Remove SAV from Windows Security Center
Updated: 21 May 2010 | 7 comments
This issue has been solved. See solution.
Hi.
Looking for a way to remove SAV 10.X from the Windows Security Center. We use the Symantec cleanwipe to remove SAV, but the Windows Security Center still reports SAV as installed. When we install the new AV app, then Windows Security Center reports two AV programs are installed - what a mess!
Anyone have a command line tool or way to unregister SAV from WSC - without deleting the windows32\wbem\repository folder?
Thanks
Chris
discussion Filed Under:
Comments
hi
have you configred this..???
Configuring Windows Security Center alerts using Symantec AntiVirus Corporate Edition or Symantec Client Security
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2004100414075048?Open&docid=2003101512393448&nsf=ent-security.nsf&view=ppfdocs
check the registry keys..
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
This only helps if SAV is
This only helps if SAV is installed or to be installed. SAV has been removed with cleanwipe. Reinstalling SAV to set Windows Security Center options then removing again is not an option!
hi
any entry in these locations..reference to symantec
?
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
Hi
The Security Center checks for the presence of antivirus software using queries for specific WMI providers that are made available by participating vendors. If the information is available, the Security Center service also determines whether the software is up-to-date and whether real-time scanning is turned on
if you have removed symantec, then these entried might still be in wmi..
lets try this.
Go to a command prompt and run wbemtest
• Click the Connect button
• Replace root\default with root\securitycenter and click Connect
• You will be returned to the original screen, now click the Enum Classes button, leave the Superclass info box that appears as is (empty) and click OK
• On the Query Results screen, highlight AntivirusProduct and choose the Delete button.
• Close the Query windows and exit wbemtest
reboot the box, let me know if you still see it ..:)
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
Thanks, as soon as I delete
Thanks, as soon as I delete the sav instance under AntivirusProduct , WSC reports no antivirus installed! now, just need to script this ...
Script to remove SAV from WSC
Incase anyone else needs this, here is a vbs script to remove SAV from Windows Security Center. Thanks for pointing me in the right direction with Wbem!
<blockquote>
'*******************************************************************************
'* Script: RmvSavWSC.vbs
'* Purpose: Removes Sav from Windows Security Center
'* Parameters:
'* 1 - iMsgMode
'* (0 = Minimal Messages ; 1 = Display Debug Messages;
'* 2 = Login Script No Msgs) - Default = Minimal Msgs
'* Returns: 0 - If sucessful Sav removed or sav not detected
'* 1 - If error removing sav
'* Created: 2009/09/15
'* Created by: Chris Thibeau
'* Supported OS: XP
'*******************************************************************************
Option Explicit
'* ------------------------- Global Variable Declarations ------------------------------
Dim iMsgMode, strComputer, oWMI, colAV, objAntiVirusProduct, strAVGuid, strCompany, strAV, strScanning, strUptodate, strMsg, objSWbemServices, strInstance, Err
'------------------------------------- Get Arguments ---------------------------------------------
If WScript.Arguments.count = 1 then '1
iMsgMode = WScript.Arguments.Item(0)
Else
iMsgMode = 0
End if
'============================== Main Script =============================
'--- Connect to WMI \root\SecurityCenter\AntiVirusProduct
strComputer = "."
Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\SecurityCenter")
Set colAV = oWMI.ExecQuery("Select * from AntiVirusProduct")
'--- Check to see if any AV products are registered with Windows Security Center
If colAV.Count > 0 Then
' --- Start loop for each AV product
For Each objAntiVirusProduct In colAV
' -- Get the Guid
strAVGuid = objAntiVirusProduct.instanceGuid
' -- Select the AV product and get it's details
Set colAV = oWMI.ExecQuery("Select " & strAVGuid & " from objAntiVirusProduct")
strCompany = objAntiVirusProduct.companyName
strAV = objAntiVirusProduct.displayName
strScanning = objAntiVirusProduct.onAccessScanningEnabled
strUptodate = objAntiVirusProduct.productUptoDate
strMsg = "This information was collected on: " & Date & " at " & Time & vbCrLf
strMsg = strMsg & "GUID: " & strAVGuid & vbCrLf
strMsg = strMsg & "Manufacturer: " & strCompany & vbCrLf
strMsg = strMsg & "Product: " & strAV & vbCrLf
strMsg = strMsg & "Scanning Enabled? " & strScanning & vbCrLf
strMsg = strMsg & "Definitions UptoDate? " & strUptodate & vbCrLf
strMsg = strMsg & vbCrLf
If iMsgMode = 1 Then
WScript.Echo strMsg
End If
' -- Check to see if the AntiVirusProduct.companyName = Symantec
If StrComp(strCompany,"Symantec Corporation") = 0 Then
If iMsgMode = 1 Then
WScript.Echo "SAV Detected: " & strAVGuid & vbCrLf & " removing from WSC!"
End If
' -- Setup a connection to Wbem then delete Sav Instance
strInstance = "AntiVirusProduct.instanceGuid='" & strAVGuid & "'"
Set objSWbemServices = GetObject("winmgmts:\\" & "." & "\root\SecurityCenter")
objSWbemServices.Delete strInstance
If Err <> 0 Then ' -- Check if error deleting instance
If iMsgMode = 1 Then ' - Display error message
WScript.Echo "Error Deleting Sav Instance:" & vbCrLf & Err.Number & " " & Err.Description
End If ' - Display error message
Else
If iMsgMode < 2 Then ' - Display success message
WScript.Echo "Delete succeeded"
End If ' - Display success message
End If ' -- Check if error deleting instance
' Release SwbemServices object
Set objSWbemServices = Nothing
End If
next ' --- process next AV product
Else ' --- No AV products are registered
If iMsgMode = 1 Then ' - Display message
WScript.Echo "No Anti Virus Products registered"
End If ' - Display message
End If
' --- Release all resources
Set objAntiVirusProduct = Nothing
Set colAV = Nothing
Set oWMI = Nothing
If Err <> 0 Then
WScript.Quit(0) ' --- Quit, no errors
Else
WScript.Quit(1) ' --- Quit with errors
End If
</blockquote>
thanks for the script
nice..
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
Would you like to reply?
Login or Register to post your comment.