Endpoint Protection

We are currently testing the recently released RU5 upgrade for SEP. We are upgrading from MR4MP2. When running the install manually on a client it prompts us for the uninstall password for MR4MP2. We enter the password and the upgrade continues fine.

However, is there a way to bypass the uninstall password so the upgrade can be pushed (via MS SCCM) silently. In the past just installing the latest version over the old version worked without prompting for the password.

Is there a MSI parameter that can be used?

Thanks,

Jon

Are the clients managed ?

If yes you can disable the uninstall password from SEPM and update the policy on the clients  and then you can push the package on to them

Greetings jwind,

See above.

If your users are limited users (or only trusted people have admin rights), then I'd suggest leaving the password to uninstall off so you don't run into this in the future.  If a user has admin rights and is knowlegable, they could get SEP off the machine anyway.

If many of your users are admin rights, then you probably still want to keep the uninstall password active.

In our company we are using SCCM to deploy SEP Clients. Deployment is done silently. Please tell me how to deploy RU5 without disabling password requirement in policies. If this is not possible this must be fixed in the next version of SEP.

Michael Knudsen
Head of Corporate IT Security and Policies
GEA Group

Same here, we have quite a few users that are are administrators on their machines. Because of this disabling the uninstall password is not an option.

Why was this changed for RU5? This make it a pain to silently upgrade when using anything but the SEP console for upgrades.

Is there a way to upgrade silently with an uninstall password configured?

Thanks,

Jon

There needs to be a better way without disabling password requirement in policy...

Using below options makes upgrade possible without any password prompting:

Setup.exe /s /v" /qn REBOOT=ReallySuppress RUNLIVEUPDATE=0"

We currently use /qb! when running, but I'll try /qn and see what happens.

Thanks for the advice,

Jon

using /qn instead of /qb! works great. User's won't see the progress bar, but I can live with that.

Thanks.

You guys that have the uninstall password enabled, are you seeing the old SEP entry in add/remove?
See this thread

https://www-secure.symantec.com/connect/forums/ru5-client-update-sep-listed-twice-addremove

Yes and no... If I installed using /qb! and then cancelled when the uninstall password came up I would get 2 installs of SEP in add/remove programs. I also noticed if I cancelled the install at the uninstall password prompt RU5 would actually be installed/updated.

When I install over an existing install with /qn as an MSI parameter I do not get 2 entries.

--Jon

So does that mean if a (malicious) user wanted to uninstall SEP that an "msiexec /x /qn (symantec msi or product code)" could remove it without the password?  ie the password is only part of the gui portion of the msi?

I tested this a few days back... removing with msiexec /x /qn and the removal fails with a status code of 1602. So in short you cannot remove without the password but can upgrade.

--Jon

sigh.   another classic monkeywrench thrown in by Symantec.

I've been upgrading Symantec Antivirus since 7.01 and this is the first time I've had this password prompt to remove the previous version of symantec during a upgrade.  

Even now it doesn't manage to fail consistantly.   Only some of the systems I'm upgrading have this problem.   

I'm a bit confused by the proposed solution.     I am using the setup.exe packaged by sepm.   Is the thing to do rebuild that with client install settings set to silent?