locked
SCCM 2012: Symantec Endpoint Protection client is not automatically removed before Endpoint Protection is installed RRS feed

  • Question

  • All our Windows 7 computers are currently protected with Symantec Endpoint Protection 12 (ver. 12.1.1101.401 RU1 MP1).

    New System Center 2012 Configuration Manager has been setup and we’re planning to “push” configuration manager client package with Endpoint Protection option onto our clients’ mushiness.

    Configuration manager client settings are setup for: "automatic remove previously installed antimalware software before Endpoint Protection is installed."

    From what I can see, Configuration manager and Endpoint Protection clients have been successfully setup (in our test deployment OU) but Symantec client is not automatically uninstalled!!!

    Are there specific “tricks” needs to be done on SCCM server so Symantec client will be uninstalling automatically?! Our Symantec clients are not protected by a password.

    Right now I’m stuck with SCCM clients’ deployment because of this problem. Please help thanks in advance.

    Tuesday, September 25, 2012 6:41 AM

Answers

  • Endpoint Protection uninstalls the following antimalware software only:

    • Symantec AntiVirus Corporate Edition version 10
    • Symantec Endpoint Protection version 11
    • Symantec Endpoint Protection Small Business Edition version 12
    • McAfee VirusScan Enterprise version 8
    • Trend Micro OfficeScan
    • Microsoft Forefront Codename Stirling Beta 2
    • Microsoft Forefront Codename Stirling Beta 3
    • Microsoft Forefront Client Security v1
    • Microsoft Security Essentials v1
    • Microsoft Security Essentials 2010
    • Microsoft Forefront Endpoint Protection 2010
    • Microsoft Security Center Online v1

    If you have other Versions or Products you have to make a package for it to uninstall. Something like this article can tell you more about:

    http://anotherblabla.wordpress.com/2012/07/12/migrating-from-syamentec-12-to-forefront-endpoint-2012/


    Nicolai

    Wednesday, September 26, 2012 10:54 AM

All replies

  • Is there any Tamper Protection and Uninstall password on the Symantec solution? If so, this should be turned off before deploying SCEP.

    Nicolai

    Tuesday, September 25, 2012 7:25 AM
  • We are not using uninstall password and ‘Tamper Protection’ is disabled…

    ConfMgr clients (together with Endpoint Protection) are successfully deployed with Active Directory group policies..., and..., Symantec clients are still present on our client machines!!!  At which log file I need to look for possible case?

    Could someone please confirm that option “automatic remove of previously installed antimalware software (Symantec)” during the Endpoint Protection client deployment actually works?

    Wednesday, September 26, 2012 6:40 AM
  • Yes that option works but not with all antivirus software.

    Look at the EndpointProtectionAgent.log on the client for more information

    Wednesday, September 26, 2012 6:51 AM
  • Endpoint Protection uninstalls the following antimalware software only:

    • Symantec AntiVirus Corporate Edition version 10
    • Symantec Endpoint Protection version 11
    • Symantec Endpoint Protection Small Business Edition version 12
    • McAfee VirusScan Enterprise version 8
    • Trend Micro OfficeScan
    • Microsoft Forefront Codename Stirling Beta 2
    • Microsoft Forefront Codename Stirling Beta 3
    • Microsoft Forefront Client Security v1
    • Microsoft Security Essentials v1
    • Microsoft Security Essentials 2010
    • Microsoft Forefront Endpoint Protection 2010
    • Microsoft Security Center Online v1

    If you have other Versions or Products you have to make a package for it to uninstall. Something like this article can tell you more about:

    http://anotherblabla.wordpress.com/2012/07/12/migrating-from-syamentec-12-to-forefront-endpoint-2012/


    Nicolai

    Wednesday, September 26, 2012 10:54 AM
  • A bit disappointed that Symantec Endpoint Protection v.12 cannot be removed during Microsoft Endpoint install. When I went to the Microsoft SCCM 2012 road-show presentation they (Microsoft) told us that Endpoint client will get rid of “everything” during installation. What can I say…, don’t trust sales people.

    I’m new to SCCM 2012 and I don’t understand why this “uninstalls” of whatever we don’t want our clients to have on their computers have to be such a big deal?! It would be logical to distribute ConfMgr clients without Endpoint option first. Now, while we have full control of the clients machines ;-) we can create Symantec uninstall package which will be pushed (advertise) on to the clients computers. After Symantec client is removed from client computer, ConfMgr will install Endpoint module. Why we cannot do just that?! Or I’m missing something here?!

    Sunday, September 30, 2012 10:44 AM
  • Make sure you watch out for having dual installs.  We weren't aware of this either until a number of windows 7 users started saying logins were taking 20 minutes, they couldn't access network resources, couldn't print and so on.  Found out that EP and SEP were installed on both machines and causing the problems.  Once SEP was removed everything went back to normal. 
    Monday, October 1, 2012 2:57 PM
  • Hi, I'm having a similar problem, however it's with McAfee VirusScan Enterprise version 8.

    I have two computer's I'm testing the endpoint protection on and the Windows 7 PC uninstalled McAfee and installed the endpoint protection without any hangups or problems, however the Windows XP machine failed in the automatic run. The I tried the manual install and it again throws up the error that it can't uninstall it.

    I've been looking around and haven't really found any information and wondered if any of you know something about the difference with and XP machine. 


    • Edited by Winventures Thursday, November 29, 2012 6:18 PM
    Thursday, November 29, 2012 6:18 PM
  • Hello All,

    It's a known issue, not an SCCM issue because here it's an issue with password being set on Antivirus being installed on the machine itself (be it Symantec & McAfee).

    To confirm the same, please go to 'HKLM\Software\Microsoft\Windows\Uninstall' and find the uninstall GUID of antivirus.

    After that run below command:

    MsiExec.exe /x  <GUID> /l* c:\u.txt

    > So here basically we are trying to uninstall antivirus using it's uninstall code, if it prompts for a password then it's a clear indication that either user interaction is required here or admin needs to disable the password on machines so that Endpoint client can get installed , which is not SCCM's issue .

    -Prabhat

    Friday, August 30, 2013 4:00 PM
  • Nicolai, thanks for sharing the products and versions.

    In enterprises, usually there is a dedicated server for Antivirus products and their corresponding clients are deployed on workstations, and most of the time they are password protected so that user cannot remove the antivirus.

    I have seen 2-3 cases where in customers were using Symantec & McAfee and ran into similar sort of an issue because of password being set on antivirus, so first we had to take care of password from Antivirus server end and then all went smooth.

    Your comments on such scenario?

    Tuesday, December 10, 2013 8:00 PM
  • Hi,

    You need to remove any password protection for uninstall using the management console for that AV solution before upgrading as you write. then it works smooth.

    Regards,
    Jörgen


    -- My System Center blog ccmexec.com -- Twitter @ccmexec

    Wednesday, December 11, 2013 5:30 AM