Jump to content
Joe Lusk

Script to remove Symantec Cloud

Recommended Posts

Has anyone had any luck with this since the updates to Cloud Protection Agent. I had a script that ran SEPPrep.exe with the RemoveSymantec=Y option, but that no longer seems to work.  None of the msexec methods or wmi methods seem to work either.  Any ideas?

Share this post

Link to post
Share on other sites

I've hacked one together that works fairly well (albeit not an officially supported uninstall method from Symantec).  We use this as a last resort when the official ways to remove does not work...  This uses CEDAR from Symantec to clean the agent from the system.  I do some other stuff such as pre-removing the registry values that usually stop Symantec from uninstalling when it complains about pending actions.  I do this via an embeded batch file called from the LabTech Script:

:: 04/02/2019
:: Clears PendingFileRenameOperations Registry Key to allow Symantec AntiVirus to Uninstall

:: Delete Key
REG Delete "HKEY_LOCAL_MACHINE\System\currentcontrolset\control\session manager" /v PendingFileRenameOperations /f 2> nul

Here's the two important parts of the script (NOTE: The -silent is case sensitive and undocumented).



Let me know if you want the full thing and I will clean it up and export it.

  • Like 1

Share this post

Link to post
Share on other sites


I would love an export. I managed to get something working using AutoIT, but it is less than perfect and requires a user to be logged on.  This looks much better.  Thanks in advance. I am actually most curious about the pre-removal operations. Are you doing more than you identified there?

Edited by Joe Lusk

Share this post

Link to post
Share on other sites
On 10/8/2019 at 1:36 PM, mnewman said:

@DaysOfNoah was this script shared?

looking to remove this as well.

Sorry, did not realize I did not upload it.  It's attached and you will find it at AntiVirus > Symantec > Remove Symantec.Cloud
We use it to Remove Symantec.Cloud and Symantec Endpoint Protection Cloud Small Business Edition.

The script does the following:

  1. Downloads the latest CEDAR from Symantec.
  2. Clears the PendingFileRenameOperations registry key that loves to stop Symantec Installs/Uninstalls in their tracks.
  3. Runs the CEDAR command silently (UNDOCUMENTED -silent command line).
  4. Uploads the CEDAR log to the Automate server.
  5. Resends software configs.
  6. Emails tech who ran script if uninstalls fails with the CEDAR log.

NOTE: The script is not perfect.

There's two failures that seem to crop up:

Script will fail if Symantec Endpoint was in the weird upgrade phase where the new Cloud or Endpoint version was downloaded and was set to upgrade via the RunOnce style registry update.  What ends up happening is that you uninstall Symantec and the next reboot it reinstalls because the CEDAR does not clear the new install key.  I've not figure out a good workaround for this.

If Symantec is already corrupted (i.e. two versions made it onto the machine) the script may or may not clean up the corrupted versions.  You may end up with Symantec still showing as installed or launching upon subsequent reboots.  If that happens, it's on to the manual clean method: https://support.symantec.com/us/en/article.tech213385.html

Hope this is useful for someone...



Remove Symantec.Cloud.xml

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...