Uninstall SEP through SEPM
Hi All,
I've seen many threads about this and so far none of the answers can help me.
I'm in a bit of a weird situation. We use SEPM to manage the AV for multiple customers. It works very well, I simply edit the sylink to talk back to a server in our DMZ and make the changes on the customers firewall. All good,
However one of our customers has left and all access to their domain has been removed. Some of their endpoints are still checking in and I need a way to uninstall them, or at least stop them from checking into us.
I've disabled the various components and set a live update policy to get it's updates from http://255.255.255.255. What I need is a way to either uninstall the application through the management console (which I don't think we'll ever see) or a way to edit the sylink file.
Any ideas?
Comments
hi
as of now u cannot uninstall them from SEPM
you can make not to talk to your sepm
make those clients as unmanged clients using sylink drop
here is the tool
https://www-secure.symantec.com/connect/downloads/sylinkreplacer-tool-connecting-sep-clients-sepm
use a the sylink from CD1 of sepm folder, it will make them unmanged so that they wont check in
or else
make the communication mode to pull with a very long interval
sepm
clients
polices
communication settings; set it to pull mode with a very long interval
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
If I were you, I wouldn't
If I were you, I wouldn't settle for changing policies to lessen communication between their clients and your server. I would want the communication completely cuttoff.
In addition to this, I also would not want to make any changes to their environment by modifying SEPM policies because you are no longer authorized to do so.
If you contact them and they are unwilling to uninstall the SEP product from their environment (or takes steps to ensure that it no longer commuicates with your SEPM), then I would block all traffic to/from their IP address(es) at your perimeter firewall.
Regards,
James
The Symantec Endpoint Protection Knowledgebase
Please remember to mark the post which resolved your issue as the solution!
You can block the clients or
You can block the clients or IP Range from connecting to SEPm from SEPM -Admin -servers-Local Site -Servername--properties
You can block the range of ip address used for this client
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
It would be more appropriate
It would be more appropriate to block the ex-customer's public-facing class-A IP address than it would be to try to block the range of IP addresses that the ex-customer's SEP clients use.
This should not be done by the Symantec Endpoint Protection product. The original poster should use his network's perimter firewall to do this.
Regards,
James
The Symantec Endpoint Protection Knowledgebase
Please remember to mark the post which resolved your issue as the solution!
Do you have host integrity
Do you have host integrity component on your system? It's an option (SNAC) you would have had to purchase separately.
If so, you can create a rule that will execute the uninstall process for clients that meet whatever criteria you select or simply apply it to the groups where those clients reside.
I've used to uninstall software or apply sylink's to move clients from different SEP domains. I can provide more details if you have that feature.
Kev
==========================
Kev Romine
Interpublic Group
It would seem that the
It would seem that the original post no longer has permission from his client to make changes to his network. As such, I'm not sure he should do anything except sever communication.
Regards,
James
The Symantec Endpoint Protection Knowledgebase
Please remember to mark the post which resolved your issue as the solution!
Have you heard of:
Hello,
Heave you heard of Symantec Endpoint Protection Integration Component. This comes along with Symantec Endpoint Protection DVD.
Uninstalling antivirus software remotely
You can use the Symantec Management Platform to uninstall existing antivirus
software on the computers that you specify.
To uninstall antivirus software remotely
1 In the Symantec Management Console, on the Manage menu, click Jobs and
Tasks.
2 In the left pane, click Jobs and Tasks > System Jobs and Tasks > Symantec
Endpoint Protection Management, right-click, and click New> Job or Task.
3 On the Create New Task page, in the left pane, click Symantec Endpoint
Protection Management > Uninstall Antivirus.
4 On the Create New Task page, name the task.
5 Click OK.
6 In the left pane, click Jobs and Tasks > System Jobs and Tasks > Symantec
Endpoint Protection Managment, and then click your task.
7 In the right pane, click New Schedule to schedule the task and to define the
computers that you want to run the antivirus inventory task on.
For more information, see topics about using tasks in the Symantec
Management Platform Help.
8 In the New Schedule page, click Schedule.
The status of your task is displayed under Task Status
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | SCTS | ITIL v3
Follow me on Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helped yo
I would approach this in a couple of different ways...
The most responsible way is to let them know how to reconfigure their SEP clients so that they are either managed internally, or are unmanaged but still getting updates from the internet. you really shouldn't cut them off without ensuring they are still being protected.
If you can change your firewall policy to block their public facing IP address that is going to be easiest.
Then I would just set a policy that turns off the communication back to the SEP Manager. Go to the group > communication settings and then untick the option that tells the clients to contact the management server at the very top right under the Management server list.
The next time a client checks in it will get the new comms settings and then never talk to the SEPM ever again!
Hope that helps...
I agree with James-x on this
I agree with James-x on this one.
Change the SEPM policy for their group so that they won't be reporting back to your SEPM for logs and updates. Maybe disable their NTP policies that concerns you.
Then cut them off by changing the rules on the firewall appliance.
Much easier.
“Your most unhappy customers are your greatest source of learning.”
The Simplest of all. In AD
The Simplest of all.
NOTE : Cleanwipe is a not a symantec developed tool. Hence, disclaimer applied.
Regards,
MG
Thanks everyone, I think the
Thanks everyone,
I think the only legal option I have to to go with James-x. If I use any method to uninstall the endpoint and it caused something to go wrong on users machnes then we'd have a lot of legal questions to answer. The chances are slim but it's not worth it.
I guess blocking the ip on the firewall is probably the best route to take.
Mithun,
That looks like a very useful method. I'm managing nearly 2000 endpoints in a very complex setup (86 different domains across 120 locations) with more coming online everyday and the more tools I can integrate into SEPM the better.
Thank again everyone,
Symantec Endpoint Protection Integration Component
Hi Mithun,
Do you know if there is a 64bit version of the Symantec Endpoint Protection Integration Component ?
Thanks
Conor
Would you like to reply?
Login or Register to post your comment.