Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

How to Uninstall Symantec Endpoint Client If Uninstall Password is in place

Created: 09 Nov 2010 • Updated: 17 Nov 2010 | 17 comments
Language Translations
Rafeeq's picture
+20 20 Votes
Login to vote

 

Sometimes its hard to uninstall SEP client if uninstall password is lost or SEPM is down.
In such cases you may follow these steps
 
Start - Run
type smc -stop ( If it prompts for password; navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC, delete the smcexit key and then type smc -stop)
 
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC
look for smcinstdata key; delete it
 
go to add/remove program and uninstall the client..
 
I know its simple procedure; but sure will help few :) 

Comments 17 CommentsJump to latest comment

supportsib2's picture

I dont want to uninstall i need to just disable  without prompting password , is that possible 

0
Login to vote
Rafeeq's picture

from your script

you first need to delete the key smcexist 

then try the smc -stop

that wil do 

+2
Login to vote
AravindKM's picture

Nice finding

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

0
Login to vote
Symantec World's picture

Hello Rafeeq,

 

What we can do If the password in place and also we have removed SEPM and donno the password?

How could we stop the service of SMC without deleting smcexist entry?

Regards, M.R

0
Login to vote
Mithun Sanghavi's picture

Nice Finding.

Excellent Work...

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

0
Login to vote
4400's picture

Do I need uninstall the SEP client older version before upgrade the SEE to latest version?

0
Login to vote
Rafeeq's picture

No, symantec endpoint encryption and sep can work together.

0
Login to vote
Alex Gibson's picture

Thank you.  I will script this out and add this...

msiexec.exe /norestart /x{insert product code here} REMOVE=ALL /qn

... and move on with my day.

0
Login to vote
kenthebarber's picture

can you please give give the uninstall password

0
Login to vote
Prem.Canda's picture

try the default one it should be symantec

0
Login to vote
Mrgud's picture

I deleted symantec antivirus a while ago, but now I can't install another antivirus program because it asks me to remove symantec. When I try to remove it in "add/remove programs" a message prompts: "The installation source for this product is not available. Verify that the source exist and that you can access it."

In "search" option I can't find symantec on my computer, but still can't install another antivirus becouse of it.

I tried smc-stop in run I saw abowe, but it say "windows cannot find "smc-stop".

Wat is wrong with it?

0
Login to vote
Shadi.A's picture

you can use Cleanwipe removal tool to uninstall SEP.

Please call Tech support to get Cleanwipe tool

Regional Support Telephone Numbers:

United States: 800-342-0652 (407-357-7600 from outside the United States)
Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
United Kingdom: +44 (0) 870 606 6000
Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp

0
Login to vote
spedyonthehil's picture

I beleive I have a trail version that was left on my machines that I need to remove.

I tried to go into hkey path you showed, only to find a SMC_exit_test

instead of removing, I added xxx to the front of the two key names to devalue them. went to uninstall programs and it is still asking for a password..?

any other ideas?

 

 

 

 

0
Login to vote
ABN's picture

This looks like a configuration vulnerabilty. This can be preveneted by using the default Application and Device control policy >> Protect client files and regisry keys. With this any access / modifcation to Symantec's registry can be prevented.

0
Login to vote
hforman's picture

VERY good point.  We sometimes assume that people in this forum all all SEP administrators.  However, there can be plain old end users in here looking for ways to circumvent their company's SEP policies.  Where I am here, the users cannot modify the SEP 12.1 registry even if they are a system administrator and they can't do anything to remove or disable SEP as we have Tamper Protection on.

 

I caught an executive that has administrator capabilities trying to disable SEP but he failed and it was logged.  The correct answer should be to tell them to contact the SEP administrator or to use cleanwipe if they are allowed to receive it.  For temporary disable, the administrator should be able to move them into a group with tamper protection turned off.  Very RARELY does this need to be done.

0
Login to vote