Quick Fix: Uninstall Symantec Endpoint Protection Remotely

powershell2xa4Finally moving my last client from Symantec SEPM to Trend Micros WFBS Hosted platform. It was a small SEPM deployment, only 7 clients and a server but i was surprised to be reminded that SEPM has no ‘uninstall’ tool from their console. So much for centralised management.

I did a lot of searching around for a reliable solution, most of which came back to using MSIEXEC from a command line.

There are various ways of course to execute a command on a remote machine, you can use PSTools’, PSExec for example, but i prefer to use PowerShell where i can.

I already had the machines on the network configured for PowerShell Remoting, so connecting to them was not a challenge.

The challenge i had was that on several clients it seemed Symantec had a different IdentifyingNumber (IN), which is the GUID used by Windows to identify the product.

As there were only 7 client machines i did a lot more of this manually than perhaps i needed to.

Firstly i found the right IdentifyingNumber from each PC.

$computers = “pc1”,”pc2”,”pc3”,”pc4”,”pc5”,”pc6”,”pc7”
foreach ($computer in $computers)
$session = new-pssession $computer
Invoke-Command -Session $session -ScriptBlock { GWMI Win32_Product | where{$_.Caption -like "*Symantec*"}
Get-PsSession | Remove-PsSession

This will output all of the relevant information regarding Symantec from each PC in turn.

You should see something like this:

IdentifyingNumber : {B53661DC-CD94-4B14-B15F-D9DDCFF72558}
Name              : Symantec Endpoint Protection
Vendor            : Symantec Corporation
Version           : 12.1.4013.4013
Caption           : Symantec Endpoint Protection
PSComputerName    : pc1

Once you have the IN you can then amend your original command to the following:

$computers = “pc1”,”pc2”,”pc3”,”pc4”,”pc5”,”pc6”,”pc7”
foreach ($computer in $computers)
$session = new-pssession $computer
Invoke-Command -Session $session -ScriptBlock { msiexec /x “{B53661DC-CD94-4B14-B15F-D9DDCFF72558}” /qb  
Get-PsSession | Remove-PsSession

As i said given i only had 7 client computers to worry about i did a bit more of this manually than perhaps i needed to, if you had a lot more computers, and found you had a lot more varying IN (turns out i only had two) you could tweak this command to find the relevant IN and process it immediately by doing something like this..

Invoke-Command -Session $session -ScriptBlock { $in = (GWMI Win32_Product | where{$_.Caption -like “*symantec*”}).IdentifyingNumber; msiexec /x “$in” /qb}

By adding in a semicolon we can of course add a second line to our ScriptBlock and make the process a little more automated.

Anyways, i hope this may help you remove Symantec from your machines a little faster!

About Robert Pearman
Robert Pearman is a UK based Small Business Server enthusiast. He has been working within the SMB IT Industry for what feels like forever. Robert likes Piña colada and taking walks in the rain, on occasion he also enjoys writing about Small Business Technology like Windows Server Essentials or more recently writing PowerShell Scripts. If you're in trouble, and you can find him, maybe you can ask him a question.

2 Responses to Quick Fix: Uninstall Symantec Endpoint Protection Remotely

  1. MattyIce says:

    Thanks Robert, years later this post is still very helpful!

  2. Jay says:

    Hello, So is there a way to have the IN number be added to the 2nd part of the script so we can automate it? I tried myself and don’t get an error, it just doesnt remove symantic at all

Leave a reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: