Whenever a Product or Software is installed, depending on how it was coded, it leaves behind a foot print.  Some of these are easier to remove than others.  In the case of Symantec, it depends on how it was deployed.  The simplest and easiest method would be using the MSI Uninstaller method.

**NOTE**
This method requires the user to have the rights to install/uninstall software via the MSI Installer.
**End NOTE**

So here it is:

- STEP 1: Identify the PRODUCT ID of the SYMANTEC INSTALL (This varies per version, I.E. SEP 11, MR 1 is different than MR2 and so forth.  Also, the version are different between MR4 and MR4 MP1, etc.)

1.A. To determine the product ID, remote (or local) into the Registry Editor and locate:  HKEY_CLASSES_ROOT\INSTALLER\PRODUCTS

1.B. Now do a Find for "Symantec End Point Protection", it will locate a Key in the RIGHT window Pane, under Product Name.  Just above this, there is a key NAMED: PRODUCT ICON, which will have a value similar to: C:\WINDOWS\Installer\{49C27FB0-CEEF-4A11-8114-0BFE336D3884}\ARPPRODUCTICON.exe

1.C.  The portion between the { } is the Product ID of the installed package.  In this case: {49C27FB0-CEEF-4A11-8114-0BFE336D3884} for SEP 11 MR3.

STEP 2: Create your script.

2.A.  Using a batch file, or logon script or whatever you choose:

msiexec.exe /x {product code} /qb
or
msiexec.exe /x {49C27FB0-CEEF-4A11-8114-0BFE336D3884} /qb  -to uninstall SEP 11 MR3 silently.  This will run in the background and the end user will not be aware of the uninstall taking place.

As stated above the user would need to have uninstall/install rights in order to do so.

There is also the "cleanwipe.bat" utility, which is not recommended, but will equally function and can be called from a batch or logon script.  Again, will require the user to have rights in running the application, installer/uninstaller. 

Hope that helps.

 By default ..If a computer does not connect to SEPM for 30 days it gets deleted from SEPM console however if you want to decrease it you can.
Admin -Server -Local Site - Properties-Delete the clients that have not connected for [ 30 ] days

If you remove these previously managed clients you have setup the location awareness, becuase if they dont sign-in to SEP within 30 days. They will not be getting updates. Create 2 locations, inside and outside the office.

Please check this KB on which best applies to you.
http://service1.symantec.com/SUPPORT/ent-security....

Another way is to a packages for outside clients. edit their liveupdate to download directly from Symantec Liveupdate server

After 30 days, when one of those clients will suddenly come online again, will those clients be automatically added to the console when they signin to receive updates? Or will they never be able to receive updates again?

You can automate SEP11 policy group membership via SQL, not sure Symantec will support this transaction. In a nutshell. you will need to update four tables and make sure the tables are updated correctly and recommend to us single transaction to update them.

We do have location awareness already and those clients are getting updates through a different AV product now anyway.
The problem is that SEPM will not recognize that it should no longer be managing these machines even though several months have passed.

We need to get rid of SEPM references to these "missing" machines.

It looks like there is no fix available.   It is a bug that may be fixed in the next release of Endpoint sometime in the next 3 months.

They did not guarantee that it would be fixed in the next version, but they said it is being worked on and scheduling it as a fix.

From the Symantec person I was dealing with:

"The developer that is assigned this defect is still researching and coding to resolve. At this time it is scheduled as a fix in the next release of the endpoint product. I do not have a time frame for this but historically updates run 6-12 weeks after the last one. Since mp2 was just released a few weeks ago this would put the next release around the September time frame."

This problem of computers not dropping off properly has been ongoing since MR2 see this thread: https://www-secure.symantec.com/connect/forums/remove-decommissioned-computers-lists

If there's a solution, I would really like to know what it is as I do NOT want to blow away my embedded database again to fix it.

I have an issue related to this thread. I had a computer with SEP installed that was managed by a SEPM. I uninstalled SEP and reinstall as "unmanaged" for the purpose of testing the "UnManaged Detector" feature of SEPM using another managed client. This feature does not appear to work in this case. I'm assuming it's because SEPM is still aware of my client that was managed but now is not. SEPM understands that my unmanaged client is not reporting in and has not received LiveUpdates, but is apparently still counting it as managed. There needs to be a way to purge client from the SEPM database. Hopefully this will be fixed soon.

I have noticed this fault in SEPM and think it is to do with the way it treats the client SEP information when also reading AD information to do with the client PC.
If you remove the client PC from an OU in AD and then "Sync Now" the OU in SEPM, the PC will disappear from SEPM... but if you leave the PC record in AD, then SEPM will never update the client info with regard to SEP no matter what the purge window is set to.

From what I have seen if the client PC is turned off forever, or if the SEP client is uninstalled from the PC, the information in SEPM will never update unless the PC record is removed from AD.

SEP behaves differently depending on whether you are doing AD synchronisation or not.
Really the AD sync adds little to the product thought and in almost all cases you would be better off managing the group structure manually.

To really delete SEP clients I have found that is is best to modify the database directly.

Z

Go into the SEPM > Admin > server > local site properties and you can set the value from 30 days to 1 or 2 day.

Does anyone know how to view the reports/logs of the automatically removed clients from SEPM after the default 30 days have passed?