Endpoint Protection

 View Only

  • 1.  Script Removal of SEP 12.1.x

    Posted Nov 30, 2016 01:39 PM

    We acquired some offices and need to remove SEP from 100+ desktops. SEP is password protected and we cannot uninstall it when on the local desktop, because we do not have the password. We can do it with CleanWipe and I know CleanWipe cannot be used in a script, but we need to be able to script it as it would take too long to run it manually. Is there a way to create a script to remove it?

    The SEP service is locked down where I cannot stop it and I noticed SEP is set to protect itself from tampering. I was thinking if I could disable the tampering setting through a script then may be I could use a script that manually deletes everything (registery entries, files, services, etc.). Is it possible to disable the tampering setting via command line or script?



  • 2.  RE: Script Removal of SEP 12.1.x



  • 3.  RE: Script Removal of SEP 12.1.x

    Posted Nov 30, 2016 04:07 PM

    There is a step where you are suppose to create a group with no password in SEPM and copy the profile.xml file so you can important it. The problem is we don't use or have SEPM. Can I get the profile.xml file from somewhere else?



  • 4.  RE: Script Removal of SEP 12.1.x

    Posted Nov 30, 2016 04:22 PM

    I've sent you a PM.



  • 5.  RE: Script Removal of SEP 12.1.x

    Posted Dec 01, 2016 11:35 AM

    Thanks Brian. It appears the importing of the configuration file is failing. Below is what I see in the SEPprep log.

     

    11/30/2016 16:38:05:753 SEPprep starting!
    11/30/2016 16:38:05:753 Attempting to run: "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\smc.exe" -importconfig C:\SEP\policy-import.xml
    11/30/2016 16:38:36:233 Exit code: 3
    11/30/2016 16:38:36:233 Attempting to run: "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\smc.exe" -stop
    11/30/2016 16:39:06:747 Exit code: 0
    11/30/2016 16:39:06:981 Symantec Endpoint Protection 12.1.6608.6300 is installed.
    11/30/2016 16:39:06:981 SEPprep stopping!



  • 6.  RE: Script Removal of SEP 12.1.x

    Posted Dec 01, 2016 11:39 AM

    Not really much there to determine a root cause. The file I gave you was from a SEP 14 test box. I don't have one from a 12.1 box with your same verison. Not sure if this could be the problem or not.



  • 7.  RE: Script Removal of SEP 12.1.x

    Broadcom Employee
    Posted Dec 01, 2016 01:32 PM

    Hi,

    Ideally admin should be able to remove password through the SEPM console. 

    After that can unisntall SEP with varity of ways.

    Uninstall Symantec Endpoint Protection
    http://www.symantec.com/docs/TECH184988

    But it looks here you have no choice than running cleanwipe manually on SEP installed computers.