So you want to uninstall Symantec EPP from your network? But you want to do it automatically, silently and without a reboot? It's possible. We recently migrated to Forefront Client Security, so I needed to uninstall Symantec EPP from all our computers. After doing some research, I found a VB script to do it automatically and silently. In addition, I Have edited the script to make it cleaner, not require a reboot, and also uninstall the LiveUpdate component.
Having this script...you have a couple different options to get the script running on each computer on the network. You can use SCCM [if you have it in place of course] or the powerful tool 'psExec' coupled with 'cscript'. Of course there are other methods, so choose whichever is better for your environment.
I can't go into detail on how to run the script with SCCM, but if you use 'psExec', which I did for most of the computers, you can use the following command:
psexec @C:\computers.txt -u domain\DomainAdminAccount -p ********* -e cscript.exe //B "\\server\shareName\removeSymantec.vbs"
Most of this command is self-explanatory, but if you're wondering...
-e - Does not load the specified account's profile.
@C:\computers.txt - computers.txt contains a list [1 per line] of all the computers you want to run the script on. psExec will parse through the file and execute on each computer 1 by 1.
cscript.exe - Allows you to run scripts via the command line.
//B - switch for the cscript command...specifies batch mode, which does not display alerts, scripting errors, or input prompts.
\\server\shareName\removeSymantec.vbs - As you may have guessed, we stored the VBS script on a share accessible by everyone.
*****************Below is the VBS script*****************
'Script to Silently/Automatically Uninstall Symantec EPP & LiveUpdate
'Registry scope is Local Machine
const HKEY_LOCAL_MACHINE = &H80000002
'Declare all variables
Dim oReg, strKeyPath, command, path, arrSubKeys, WshShell, subkey
'Create the Registry object
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
'Specify the path to the folder of keys we want to look through
strKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
'Use registry object to enumerate the list of keys and put them in an array [arrSubKeys]
oReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys
're-specify the path
path="SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
'Look in the SubKey array for a Uninstall ID key named "Symantec Endpoint Protection"
For Each subkey In arrSubKeys
'concatenate the correct srtrings in order to get the correct Key value
strKeyPath=strKeyPath + "\" + subkey +"\"
strValueName = "DisplayName"
'Use the registry object to get the expanded string value (ID) of the current subkey
oReg.GetExpandedStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
'If the current key is Symantec Endpoint Protection, get the full path/command
if strvalue="Symantec Endpoint Protection" then
strValueName = "UninstallString"
oReg.GetExpandedStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
command=strValue
End if
strKeyPath=path
Next
'Replaces the "MsiExec.exe /I" string with "MsiExec.exe /norestart /q/x"
'This will make it so it does not automatically reboot, and so it does
'it silently/automatically
command=Replace(command,"MsiExec.exe /I","MsiExec.exe /norestart /q/x")
'Add the "REMOVE=ALL" argument so that it uninstalls the LiveUpdate component too
command=command + " REMOVE=ALL"
'Create shell object
Set WshShell = WScript.CreateObject("WScript.Shell")
'Finally, run the command
'Full command it is executing [The ID may be different of course]:
'MsiExec.exe /norestart /q/x {530992D4-DDBA-4F68-8B0D-FF50AC57531B} REMOVE=ALL
WshShell.Run command
'Script END
*****************End of VBS script*****************
