Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

How to Remotely Uninstall SEP Antivirus 12.1

Created: 10 Jan 2013 | 8 comments

Ok, I know there is a featured post and several articles about how uninstallation of SEP Antivirus is pretty much a manual hands-on-the-machine affair.  Either that, utilizing a CleanWipe utility that, while I am unaware of this program, sounds like something similar to CCleaner.

Here is our company's problem and am hoping you all can assist.

1) We intend to lock down SAV from client access via the use of passwords (done through SEPM policies)

2) Almost all of our users are remote located in all of our state's counties.

3) All of our IT support is handled via remote control, Microsoft System Configuration Manager, Group Policy, or each applications management console.

4) We are being forced to move away from ESET AV and adopt SAV.  ESET allowed us, through their console to install, remove, and remotely manage the ESET application.

 

Knowing the above, and that our client-side SAV setups will have password protection, and our users are remote, please tell me how we can remotely uninstall SAV 12.1 from their systems should the need arise?

Touching each and every machine via a remote desktop tool to utilize Windows Add/Remove process is just not practical for large numbers of users.  Using the msiexec command line in a Group Policy "logon" script won't work if we have password protected our SAV installations. 

 

Thank you.

Comments 8 CommentsJump to latest comment

.Brian's picture

Check here:

About the third-party security software removal feature in Symantec Endpoint Protection 12.1 RU1 MP1

Article:TECH178757  |  Created: 2012-01-11  |  Updated: 2012-05-24  |  Article URL http://www.symantec.com/docs/TECH178757

 

You can also check out SEPPrep

SEPprep competitive product uninstall tool

Article:TECH148513  |  Created: 2011-01-19  |  Updated: 2011-04-13  |  Article URL http://www.symantec.com/docs/TECH148513

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SebastianZ's picture

Here some documentation about the un-installer in scope of SEP 12.1 RU2:

http://www.symantec.com/docs/TECH195029

 

Regarding the Cleanwipe tool:

https://www-secure.symantec.com/connect/forums/how...

 

The mentioned above SEPprep tool will be as well fine suited in your scenario, as you can specify in it the MSI unistall password for the product.

The option to force the client uninstall from SEPM is non-existing at this point - but the lack of it has been already mentioned by several parties - you can support and vote for it under the following link:

https://www-secure.symantec.com/connect/idea/unins...

SMLatCST's picture

Just to avoid confusion going forward, I'm going to clarify that SAV is an old EOL'd product that is no longer supported, this has been replaced with SEP.

AFAIK, if the uninstall password is configured, there is no way to uninstall SEP silently.  Therefore, if you ever need to perform a mass uninstall by script/GPO, you will first have to remove the password protection.  If you're looking to do a uninstall on a specific client remotely then you'll need to move that client to a specialised group where the password protection is disabled.

The closest thing I can find as a reference is the article below (unfortunately this is for v11):
http://www.symantec.com/docs/TECH105827

More general MSI uninstall information can be fond here:
http://www.symantec.com/docs/TECH102470

dee mcclanahan's picture

Thank you all for your suggestions and assistance.  I will peruse your information today.  I am very dissapointed that there isn't a configured process for uninstallation.  This is very shallow thinking on the part of Symantec.  It makes it seem like they built their Enterprise level application around home users.

 

Yeah, I used SAV as a shortcut to highlight that I was talking about the antivirus application of Endpoint.

 

Thank you SMLatCST, that is an interesting thought.  I will look in to that.  How long from the time you move a user's machine in to a new group that has a no-password policy will the new policy take affect?

.Brian's picture

It depends on what your heartbeat is set to. This determines how often the client checks in to the SEPM.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SMLatCST's picture

The time it takes for a client to pick up on the policy change is depedent upon the Communications Settings for the group.

In PUSH mode comms, it should detect the change immediately and apply shortly after.

In PULL mode, the client will have to wait until the next Heartbeat Interval to detect the change.

Also, you may want to read up on the SEP-Integration Component for managing SEP installs.  This is a separate tool (based off of Altiris) that provides more control over the client installations.  You are licensed to use this as it is included with the SEP licenses:

http://www.symantec.com/docs/HOWTO73212