SEP11 Removal instructions almost trashed my computer
My main DC (2008 standard, SP1) started giving me giving me BSOD 0x0A at logon the other day. After going through the crash dumps, every one was caused by SRTSPL.SYS, the SEP file system protection. Symantec.com says part of the program was corrupted, so uninstall and reinstall. After going into safe mode and disabling SEP from msconfig, rebooted and tried to remove it with Add/Remove Progs (or whatever it's called now) but it hangs on gathering config data. After an hour of waiting I killed it. Further reading says that CleanWipe is only available after begging Symantec and a long wait (which makes NO SENSE - NONE). So I decide, having to get my PDC up as quickly as possible, I have to manually remove SEP11.
Following the instructions here:
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/a4cd7d00780ce3dd8825732b005a7638?OpenDocument
I was shocked to find that many of the registry keys you asked me to remove would have totally removed many, MANY things installed with other Symantec products, namely Backup Exec and Ghost. So now, not only do I have to go through ~30 registry entries manually because I can't wait for you to decide I am ready (error prone and very, VERY kludgy), I have to check each step along the way that I am not removing vital entries for the other Symantec products that you WOULD HAVE HAD ME ERASE COMPLETELY. I finally have this removed from my system but I am not happy. I will never buy another Symantec product again, and I will suggest to everyone that they never do either. Not giving out the removal tool is bad enough but to push people to use such hastily thrown together and broad, sweeping guidelines is not only irresponsible but disturbing.
Comments
2 points to consider.
1. The document that you went over has this warning:
Warning: These removal steps can disable other Symantec products that are installed on the computer. It is recommended that all Symantec products be uninstalled by using Add or Remove Programs before starting this process.
2. The limited access to the cleanwipe tool is because we do not want end-users to have easy access to a tool that removes SEP from their computers even if the administrator has chosen to require a password for removal. Additionally the removal tool also has a tendency to break other Symantec products that may be present on the box.
Re: Cleanwipe availability
Jeremy is correct on his assessment of the availability of Cleanwipe (the removal tool). Additionally, as the tool itself is classified as unsupported, having open availability to it could lead to much greater issues and hinder the supportability should the tool fail, as well as the inherent security risks.
When having removal issues it is always recommended as a best practice that support be engage for assistance.
And they fail to mention...
The above post, failed to mention that using the "CLEANWIPE Tool" would have completely (or almost) wiped out all entries related to Symantec. This would include Ghost and Backup Exec and any other Symantec products. Rendering you the task of having to repair/reinstall those products as well...
So although , clean wipe may have saved you some time ridding yourself of SEP/SEPM, it may have increased the time necessary for you to get the server back up and running as it should be.
I didn't fail to mention it.
"Additionally the removal tool also has a tendency to break other Symantec products that may be present on the box."
Would you like to reply?
Login or Register to post your comment.