administrator account, read the following document from the Microsoft Knowledge Base: Enable and Disable the Built-in Administrator Account.

When the Administrator account is enabled, log on to that account.

Stop Symantec Endpoint Protection

  1. Click Start > Run.
  2. Type msconfig
  3. Click OK.
  4. On the Startup tab, uncheck Symantec Security Technologies.
  5. In the Services tab, uncheck the following (not all may be present):
    • Symantec Event Manager
    • Symantec Settings Manager
    • LiveUpdate
    • Symantec Management Client
    • Symantec Network Access Control
    • Symantec Endpoint Protection
  6. Click OK, and then restart the computer.
  7. After the computer starts up, an alert appears. Check the box and click OK.



Remove the Teefer2 driver

  1. Click Start > Settings > Control Panel > Network Connections.
  2. Click a connection.
  3. In the dialog, click Properties.
  4. Select Teefer2 Driver and click Uninstall.
  5. You will need to repeat these steps for each Network Connection.
  6. Restart the computer.


Remove Symantec Endpoint Protection from the registry

  1. Click Start > Run.
  2. Type regedit and Click OK.
  3. In the Windows registry editor, in the left pane, delete the following keys if they are present. If one is not present, proceed to the next one.
    • HKEY_CLASSES_ROOT\*\Shellex\ContextMenuHandlers\LDVPMenu
    • HKEY_CURRENT_USER\Software\Symantec\Symantec Endpoint Protection
    • HKEY_LOCAL_MACHINE\SOFTWARE\Sygate Technologies, Inc.
    • HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps, SAVCE value only
    • HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection
    • HKEY_LOCAL_MACHINE\SOFTWARE\Whole Security
    • HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdate
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SevInst
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccEvtMgr
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccSetMgr
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eeCtrl
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EraserUtilRebootDrv
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LiveUpdate
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NAVENG
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NAVEX15
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SmcService
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNAC
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SnacNp
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPBBCDrv
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SRTSP
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SRTSPL
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SRTSPX
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Symantec AntiVirus
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SymEvent
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMREDRV
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMTDI
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Teefer2
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wps
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WpsHelper
    • HKEY_LOCAL_MACHINE\SYSTEM\Symantec
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ccSvcHst
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\LiveUpdate
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SescLU
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Symantec AntiVirus
  4. Navigate to the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
  5. Select Uninstall.
  6. Select Edit
  7. Click Find.
  8. Type symantec
  9. Click Find Next.
    A value appears in the right pane that includes the word Symantec, in a key that is still in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall.
    If the key that is selected is still in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, delete the key (in the left pane), and then repeat the search.
    If the key that is selected is not in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, continue to the next step.
  10. Remove any values with "Symantec" in the path from the following key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
  11. Search for the following strings, and delete any registry keys that contain them:
    • 331D64B67B1D6024FAD99FA7FAAE8F3
    • Vpshell2
    • VpShellEx
  12. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\.
  13. Under the following registry keys, delete the registry key 12AD9A2D657B7654F96A2EA43F3166B3:
    • 0E3118066B3FEE6C0AF18C3B9B1A1EE8
    • 2A31EAB9FA7E3C6D0AF18C3B9B1A1EE8
    • 6EC3DF47D8A2C9E00AF18C3B9B1A1EE8
    • 7ABFE44842C12B390AF18C3B9B1A1EE8
    • C9AE13788D0B61F80AF18C3B9B1A1EE8
    • DA42BC89BF25F5BD0AF18C3B9B1A1EE8



Remove Symantec Endpoint Security files and folders

  1. Restart the computer into Safe Mode. To enter Safe Mode on Windows Vista and Windows 7, read the Microsoft article Start your computer in safe mode.
  2. In Safe Mode, log on as the Administrator account.
  3. Delete the following files and folders. If a file or folder is not present, proceed to the next one.
    • C:\Program Files\Symantec\Symantec Endpoint Protection (Or the appropriate directory if you installed in a different one)
    • C:\Program Files\Symantec\LiveUpdate (Or the appropriate directory if you installed in a different one)
    • C:\Program Files\Symantec\ (Or the appropriate directory if you installed in a different one)
    • C:\Program Files\Common Files\Symantec Shared
    • C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
    • C:\ProgramData\Symantec
  4. Delete the following driver files in C:\Windows\System32\drivers. In all cases delete the files with the extensions .sys, .cat, and .inf with the following prefixes:
    • Coh_Mon
    • SrtSp
    • SrtSp64
    • SrtSpl
    • SrtSpl64
    • SrtSpx
    • SrtSpx64
    • SymDns
    • SymDns64
    • SymEvent
    • SymEvent64x86
    • SymFw
    • SymIds
    • SymNdis
    • SymNdisv
    • SymRedir
    • SymRedrv
    • SymTdi
    • SysPlant
    • Teefer2
    • Wgx
    • WpsDrvnt
    • WpsHelper
  5. Delete the following driver files in both C:\Windows\System32 and C:\Windows\SysWOW64:
    • BugslayerUtil.dll
    • Cba.dll
    • FwsVpn.dll
    • Loc32Vc0.dll
    • MsgSys.dll
    • Nts.dll
    • Pds.dll
    • SysFer.dll
    • SymVPN.dll
  6. Go to C:\Windows\Installer\.
  7. For each file in C:\Windows\Installer, right-click the file and select Properties.
  8. On the Summary tab, check to see whether the file was created by Symantec. If it was, delete the file.
  9. Repeat steps 6-9 for every file in the folder.


Remove the Teefer driver

  1. Click Start > Search, type cmd, and press Ctrl+Shift+Enter to start a command prompt with Administrator privileges.
  2. Type pnputil -e to list the Symantec drivers in the driver store.
  3. Type pnputil -f -d oem<n>.inf to remove Symantec drivers from driver store, where <n> is a number corresponding to one of the Symantec drivers listed in the previous step.
  4. Type exit to close the command prompt.
  5. In the Windows registry editor, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}.
  6. Delete any keys that have a value of ComponentId that is set to symc_teefer2mp.
  7. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}.
  8. Delete any sub keys that have a name containing SYMC_TEEFER2MP.
  9. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{cac88424-7515-4c03-82e6-71a87abac361}.
  10. Delete any sub keys that have a name containing SYMC_TEEFER2MP.
  11. Close the Windows Registry Editor.
  12. In the Device Manager (devmgmt.msc), go to Network Adapters, and delete all entries with "teefer" in them.
  13. Delete any network adapters to which teefer was attached.
    This causes the adapters to be reinstalled. This step must be done in order for there to be network connectivity after you restart the computer.
  14. Restart the computer into normal mode.




References
"Enable and Disable the Built-in Administrator Account" at:

http://technet2.microsoft.com/WindowsVista/en/library/9fe3a3eb-01ec-47d4-abac-227bd6d8490f1033.mspx

"Start your computer in Safe Mode" at:
http://windowshelp.microsoft.com/Windows/en-US/Help/323ef48f-7b93-4079-a48a-5c58eec904a11033.mspx

____________________________________
This document is available in the following languages:


 



Legacy ID



2007080209280848


Article URL http://www.symantec.com/docs/TECH102286


Terms of use for this information are found in Legal Notices