SyntaxHighlighter

Thursday 8 November 2012

Kaseya Script to Silently Uninstall Symantec Endpoint Protection

When managing a number of computers you will likely find that sometimes you have to do repetitive tasks on all computers.  The beauty of a management product like Kaseya is that this can all be automated.  The tricky part is in creating the automation.  One task that we had to do recently was install the Kaseya Endpoint Protection on all managed machines in an organisation in place of their existing product which was Symantec Endpoint Protection.  Unfortunately the script does require a little bit of initial setup but will undoubtedly save you time and save the end-user time.

This is the script:
 <?xml version="1.0" encoding="UTF-8"?>  
 -<ScriptExport xmlns="http://www.kaseya.com/vsa/2008/12/Scripting" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> -<Procedure folderId="41478115882164111128226629" id="1621104132" treePres="3" name="Uninstall Symantec Endpoint Protection"> -<Body description="This script will silently uninstall Symantec Endpoint Protection. ***Before use please confirm the uninstall key*** ***Uninstall key varies between OS and product versions*** See article below for further details. http://www.symantec.com/business/support/index?page=content&id=TECH105827&locale=en_US http://www.symantec.com/business/support/index?page=content&id=TECH102470"> -<Statement name="WriteScriptLogEntry" description="Write an Entry into the Procedure Log" continueOnFail="true"> <Parameter name="Comment" value="Starting Symantect Endpoint Protection uninstall" xsi:type="StringParameter"/> </Statement> -<Statement name="GetVariable" description="Edit this constant value with the Symantec Product Key found in the registry." continueOnFail="true" osType="Windows"> <Parameter name="VariableType" value="ConstantValue" xsi:type="EnumParameter"/> <Parameter name="SourceContent" value="{3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}" xsi:type="StringParameter"/> <Parameter name="VariableName" value="productkey" xsi:type="StringParameter"/> </Statement> -<If description=""> -<Condition name="CheckRegistryValue"> <Parameter name="RegistryPath" value="HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\#productkey#" xsi:type="StringParameter"/> <Parameter name="Condition" value="Exists" xsi:type="EnumParameter"/> <Parameter name="Value" value="" xsi:type="StringParameter"/> </Condition> -<Then> -<Statement name="ExecuteShellCommand" description="The value between {} is found in the registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall Search for the string with DisplayName = Symantec Endpoint Protection" continueOnFail="false" osType="Windows"> <Parameter name="Command" value="msiexec /x #productkey# /qn /norestart" xsi:type="StringParameter"/> <Parameter name="ExecuteAccount" value="System" xsi:type="EnumParameter"/> <Parameter name="Is64Bit" value="False" xsi:type="BooleanParameter"/> </Statement> -<Statement name="WriteScriptLogEntry" description="Write an Entry into the Procedure Log" continueOnFail="false"> <Parameter name="Comment" value="Symantec Endpoint Protection uninstall command completed successfully" xsi:type="StringParameter"/> </Statement> -<Statement name="Reboot with Warning message" description="Reboots a machine with a warning message to the user before the reboot." continueOnFail="true" osType="Windows"> <Parameter name="Parameter1" value="Symantec Anti-Virus has just been uninstalled. Your computer will restart in 15 minutes. Please save all work now." xsi:type="StringParameter"/> <Parameter name="Parameter2" value="15" xsi:type="StringParameter"/> </Statement> </Then> </If> -<Statement name="WriteScriptLogEntry" description="Write an Entry into the Procedure Log" continueOnFail="false" osType="Windows"> <Parameter name="Comment" value="Symantec Product key not found - uninstall procedure cancelled" xsi:type="StringParameter"/> </Statement> </Body> </Procedure> </ScriptExport>

Copy and paste it into Kaseya under Procedures > Import

The thing to bear in mind is that this script requires a registry key in order to perform the uninstall.  The key varies between OS and product versions so you will need to run this a few times if you have a mixed operating system environment.  Prior to running, use Kaseya LiveConnect (KLC) to look up the registry key as detailed in the Symantec article below and quoted here:
  1. In the Windows Registry Editor, expand the following key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
    This key contains many <Product Code> keys.
  2. In the left pane, click each <Product Code> key.*
  3. In the right pane, look at the DisplayName value.
  4. Find the <Product Code> key whose DisplayName value is Symantec Endpoint Protection
  5. Copy this <Product Code> and paste it into Step 2 of the procedure that begins "Create variable productkey" - on the right-hand side shown in the image below as {3C1AE....etc.}

*At this step you might find it easier to press F3 and search for "symantec" but this won't work in KLC.

See articles below for further details.
http://www.symantec.com/business/support/index?page=content&id=TECH105827&locale=en_US
http://www.symantec.com/business/support/index?page=content&id=TECH102470
Posted by Unknown at 10:18

3 comments:

  1. Unknown2 January 2013 at 10:41

    symantec endpoint protection 12.1 free trial,This blog is genuinely impressive in all aspects.

    Download symantec endpoint protection 12.1 free trial

    ReplyDelete
  2. Unknown9 November 2015 at 21:45

    This comment has been removed by the author.

    ReplyDelete
  3. Unknown9 November 2015 at 21:47

    There is no product code key. SEP 12.1 is pushed from the SEPM console.

    ReplyDelete

Subscribe to: Post Comments (Atom)