Quick Fix: Uninstall Symantec Endpoint Protection Remotely
January 22, 2015 2 Comments
Finally moving my last client from Symantec SEPM to Trend Micros WFBS Hosted platform. It was a small SEPM deployment, only 7 clients and a server but i was surprised to be reminded that SEPM has no ‘uninstall’ tool from their console. So much for centralised management.
I did a lot of searching around for a reliable solution, most of which came back to using MSIEXEC from a command line.
There are various ways of course to execute a command on a remote machine, you can use PSTools’, PSExec for example, but i prefer to use PowerShell where i can.
I already had the machines on the network configured for PowerShell Remoting, so connecting to them was not a challenge.
The challenge i had was that on several clients it seemed Symantec had a different IdentifyingNumber (IN), which is the GUID used by Windows to identify the product.
As there were only 7 client machines i did a lot more of this manually than perhaps i needed to.
Firstly i found the right IdentifyingNumber from each PC.
$computers = “pc1”,”pc2”,”pc3”,”pc4”,”pc5”,”pc6”,”pc7”
foreach ($computer in $computers)
{
$session = new-pssession $computer
Invoke-Command -Session $session -ScriptBlock { GWMI Win32_Product | where{$_.Caption -like "*Symantec*"} }
Get-PsSession | Remove-PsSession
}
This will output all of the relevant information regarding Symantec from each PC in turn.
You should see something like this:
IdentifyingNumber : {B53661DC-CD94-4B14-B15F-D9DDCFF72558}
Name : Symantec Endpoint Protection
Vendor : Symantec Corporation
Version : 12.1.4013.4013
Caption : Symantec Endpoint Protection
PSComputerName : pc1
Once you have the IN you can then amend your original command to the following:
$computers = “pc1”,”pc2”,”pc3”,”pc4”,”pc5”,”pc6”,”pc7”
foreach ($computer in $computers)
{
$session = new-pssession $computer
Invoke-Command -Session $session -ScriptBlock { msiexec /x “{B53661DC-CD94-4B14-B15F-D9DDCFF72558}” /qb }
Get-PsSession | Remove-PsSession
}
As i said given i only had 7 client computers to worry about i did a bit more of this manually than perhaps i needed to, if you had a lot more computers, and found you had a lot more varying IN (turns out i only had two) you could tweak this command to find the relevant IN and process it immediately by doing something like this..
Invoke-Command -Session $session -ScriptBlock { $in = (GWMI Win32_Product | where{$_.Caption -like “*symantec*”}).IdentifyingNumber; msiexec /x “$in” /qb}
By adding in a semicolon we can of course add a second line to our ScriptBlock and make the process a little more automated.
Anyways, i hope this may help you remove Symantec from your machines a little faster!
About Robert Pearman
Title (Required) 
Thanks Robert, years later this post is still very helpful!
Hello, So is there a way to have the IN number be added to the 2nd part of the script so we can automate it? I tried myself and don’t get an error, it just doesnt remove symantic at all