Endpoint Protection Small Business Edition

 View Only
Expand all | Collapse all

Force Uninstall SEP with Tamper Protection

d4ry1

d4ry1May 06, 2015 08:45 AM

  • 1.  Force Uninstall SEP with Tamper Protection

    Posted May 06, 2015 08:34 AM

    Hi,

    We removed an SEPM Server from our production Server, without knowing that there are clients that are reporting on that  SEPM with tamper protection. So now we can't remove the tamper protection because the SEPM Server was already removed. Is there any way that we can force uninstall those clients remotely?

    Our objective is to uninstall the agents then reinstall it with the new one, so it'll report to the new SEPM.

    We already tried to just use the communication settings, it's not working, so we need to reinstall with an SEP agent  from the new  SEPM Server, but the tamper protection is hindering us.

     

    Thank you,



  • 2.  RE: Force Uninstall SEP with Tamper Protection

    Posted May 06, 2015 08:36 AM

    Should uninstall fine with tamper protection enabled. Just uninstall as you normally would. Or use cleanwipe.

    Tamper protection only stops changes to core SEP file/registry entries. Shouldn't stop re-installs. At least I've never had this problem.



  • 3.  RE: Force Uninstall SEP with Tamper Protection

    Broadcom Employee
    Posted May 06, 2015 08:41 AM

    Hi,

    Thank you for posting in Symantec community.

    Why communication update package is failing? SEPM is on RU5 version?
     



  • 4.  RE: Force Uninstall SEP with Tamper Protection

    Posted May 06, 2015 08:45 AM

    Yes it's RU5.



  • 5.  RE: Force Uninstall SEP with Tamper Protection

    Posted May 06, 2015 08:46 AM

    Is it possible to run cleanwipe using SepPrep silently or automatically?



  • 6.  RE: Force Uninstall SEP with Tamper Protection

    Posted May 06, 2015 08:50 AM

    You could but cleanwipe is not silent (and can't be made siltent) and requires a reboot.



  • 7.  RE: Force Uninstall SEP with Tamper Protection

    Broadcom Employee
    Posted May 06, 2015 09:03 AM

    It's a known issue with SEP, try the steps given in this article:

    Symantec Endpoint Protection Manager: Remote Push of Communication Update Package for Windows client fails

    http://www.symantec.com/docs/TECH224943

    If still not helped, make sure user is logged in when push out Communication Update Package.



  • 8.  RE: Force Uninstall SEP with Tamper Protection

    Posted May 06, 2015 09:39 AM

    Hi Cheetan,

     

    We're not getting this kind of error messages:

    "Warning: if you install SEP, Mac computers automatically restart..."

    "Could not browse the network. The Bonjour service is missing"

     

    Does the article you gave still applicable for us? I'm  just confirming it.


    Thank you,



  • 9.  RE: Force Uninstall SEP with Tamper Protection

    Broadcom Employee
    Posted May 06, 2015 10:16 AM

    If not getting any error you can ignore it, however make sure user is logged in when push out communuication update package.

    Also could you post the error message screenshot when you tries to push communication update package?

     



  • 10.  RE: Force Uninstall SEP with Tamper Protection

    Posted May 06, 2015 10:29 AM

    I already tried the article you gave me. it still didint worked. still not showing any changes on the client side.

    Also that's the problem we're not seeing error messages, it shows successful on the communication deployment  in the SEPM, but there's no changes on the client side.

    And there was one time 2  days ago where it did succeed, but it go to a group that we didint choose it to go. RU5 is the most weird upgrade we've been in to so far considering we've been using symantec since v11.



  • 11.  RE: Force Uninstall SEP with Tamper Protection

    Broadcom Employee
    Posted May 06, 2015 10:36 AM

    Could you please post the screenshot about communication update package deployment. Is it showing successful in the SEPM console?



  • 12.  RE: Force Uninstall SEP with Tamper Protection

    Posted May 06, 2015 09:49 PM

    Here it is,


    Communication Settings Deployment_0.jpg

    But after checking those computers nothing is changed. The only thing we saw on the system logs, is this:

    "SyLink.xml file imported Successfully"

    But there was no changes on the SEP's troubleshooting gui.



  • 13.  RE: Force Uninstall SEP with Tamper Protection

    Broadcom Employee
    Posted May 07, 2015 09:25 AM

    Thanks for the screenshot, have you tried to restart the service manually using command 'smc -stop' and 'smc -start'.



  • 14.  RE: Force Uninstall SEP with Tamper Protection

    Posted May 07, 2015 10:54 PM

    Yes we also did that, it's still not communicating to our SEPM, we can't still see it on the SEPM.



  • 15.  RE: Force Uninstall SEP with Tamper Protection

    Posted May 10, 2015 10:53 PM

    We tried using the SepPrep but we're getting this error on the logfile

    05/11/2015 10:35:52:464 Attempting to run: MsiExec.exe /X{A5DCF955-5D4A-471D-8CB3-DCFDF5C5DEE7} REMOVE=ALL REBOOT=R /qn
    05/11/2015 10:36:03:478 Exit code: 1603
    05/11/2015 10:36:03:509 Failed to remove Symantec Endpoint Protection

     



  • 16.  RE: Force Uninstall SEP with Tamper Protection

    Posted May 12, 2015 01:59 PM

    Hello d4ry1,

    Without using SEPprep, what happens when you use Programs and Features from the Windows Control Panel to remove SEP? Does it terminate without errors or is there a password prompt?

    -Shawn



  • 17.  RE: Force Uninstall SEP with Tamper Protection

    Posted May 12, 2015 02:19 PM

    One other thing, have you tried steps such as these from TECH160977? The situation may not match the article, but the upgrade setting is the important part.

    Solution:

    To configure clients to move automatically when they upgrade:

    1. In the new manager, go to Admin > Install Packages > Client Install Settings.
    2. Either create new Client Installation Settings or edit an existing set.
    3. In the settings dialog, click Install > Upgrade settings, and select Remove all previous logs and policies, and reset the client-server communications settings.
    4. Use these Install Settings when pushing (or exporting) client packages.

    -Shawn

    Edit: Try installing this without using SEPprep, since in-place upgrade are supported within the same product type. (i.e. Enterprise 11.x or 12.1.x to 12.1.5)