Uninstall Symantec Endpoint Protection

Download JSON Download Python

Ratings

Release Time

03/05/2018

Downloads

1842 times

Update Time

05/15/2025

Views

2141 times

Share-it:

Tags

Security Symantec

This script is used to uninstall the Symantec Endpoint Protection on the Endpoint.

Run the script as the System user.

Procedure's Instructions

AppName=r'Symantec Endpoint Protection'

import os,ctypes,re,_winreg,time,platform,shutil
class disable_file_system_redirection:
    _disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
    _revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
    def __enter__(self):
        self.old_value = ctypes.c_long()
        self.success = self._disable(ctypes.byref(self.old_value))
    def __exit__(self, type, value, traceback):
        if self.success:
            self._revert(self.old_value)

def checkapp():
    import _winreg
    import os
    
    def DNDS(rtkey, pK, kA):
        ln = []
        lv = []
        try:
            oK = _winreg.OpenKey(rtkey, pK, 0, kA)
            i = 0
            while True:
                try:
                    bkey = _winreg.EnumKey(oK, i)
                    vkey = os.path.join(pK, bkey)
                    oK1 = _winreg.OpenKey(rtkey, vkey, 0, kA)
                    try:
                        tls = []
                        DN, bla = _winreg.QueryValueEx(oK1, 'DisplayName')
                        DV, bla = _winreg.QueryValueEx(oK1, 'DisplayVersion')
                        _winreg.CloseKey(oK1)
                        ln.append(DN)
                        lv.append(DV)
                    except:
                        pass
                    i += 1
                except:
                    break
            _winreg.CloseKey(oK)
            return zip(ln, lv)
        except:
            return zip(ln, lv)

rK = _winreg.HKEY_LOCAL_MACHINE
    sK = r'SYSTEM\CurrentControlSet\Control\Session Manager\Environment'
    openedKey = _winreg.OpenKey(rK, sK, 0, _winreg.KEY_READ)
    arch, bla = _winreg.QueryValueEx(openedKey, 'PROCESSOR_ARCHITECTURE')
    arch = str(arch)
    _winreg.CloseKey(openedKey)

if arch == 'AMD64':
        fList = DNDS(_winreg.HKEY_LOCAL_MACHINE, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_WOW64_32KEY | _winreg.KEY_READ)
        fList.extend(DNDS(_winreg.HKEY_LOCAL_MACHINE, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_WOW64_64KEY | _winreg.KEY_READ))
        fList.extend(DNDS(_winreg.HKEY_CURRENT_USER, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_WOW64_32KEY | _winreg.KEY_READ))
        fList.extend(DNDS(_winreg.HKEY_CURRENT_USER, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_WOW64_64KEY | _winreg.KEY_READ))
    else:
        fList = DNDS(_winreg.HKEY_LOCAL_MACHINE, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_READ)
        fList.extend(DNDS(_winreg.HKEY_CURRENT_USER, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_READ))
    fList = set(fList)

lr = []
    rs = 0
    for i in fList:
        a, b = i
        if AppName.lower() in a.lower():
            lr.append('success: {} is installed'.format(a))
            lr.append('{:<25}{:5}'.format(a, b))
            rs += 1
        else:
            rs += 0
    if rs:
        return True
    return False

def reg():

blacklist=AppName

def collectprograms(rtkey,pK,kA):
        try:
            list=[]
            oK=_winreg.OpenKey(rtkey,pK,0,kA)
            i=0
            while True:
                try:
                    bkey=_winreg.EnumKey(oK,i)
                    vkey=os.path.join(pK,bkey)
                    oK1=_winreg.OpenKey(rtkey,vkey,0,kA)
                    try:
                        DN,bla=_winreg.QueryValueEx(oK1,'DisplayName')
                        inlist=[DN.strip(), vkey, pK]
                        list.append(inlist)
                        
                    except:
                        pass
                    i+=1
                except:
                    break
        except:
            pass
        return list

uninstallkey_32='SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall'

if 'PROGRAMFILES(X86)' in os.environ.keys():
        
        rklist=[(_winreg.HKEY_LOCAL_MACHINE,uninstallkey_32,_winreg.KEY_WOW64_32KEY | _winreg.KEY_READ),
                (_winreg.HKEY_LOCAL_MACHINE,uninstallkey_32,_winreg.KEY_WOW64_64KEY | _winreg.KEY_READ),
                (_winreg.HKEY_CURRENT_USER,uninstallkey_32,_winreg.KEY_WOW64_32KEY | _winreg.KEY_READ),
                (_winreg.HKEY_CURRENT_USER,uninstallkey_32,_winreg.KEY_WOW64_64KEY | _winreg.KEY_READ)]
    else:
        
        rklist=[(_winreg.HKEY_LOCAL_MACHINE,uninstallkey_32,_winreg.KEY_READ),
                (_winreg.HKEY_CURRENT_USER,uninstallkey_32,_winreg.KEY_READ)]

bet=[]
    for i in rklist:
        col=collectprograms(i[0], i[1], i[2])
        for c in col:
            if blacklist in c:
                bet.append(c[1])

if not bet:
        print "Please blacklist Valid Installed Software"
    else:
        for i in bet:
            j=i.replace(" ", '" "')
            v='\\'
            path="HKEY_LOCAL_MACHINE"+v+i
            path1="HKEY_LOCAL_MACHINE"+v+j
            got=path1
            
            
    return got

def event():
    k=os.popen('''wevtutil qe Application /rd:true /c:1 /f:text  /q:"*[System[(EventID=11724) and Provider[@Name='MsiInstaller']]]" |findstr /i "Symantec"''').read().strip().split('\n')
    k=filter(None, k)
    if len(k)!=0:
        print "\t\t*)",' '.join(k)

def event2():
    k1=os.popen('''wevtutil qe Application /rd:true /c:1 /f:text  /q:"*[System[(EventID=11725) and Provider[@Name='MsiInstaller']]]" |findstr /i "Symantec"''').read().strip().split('\n')
    k1=filter(None, k1)
    if len(k1)!=0:
        print "\t\t*)",' '.join(k1)
        
        
def Uninstall_SEP():
    with disable_file_system_redirection():
        fin=reg()
        fina=fin.split('\\')[-1]
        guid=re.findall('{.*}',fina)[0]
        if guid:
            us='MsiExec.exe /X '+guid+' /quiet REBOOT=ReallySuppress REMOVE=ALL'
            out=os.popen(us).read()
            time.sleep(5)
            inst1=checkapp()
            if inst1:
                event2()
            else:
                event()
        else:
            print "GUID reporting Error"
print "%s Uninsalltion Script: \n"%(AppName)
inst1=checkapp()
if inst1:
    print "\t*)%s is installed at the Endpoint\n"%(AppName)
    print "\t*)Uninstallation of %s Started:\n"%(AppName)
    Uninstall_SEP()
else:
    print "\t*)%s is not installed at the Endpoint\n"%(AppName)

 
AppName=r'Symantec Endpoint Protection'
​
import os,ctypes,re,_winreg,time,platform,shutil
class disable_file_system_redirection:
    _disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
    _revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
    def __enter__(self):
        self.old_value = ctypes.c_long()
        self.success = self._disable(ctypes.byref(self.old_value))
    def __exit__(self, type, value, traceback):
        if self.success:
            self._revert(self.old_value)
​
​
def checkapp():
    import _winreg
    import os
    
    def DNDS(rtkey, pK, kA):
        ln = []
        lv = []
        try:
            oK = _winreg.OpenKey(rtkey, pK, 0, kA)
            i = 0
            while True:
                try:
                    bkey = _winreg.EnumKey(oK, i)
                    vkey = os.path.join(pK, bkey)
                    oK1 = _winreg.OpenKey(rtkey, vkey, 0, kA)
                    try:
                        tls = []
                        DN, bla = _winreg.QueryValueEx(oK1, 'DisplayName')
                        DV, bla = _winreg.QueryValueEx(oK1, 'DisplayVersion')
                        _winreg.CloseKey(oK1)
                        ln.append(DN)
                        lv.append(DV)
                    except:
                        pass
                    i += 1
                except:
                    break
            _winreg.CloseKey(oK)
            return zip(ln, lv)
        except:
            return zip(ln, lv)
​
    rK = _winreg.HKEY_LOCAL_MACHINE
    sK = r'SYSTEM\CurrentControlSet\Control\Session Manager\Environment'
    openedKey = _winreg.OpenKey(rK, sK, 0, _winreg.KEY_READ)
    arch, bla = _winreg.QueryValueEx(openedKey, 'PROCESSOR_ARCHITECTURE')
    arch = str(arch)
    _winreg.CloseKey(openedKey)
​
    if arch == 'AMD64':
        fList = DNDS(_winreg.HKEY_LOCAL_MACHINE, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_WOW64_32KEY | _winreg.KEY_READ)
        fList.extend(DNDS(_winreg.HKEY_LOCAL_MACHINE, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_WOW64_64KEY | _winreg.KEY_READ))
        fList.extend(DNDS(_winreg.HKEY_CURRENT_USER, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_WOW64_32KEY | _winreg.KEY_READ))
        fList.extend(DNDS(_winreg.HKEY_CURRENT_USER, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_WOW64_64KEY | _winreg.KEY_READ))
    else:
        fList = DNDS(_winreg.HKEY_LOCAL_MACHINE, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_READ)
        fList.extend(DNDS(_winreg.HKEY_CURRENT_USER, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_READ))
    fList = set(fList)
​
    lr = []
    rs = 0
    for i in fList:
        a, b = i
        if AppName.lower() in a.lower():
            lr.append('success: {} is installed'.format(a))
            lr.append('{:<25}{:5}'.format(a, b))
            rs += 1
        else:
            rs += 0
    if rs:
        return True
    return False
​
def reg():
​
    blacklist=AppName
​
    def collectprograms(rtkey,pK,kA):
        try:
            list=[]
            oK=_winreg.OpenKey(rtkey,pK,0,kA)
            i=0
            while True:
                try:
                    bkey=_winreg.EnumKey(oK,i)
                    vkey=os.path.join(pK,bkey)
                    oK1=_winreg.OpenKey(rtkey,vkey,0,kA)
                    try:
                        DN,bla=_winreg.QueryValueEx(oK1,'DisplayName')
                        inlist=[DN.strip(), vkey, pK]
                        list.append(inlist)
                        
                    except:
                        pass
                    i+=1
                except:
                    break
        except:
            pass
        return list
​
        
    uninstallkey_32='SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall'
​
    if 'PROGRAMFILES(X86)' in os.environ.keys():
        
        rklist=[(_winreg.HKEY_LOCAL_MACHINE,uninstallkey_32,_winreg.KEY_WOW64_32KEY | _winreg.KEY_READ),
                (_winreg.HKEY_LOCAL_MACHINE,uninstallkey_32,_winreg.KEY_WOW64_64KEY | _winreg.KEY_READ),
                (_winreg.HKEY_CURRENT_USER,uninstallkey_32,_winreg.KEY_WOW64_32KEY | _winreg.KEY_READ),
                (_winreg.HKEY_CURRENT_USER,uninstallkey_32,_winreg.KEY_WOW64_64KEY | _winreg.KEY_READ)]
    else:
        
        rklist=[(_winreg.HKEY_LOCAL_MACHINE,uninstallkey_32,_winreg.KEY_READ),
                (_winreg.HKEY_CURRENT_USER,uninstallkey_32,_winreg.KEY_READ)]
​
    bet=[]
    for i in rklist:
        col=collectprograms(i[0], i[1], i[2])
        for c in col:
            if blacklist in c:
                bet.append(c[1])
​
    if not bet:
        print "Please blacklist Valid Installed Software"
    else:
        for i in bet:
            j=i.replace(" ", '" "')
            v='\\'
            path="HKEY_LOCAL_MACHINE"+v+i
            path1="HKEY_LOCAL_MACHINE"+v+j
            got=path1
            
            
    return got
​
​
​
def event():
    k=os.popen('''wevtutil qe Application /rd:true /c:1 /f:text  /q:"*[System[(EventID=11724) and Provider[@Name='MsiInstaller']]]" |findstr /i "Symantec"''').read().strip().split('\n')
    k=filter(None, k)
    if len(k)!=0:
        print "\t\t*)",' '.join(k)
​
​
def event2():
    k1=os.popen('''wevtutil qe Application /rd:true /c:1 /f:text  /q:"*[System[(EventID=11725) and Provider[@Name='MsiInstaller']]]" |findstr /i "Symantec"''').read().strip().split('\n')
    k1=filter(None, k1)
    if len(k1)!=0:
        print "\t\t*)",' '.join(k1)
        
        
def Uninstall_SEP():
    with disable_file_system_redirection():
        fin=reg()
        fina=fin.split('\\')[-1]
        guid=re.findall('{.*}',fina)[0]
        if guid:
            us='MsiExec.exe /X '+guid+' /quiet REBOOT=ReallySuppress REMOVE=ALL'
            out=os.popen(us).read()
            time.sleep(5)
            inst1=checkapp()
            if inst1:
                event2()
            else:
                event()
        else:
            print "GUID reporting Error"
print "%s Uninsalltion Script: \n"%(AppName)
inst1=checkapp()
if inst1:
    print "\t*)%s is installed at the Endpoint\n"%(AppName)
    print "\t*)Uninstallation of %s Started:\n"%(AppName)
    Uninstall_SEP()
else:
    print "\t*)%s is not installed at the Endpoint\n"%(AppName)
​
​

Comments

No Comments.

Uninstall Symantec Endpoint Protection

Comments

Leave a Comment