Category: VIPRE Antivirus

VIPRE Agent Removal Script, also helpful for failed agent installs
article #448, updated 3522 days ago

The script below was written using the VIPRE manual recommends. It can be downloaded here as RemoveVIPRE.cmd. It leaves a problematical remnant for which you will need msicuu2. Very corrupt agents may need further intervention, e.g., manual removal of files and folders, clearing of system and profile temp files, and possibly registry deletions as well.

@echo off

echo --------------------------------------------
echo ------- VIPRE Removal Script by J.E.B. -----
echo --------------- version 3.1 ----------------
echo --------------------------------------------
echo ---------------- 2013-08-09 ----------------
echo --------------------------------------------

net stop sbamsvc
net stop sbapifs
net stop sbemi
net stop sbhips
net stop SBPIMSvc
net stop sbre
net stop sbtis
net stop sbfwimcl
net stop sbfwimclmp
net stop gfi_lanss10_attservice

taskkill /F /IM SBPIMSvc.exe
taskkill /F /IM SBAMSvc.exe
taskkill /F /IM SBAMTray.exe
taskkill /f /im SBRC.EXE

sc delete sbamsvc
sc delete sbapifs
sc delete sbemi
sc delete sbhips
sc delete SBPIMSvc
sc delete sbre
sc delete sbtis
sc delete sbfwimcl
sc delete sbfwimclmp
sc delete gfi_lanss10_attservice

REM *** First change permissions on general registry keys ***

echo \registry\machine\SYSTEM\CurrentControlSet\Services\SBAMSvc [10] > RemoveVIPRE.regfix
echo \registry\machine\SYSTEM\CurrentControlSet\Services\SBAPIFS [10] >> RemoveVIPRE.regfix
echo \registry\machine\SYSTEM\CurrentControlSet\Services\SBEMI [10] >> RemoveVIPRE.regfix
echo \registry\machine\SYSTEM\CurrentControlSet\Services\SBHIPS [10] >> RemoveVIPRE.regfix
echo \registry\machine\SYSTEM\CurrentControlSet\Services\SBPIMSVC [10] >> RemoveVIPRE.regfix
echo \registry\machine\SYSTEM\CurrentControlSet\Services\SBRE [10] >> RemoveVIPRE.regfix
echo \registry\machine\SYSTEM\CurrentControlSet\Services\Sbtis [10] >> RemoveVIPRE.regfix
echo \registry\machine\SYSTEM\CurrentControlSet\services\SBFWIMCL [10] >> RemoveVIPRE.regfix
echo \registry\machine\SYSTEM\CurrentControlSet\services\SBFWIMCLMP [10] >> RemoveVIPRE.regfix
echo \registry\machine\SYSTEM\CurrentControlSet\services\gfi_lanss10_attservice [10] >> RemoveVIPRE.regfix

echo \registry\machine\software\classes\Installer\Products\2B680A936D70B034EAE58BCAC18C347A [10] >> RemoveVIPRE.regfix
echo \registry\machine\software\classes\Installer\Products\116445D9734F351419E319EC305638CC [10] >> RemoveVIPRE.regfix
echo \registry\machine\software\classes\Installer\Products\1363B974717ACE24EB715AECFB5698B1 [10] >> RemoveVIPRE.regfix
echo \registry\machine\software\classes\Installer\Products\BF8FC7BD8368E4846A1C735FCA12CD2B [10] >> RemoveVIPRE.regfix

echo \registry\machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03BCC3AEA8C639B48B86726A768A9284 [10] >> RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\083B3A6D7B7F6FB4DB9A45972E2DF34D [10] >> RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A760992A13C24C448E6C6B4627DA5B0 [10] >> RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B2AF55E92E0E81478FE9C1B31E21805 [10] >> RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D148412C177E7C4598C46875973B574 [10] >> RemoveVIPRE.regfix

REGINI -b RemoveVIPRE.regfix

REM *** Then remove general registry keys ***

REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SBAMSvc /f
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SBAPIFS /f
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SBEMI /f
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SBHIPS /f
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SBPIMSVC /f
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SBRE /f
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sbtis /f
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SBFWIMCL /f
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SBFWIMCLMP /f
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gfi_lanss10_attservice /f

REG DELETE HKEY_CLASSES_ROOT\Installer\Products\2B680A936D70B034EAE58BCAC18C347A /F
REG DELETE HKEY_CLASSES_ROOT\Installer\Products\116445D9734F351419E319EC305638CC /f
REG DELETE HKEY_CLASSES_ROOT\Installer\Products\1363B974717ACE24EB715AECFB5698B1 /f
REG DELETE HKEY_CLASSES_ROOT\Installer\Products\BF8FC7BD8368E4846A1C735FCA12CD2B /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03BCC3AEA8C639B48B86726A768A9284" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\083B3A6D7B7F6FB4DB9A45972E2DF34D" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A760992A13C24C448E6C6B4627DA5B0" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B2AF55E92E0E81478FE9C1B31E21805" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D148412C177E7C4598C46875973B574" /f

REM *** Change permissions on x86-specific registry keys ***

echo \registry\machine\software\classes\Installer\Products\116445D9734F351419E319EC305638CC [10] >> RemoveVIPRE.regfix

echo \registry\machine\SOFTWARE\SBAMSvc [10] > RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\GFI Software\GFI Business Agent [10] >> RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\Sunbelt Software\Sunbelt Enterprise Agent - 4.0 Agent [10] >> RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\GFI Software\GFI Business Agent - 5.0 Agent [10] >> RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\Sunbelt Software\Sunbelt Enterprise Agent [10] >> RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\GFI\LNSS10 [10] >> RemoveVIPRE.regfix

echo "\registry\machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9D544611-F437-4153-913E-91CE036583CC}" [10] >> RemoveVIPRE.regfix
echo "\registry\machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" [10] >> RemoveVIPRE.regfix
echo "\registry\machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\116445D9734F35141" [10] >> RemoveVIPRE.regfix

REGINI -b RemoveVIPRE.regfix

REM *** Remove x86-specific registry keys ***

REG DELETE "HKEY_CLASSES_ROOT\Installer\Products\116445D9734F351419E319EC305638CC" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\SBAMSvc" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Sunbelt Software\Sunbelt Enterprise Agent" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\GFI Software\GFI Business Agent" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Sunbelt Software\Sunbelt Enterprise Agent - 4.0 Agent" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\GFI Software\GFI Business Agent - 5.0 Agent" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\GFI\LNSS10" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9D544611-F437-4153-913E-91CE036583CC}" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\116445D9734F35141" /f

REM *** Change permissions on x64-specific registry keys ***

echo \registry\machine\SOFTWARE\Wow6432Node\SBAMSvc [10] >> RemoveVIPRE.regfix
echo "\registry\machine\SOFTWARE\Wow6432Node\Sunbelt Software\Sunbelt Enterprise Agent" [10] >> RemoveVIPRE.regfix
echo "\registry\machine\SOFTWARE\Wow6432Node\GFI Software\GFI Business Agent" [10] >> RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\Wow6432Node\GFI\LNSS10 [10] >> RemoveVIPRE.regfix
echo "\registry\machine\SOFTWARE\Wow6432Node\Sunbelt Software\Sunbelt Enterprise Agent - 4.0 Agent" [10] >> RemoveVIPRE.regfix
echo "\registry\machine\SOFTWARE\Wow6432Node\GFI Software\GFI Business Agent - 5.0 Agent" [10] >> RemoveVIPRE.regfix

echo "\registry\machine\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D544611-F437-4153-913E-91CE036583CC}" [10] >> RemoveVIPRE.regfix
echo "\registry\machine\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" [10] >> RemoveVIPRE.regfix
echo "\registry\machine\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\116445D9734F35141" [10] >> RemoveVIPRE.regfix

echo \registry\machine\software\classes\Installer\Products\116445D9734F351419E319EC305638CC [10] >> RemoveVIPRE.regfix

REGINI -b RemoveVIPRE.regfix

REM *** Remove x64-specific registry keys ***

REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SBAMSvc /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sunbelt Software\Sunbelt Enterprise Agent" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GFI Software\GFI Business Agent" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GFI\LNSS10" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sunbelt Software\Sunbelt Enterprise Agent - 4.0 Agent" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GFI Software\GFI Business Agent - 5.0 Agent" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D544611-F437-4153-913E-91CE036583CC}" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\116445D9734F35141" /f

REG DELETE "HKEY_CLASSES_ROOT\Installer\Products\116445D9734F351419E319EC305638CC" /f

REM *** Clean up misc items from VIPRE support sessions etc. ***

DEL "%USERPROFILE%\appdata\local\temp\removevipre\sbrc.exe"
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SBRegRebootCleaner" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SBAMTray" /f

REM *** Finish up. ***

del RemoveVIPRE.regfix

RegSvr32 /u /s SBAMScanShellExt.DLL

RMDIR /S /Q "%SYSTEMDRIVE%\Program Files\GFI Software\GFIAgent"
RMDIR /S /Q "%SYSTEMDRIVE%\Program Files\GFI Software\LanGuard 10 Agent"
RMDIR /S /Q "%SYSTEMDRIVE%\Program Files\Sunbelt Software\SBEAgent"

RMDIR /S /Q "%SYSTEMDRIVE%\Program Files (x86)\Sunbelt Software\SBEAgent"
RMDIR /S /Q "%SYSTEMDRIVE%\Program Files (x86)\GFI Software\GFIAgent"
RMDIR /S /Q "%SYSTEMDRIVE%\Program Files (x86)\GFI Software\LanGuard 10 Agent"

RMDIR /S /Q "%AppData%\Sunbelt\Antimalware"
RMDIR /S /Q "%AppData%\Sunbelt Software\Antimalware"
RMDIR /S /Q "%AppData%\GFI Software\Antimalware"
RMDIR /S /Q "%AppData%\GFI Software\LanGuard 10"

echo ---------------------------
echo ---------------------------
echo RemoveVIPRE completed.
echo ---------------------------
echo ---------------------------

Categories:      

==============

Move VIPRE Agent to New Server
article #667, updated 3665 days ago

The batch file below will move a VIPRE agent to a new server. Be sure to change “servername.domain.xyz” to the appropriate DNS name of the new server.

sc config sbamsvc start= disabled
net stop sbamsvc
taskkill /f /im sbamsvc.exe
sc config sbamsvc start= disabled
(if exist "C:\ProgramData\GFI Software\Antimalware" CD C:\ProgramData\GFI Software\Antimalware)
(if exist "C:\Documents and Settings\All Users\Application Data\GFI Software\Antimalware" CD C:\Documents and Settings\All Users\Application Data\GFI Software\Antimalware)
del policy.xml
del agentsettings.xml
(reg add HKLM\SOFTWARE\Wow6432Node\SBAMSvc /v PolicyServiceMachineName /t REG_SZ /d "servername.domain.xyz" /f)
sc config sbamsvc start= delayed-auto
net start sbamsvc

Categories:      

==============

Change VIPRE agent server live!!!
article #571, updated 3849 days ago

You can change the server which a VIPRE agent talks to without removal/reinstall!!!

1. Browse to C:\ProgramData\GFI Software\AntiMalware, C:\ProgramData\Sunbelt\AntiMalware, C:\Documents and Settings\All Users\Application Data\GFI Software\Antimalware, or C:\Documents and Settings\All Users\Application Data\Sunbelt\Antimalware, depending on version of VIPRE.

2. Delete Policy.xml and Agentsettings.xml

3. Using this registry entry key:

x32:

HKLM\SOFTWARE\SBAMSvc\PolicyServiceMachineName

x64:

HKLM\SOFTWARE\Wow6432Node\SBAMSvc\PolicyServiceMachineName

change the string in PolicyServiceMachineName to the IP or working DNS name of your VIPRE server, then restart service SBAMSvc, and you are in! It will automatically drop the object into default policy of the replacement server.

Categories:      

==============

Manual removal of VIPRE Business agent
article #572, updated 3879 days ago

Try this:

http://threattrack.force.com/articles/SkyNet_Article/How-to-manually-remove-a-VIPRE-Business-agent/?q=remove&l=en_US&c=All_Products%3AVIPRE_Business&fs=Search&pn=1

Categories:      

==============

Silent VIPRE agent MSI install
article #468, updated 3889 days ago

A great command line for silent install of VIPRE agents:

AgentInstaller-SITE-NAME-Workstations-General-EN.MSI /q /qn /promptrestart

Categories:      

==============

VIPRE Business agent checklist
article #469, updated 4206 days ago

This page will contain an ongoing list of items to check for agent installs, especially in the case of failure to install.

  1. Under XP, is Simple File Sharing enabled? If so, disabled it.
  2. Can telnet to the server (per name specified in the policy!) at port 18082? If not, there is a networking problem need fixing.
  3. Logs showing 1606 errors? Try this: http://support.microsoft.com/kb/886549
  4. A few others here: http://kb.gfi.com/articles/Skynet_Article/Agent-installation-failed

Categories:      

==============

VIPRE crash prevention registry key
article #452, updated 4255 days ago

The indomitable Liz Landry found this registry key, which should be used if VIPRE is causing PCs to bluescreen after installation. Go here:

HKLM\System\CurrentControlSet\Services\sbtis

Change the item inside named “Start” from 1 to 4.

Categories:      

==============

Connect to a remote VIPRE console
article #439, updated 4302 days ago

You can run a VIPRE console on your desktop PC, and connect it to a VIPRE server somewhere else, over LAN or WAN:

http://kb.gfi.com/articles/SkyNet_Article/How-to-connect-remote-consoles?retURL=%2Fapex%2FSupportHome&popup=true

Categories:      

==============

VIPRE Business, network configuration
article #90, updated 4439 days ago

Several ports may need to be opened in Windows Firewall, sometimes even if the service is turned off, and sometimes on both client and server. To accomplish this by command line, use these:

netsh firewall add portopening protocol=TCP port=18082 name=VIPRE_client_1
netsh firewall add portopening protocol=TCP port=18086 name=VIPRE_client_2
netsh firewall add portopening protocol=TCP port=18087 name=VIPRE_client_3
netsh firewall add portopening protocol=TCP port=18088 name=VIPRE_client_4

If you would like to have the above ports opened using an Active Directory group policy, edit the policy, go to Administrative Templates under Computer Configuration, then Network, Network Connections, and Windows Firewall.  Under both “Domain Profile” and “Standard Profile” you will find “Define Inbound Port Exceptions”.  In these, the following lines will be needed:

18082:TCP:*:enabled:VIPRE1
18086:TCP:*:enabled:VIPRE2
18087:TCP:*:enabled:VIPRE3
18088:TCP:*:enabled:VIPRE4

For our configuration of client install outside of the LAN, you’ll want port 591 added as a fifth item to the above, i.e., either this:

netsh firewall add portopening protocol=TCP port=18082 name=VIPRE_client_1
netsh firewall add portopening protocol=TCP port=18086 name=VIPRE_client_2
netsh firewall add portopening protocol=TCP port=18087 name=VIPRE_client_3
netsh firewall add portopening protocol=TCP port=18088 name=VIPRE_client_4
netsh firewall add portopening protocol=TCP port=591 name=VIPRE_client_5

or this:

18082:TCP:*:enabled:VIPRE1
18086:TCP:*:enabled:VIPRE2
18087:TCP:*:enabled:VIPRE3
18088:TCP:*:enabled:VIPRE4
591:TCP:*:enabled:VIPRE5

Categories:      

==============

"VIPRE Anywhere", VIPRE Business over the Internet
article #259, updated 4445 days ago

To configure VIPRE Business 5 to handle a laptop outside of the LAN, including installation of agents and automatic agent version updates, do this:

  1. Set up a router configuration where an external DNS name is pointed to the VIPRE server, for ports 18080-18088 as well as port 591 (and see related info below). Test it via a telnet on port 18082; if you press Enter, the server should respond.
  2. Set up a policy where that DNS name is specified as Policy and Update Server under Agent/Communication.
  3. Under the top-level server properties, under Agent Installation, make sure the port listed is set to 591. The default is 80, which is in use on many servers, certainly SBS.
  4. Create an MSI for the policy and copy it to the laptop.
  5. On the laptop, set up the necessary firewall exceptions to be found here.
  6. Install the MSI onto the laptop.

Categories: