Posted by: David | June 14, 2011

Symantec Endpoint Protection (SEP) Removal Script and Trend Installation

I had to migrate a network away from Symantec AV today and over to Trend.

After a couple of test installs I found that Trend wasn’t at all reliable at removing SEP before installing Trend, so with lots of PC’s to migrate I took to the vbs. This script will search the Registry for the Symantec Product GUID and then invoke the MSI uninstallation.

The return code for the uninstallation is also logged, allowing you to keep track of results.

Once the uninstallation is complete the Trend installer is invoked to install the Trend MSI (this was created from the Trend Console, but I also tested this using the Autopcc method but this proved less reliable on the Windows XP machines)

If the script does not detect Symantec is installed it will install the Trend client if it is not already installed, so you can leave this running on your network to ensure all machines are covered by AV.

I set the script up as a Computer Start Up script as this is invoked with the local SYSTEM account and has permissions to install / remove software.

The Code:

' Title: Script to Migrate from SEP to Trend
' Last Updated: 12/06/2011
' Written By: David Gardner
' Version: 1.0
' Description: VBS to Uninstall Symantec Endpoint Protection and install Trend

'Set Constants for Various HKEY
Const HKCU = &H80000001
Const HKLM = &H80000002

'Obtain Computer Name for Logging
Set wshShell = WScript.CreateObject( "WScript.Shell" )
strComputerName = wshShell.ExpandEnvironmentStrings( "%COMPUTERNAME%" )

'Set Debugging Level
DEBUG_LEVEL = 3 ' set to -1 to disable debugging messages
DEBUG_FILE = "\avsrv01trendinstlog" & strComputerName & ".log"

sep = "Symantec Endpoint Protection"
trend = "Trend Micro Worry-Free Business Security Agent"
x64inst = "\dcsrv01netlogontrendtrend64bit.msi"
x86inst = "\dcsrv01netlogontrendtrend32bit.msi"

softwarekey = checkforsoftware(sep)
If softwarekey FALSE then
DEBUG 2,"Running MSI uninstall of SEP"
Set WshShell = WScript.CreateObject("WScript.Shell")
OsType = WshShell.RegRead("HKLMSYSTEMCurrentControlSet" _
& "ControlSession ManagerEnvironmentPROCESSOR_ARCHITECTURE")
DEBUG 2,"OS Type =" & OsType
removalstring ="c:windowssystem32msiexec.exe /x" _
& softwarekey & " /quiet /norestart"
DEBUG 2,"Uninstall command: " & removalstring
intReturn = WshShell.Run(removalstring, 8, TRUE)
DEBUG 2,"SEP Removal Complete, Return code: " & intreturn
DEBUG 2,"Installing Trend Client"
Set WshShell = WScript.CreateObject("WScript.Shell")
if OsType = "x86" then
DEBUG 2,"Running installation for 32-Bit Architecture"
trendinststring="c:windowssystem32msiexec.exe /i" _
& x86inst & " /quiet /norestart"
else
DEBUG 2,"Running installation for 64-Bit Architecture"
trendinststring="c:windowssystem32msiexec.exe /i" _
& x64inst & " /quiet /norestart"
end if
intReturn = WshShell.Run(trendinststring, 8, TRUE)
DEBUG 2,"Trend Installation Complete, Return code: " & intreturn
else
DEBUG 2,"Symantec Endpoint Protection Not Installed"
DEBUG 2,"Checking for Trend"
softwarekey = checkforsoftware(trend)
DEBUG 2,"Trend Check Key: " & softwarekey
If softwarekey = "False" then
Set WshShell = WScript.CreateObject("WScript.Shell")
OsType = WshShell.RegRead("HKLMSYSTEMCurrentControlSet" _
& "ControlSession ManagerEnvironmentPROCESSOR_ARCHITECTURE")
DEBUG 2,"OS Type =" & OsType
DEBUG 2,"Installing Trend Client"
if OsType = "x86" then
DEBUG 2,"Running installation for 32-Bit Architecture"
trendinststring="c:windowssystem32msiexec.exe /i" _
& x86inst & " /quiet /norestart"
else
DEBUG 2,"Running installation for 64-Bit Architecture"
trendinststring="c:windowssystem32msiexec.exe /i" _
& x64inst & " /quiet /norestart"
end if
intReturn = WshShell.Run(trendinststring, 8, TRUE)
DEBUG 2,"Trend Installation Complete, Return code: " & intreturn
else
DEBUG 2,"Trend Installed"
end if
end if

function DEBUG(intMessageLevel, strMessage)
if (DEBUG_LEVEL >= intMessageLevel) then
select case intMessageLevel
case -1 strSeverity = "CRITICAL"
case 0 strSeverity = "ERROR"
case 1 strSeverity = "WARN"
case 2 strSeverity = "INFO"
case 3 strSeverity = "DEBUG"
end select
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objlogfile = objFSO.OpenTextFile(DEBUG_FILE, 8, True)
objlogfile.WriteLine(now() & " - " & strSeverity & ": " & strMessage)
objlogfile.Close
SET objFSO = NOTHING
SET logfile = NOTHING
end if
end function

function checkforsoftware(software)
'Create object to open regisrty on local computer
Set objReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\" _
& ".rootdefault:StdRegProv")

'Set location and Software name to look for
strKeyPath = "SOFTWAREMicrosoftWindowsCurrentVersionUninstall"

'Enumerate all subkeys of strkeypath
DEBUG 2,"Enumerating Software from Registry"
objReg.EnumKey HKLM, strKeyPath, arrInstalledSoftware

'Search to See if Endpoint Protection is installed
For Each subkey In arrInstalledSoftware
strFullPath = strKeyPath & "" & subkey
objReg.GetStringValue HKLM,strFullPath,"DisplayName",strSoftName
If Not IsNull(strSoftName) Then
if instr(ucase(strSoftname),ucase(software)) > 0 then
DEBUG 2,"Found: " & strSoftName
DEBUG 2,"MSI: " & subkey
sepmsi = subkey
checkforsoftware = subkey
foundsoft = 1
end if
end if
If foundsoft 1 then
checkforsoftware = FALSE
end if
Next
end function

Advertisements

Responses

  1. I just found your post. I am having similar issues with SEP removal via the Trend installer. I am using the hosted “Worry Free” edition of Trend. Do you think your script will work with that MSI installer as well? I am going to give it a shot either way. Wondered if you had any experience with it

    • Hi I have used this with worry free business secuirty.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: