Endpoint Protection

 View Only

  • 1.  How to Remotely Uninstall SEP Antivirus 12.1

    Posted Jan 10, 2013 06:06 PM

    Ok, I know there is a featured post and several articles about how uninstallation of SEP Antivirus is pretty much a manual hands-on-the-machine affair.  Either that, utilizing a CleanWipe utility that, while I am unaware of this program, sounds like something similar to CCleaner.

    Here is our company's problem and am hoping you all can assist.

    1) We intend to lock down SAV from client access via the use of passwords (done through SEPM policies)

    2) Almost all of our users are remote located in all of our state's counties.

    3) All of our IT support is handled via remote control, Microsoft System Configuration Manager, Group Policy, or each applications management console.

    4) We are being forced to move away from ESET AV and adopt SAV.  ESET allowed us, through their console to install, remove, and remotely manage the ESET application.

     

    Knowing the above, and that our client-side SAV setups will have password protection, and our users are remote, please tell me how we can remotely uninstall SAV 12.1 from their systems should the need arise?

    Touching each and every machine via a remote desktop tool to utilize Windows Add/Remove process is just not practical for large numbers of users.  Using the msiexec command line in a Group Policy "logon" script won't work if we have password protected our SAV installations. 

     

    Thank you.



  • 2.  RE: How to Remotely Uninstall SEP Antivirus 12.1

    Posted Jan 10, 2013 06:31 PM

    Check here:

    About the third-party security software removal feature in Symantec Endpoint Protection 12.1 RU1 MP1

    Article:TECH178757  |  Created: 2012-01-11  |  Updated: 2012-05-24  |  Article URL http://www.symantec.com/docs/TECH178757

     

    You can also check out SEPPrep

    SEPprep competitive product uninstall tool

    Article:TECH148513  |  Created: 2011-01-19  |  Updated: 2011-04-13  |  Article URL http://www.symantec.com/docs/TECH148513

     



  • 3.  RE: How to Remotely Uninstall SEP Antivirus 12.1

    Posted Jan 10, 2013 07:43 PM

    Here some documentation about the un-installer in scope of SEP 12.1 RU2:

    http://www.symantec.com/docs/TECH195029

     

    Regarding the Cleanwipe tool:

    https://www-secure.symantec.com/connect/forums/how-get-cleanwipe-tool-endpoint-removal

     

    The mentioned above SEPprep tool will be as well fine suited in your scenario, as you can specify in it the MSI unistall password for the product.

    The option to force the client uninstall from SEPM is non-existing at this point - but the lack of it has been already mentioned by several parties - you can support and vote for it under the following link:

    https://www-secure.symantec.com/connect/idea/uninstall-option-sepm



  • 4.  RE: How to Remotely Uninstall SEP Antivirus 12.1

    Posted Jan 10, 2013 10:49 PM

    HI,

    Check same thread

    https://www-secure.symantec.com/connect/forums/uninstall-sep-client-remotely



  • 5.  RE: How to Remotely Uninstall SEP Antivirus 12.1

    Posted Jan 11, 2013 06:43 AM

    Just to avoid confusion going forward, I'm going to clarify that SAV is an old EOL'd product that is no longer supported, this has been replaced with SEP.

    AFAIK, if the uninstall password is configured, there is no way to uninstall SEP silently.  Therefore, if you ever need to perform a mass uninstall by script/GPO, you will first have to remove the password protection.  If you're looking to do a uninstall on a specific client remotely then you'll need to move that client to a specialised group where the password protection is disabled.

    The closest thing I can find as a reference is the article below (unfortunately this is for v11):
    http://www.symantec.com/docs/TECH105827

    More general MSI uninstall information can be fond here:
    http://www.symantec.com/docs/TECH102470



  • 6.  RE: How to Remotely Uninstall SEP Antivirus 12.1

    Posted Jan 11, 2013 09:52 AM

    Thank you all for your suggestions and assistance.  I will peruse your information today.  I am very dissapointed that there isn't a configured process for uninstallation.  This is very shallow thinking on the part of Symantec.  It makes it seem like they built their Enterprise level application around home users.

     

    Yeah, I used SAV as a shortcut to highlight that I was talking about the antivirus application of Endpoint.

     

    Thank you SMLatCST, that is an interesting thought.  I will look in to that.  How long from the time you move a user's machine in to a new group that has a no-password policy will the new policy take affect?



  • 7.  RE: How to Remotely Uninstall SEP Antivirus 12.1

    Posted Jan 11, 2013 10:01 AM

    It depends on what your heartbeat is set to. This determines how often the client checks in to the SEPM.



  • 8.  RE: How to Remotely Uninstall SEP Antivirus 12.1

    Posted Jan 11, 2013 10:02 AM

    The time it takes for a client to pick up on the policy change is depedent upon the Communications Settings for the group.

    In PUSH mode comms, it should detect the change immediately and apply shortly after.

    In PULL mode, the client will have to wait until the next Heartbeat Interval to detect the change.

    Also, you may want to read up on the SEP-Integration Component for managing SEP installs.  This is a separate tool (based off of Altiris) that provides more control over the client installations.  You are licensed to use this as it is included with the SEP licenses:

    http://www.symantec.com/docs/HOWTO73212



  • 9.  RE: How to Remotely Uninstall SEP Antivirus 12.1

    Posted Jan 11, 2013 10:06 AM

    thank you all very much.