Silently Uninstalling Symantec Antivirus 11 and 12

article #451, updated 1812 days ago

For Symantec, rolling one’s own seems usual. I have been doing it using psexec and LabTech command prompt, running the msiexec lines below remotely. One has to get the long code first via regedit. Examples are below under major subversions. But before you do that, make sure there’s no password protection on the client. There are two locations.

First in here:

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC

and make sure SmcGuiHasPassword is 0.

Second, in here:

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\AdministratorOnly\Security

make sure UseVPUninstallPassword is 0.

And now for some example msiexec lines. The /q is apparently needed just as the /qn, and the last two (very sparsely documented) items appear helpful as well. The GUID (the long code) is the tough part. It comes from:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

searching for “Symantec Endpoint Protection”, and it is possible to have more than one sub-subversion — and therefore more than one GUID — needed within a given LAN, mostly depending on update status.

for 12.1:

MsiExec.exe /X {EFCC6FA1-8F3F-46E6-B7BF-8336CCD3DA67} /q /qn /norestart REBOOT=ReallySuppress REMOVE=ALL
MsiExec.exe /X {BCE5F3B0-8407-42DB-8073-1812F7D2D1E6} /q /qn /norestart REBOOT=ReallySuppress REMOVE=ALL

for 12.0:

MsiExec.exe /X {895665D9-6614-4930-9D39-3567283DD424} /q /qn /norestart REBOOT=ReallySuppress REMOVE=ALL
MsiExec.exe /X {D350A6A1-044F-4E19-8267-F1C44775CFC2} /q /qn /norestart REBOOT=ReallySuppress REMOVE=ALL
MsiExec.exe /X {A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8} /q /qn /norestart REBOOT=ReallySuppress REMOVE=ALL
MsiExec.exe /X {84B70C16-7032-41EE-965C-3C8D9D566CBB} /q /qn /norestart REBOOT=ReallySuppress REMOVE=ALL

for 11.0:

MsiExec.exe /X {26624215-248C-4F88-A415-35301812FB75} /q /qn /norestart REBOOT=ReallySuppress REMOVE=ALL
MsiExec.exe /X {AAE221D5-C3DD-4FE2-A063-C1368FE730A5} /q /qn /norestart REBOOT=ReallySuppress REMOVE=ALL
msiexec.exe /X {84B70C16-7032-41EE-965C-3C8D9D566CBB} /q /qn /norestart /REBOOT=ReallySuppress REMOVE=ALL

It can take a while — but it happens very silently.

Categories:   Application Issues   Antivirus/Antimalware Tools and Issues