1

Hello,

For some reason, our higher ups decided to change Endpoint Security. We have more than 400 pc’s in the office installed with Eset endpoint security. Is there any way to uninstall this remotely to save time.

Thanks

11 Spice ups
2

Most AV and security software usually have a tamper-proof solution built-in so that viruses and/or malware payloads do not remove or disable them.

However you maybe able to run “un-installers” if they are available. If these “un-installers” are available, then I would use deployment tools like PDQ to run them.

On the other hand, do check if the new product also have installers and checkers such that they can also un-install other products if discovered.

2 Spice ups
3

You may be able to trigger uninstall from the management console.

3 Spice ups
4

The Eset management product has a thingie (I forget what the name of the tool is) but if you pretend like you’re installing the product new, it will scan the network and find all the the computers and install a little secondary tool. It’s like the (Rogue scanner or something like that)…

That tool will uninstall the product. It actually would likely let you install the new product believe it or not. It allows you to remotely execute any code you want from the console one you have it installed on the computer. It runs as a separate process. Sort of like a remote task scheduler for all the computers.

2 Spice ups
5

I found an msiexec command to uninstall the eset, " MsiExec.exe /qn /norestart /X{7455BEA3-6EC2-424D-9FFC-C47529FDE10D}"

any idea how to execute this command on pqd deploy for all computers?

Thanks

6

In PDQ Deploy…there are 2 ways…

  • run command remotely

  • create a batch file and run the batch file

…Edit…

There is eset uninstaller tool…run it using PDQ deploy instead.

7

BTW the command line does not seem right as it includes a registry string…the product maybe installed in different system using different strings ?

Is there an eset uninstaller instead ?

https://support.eset.com/kb2289/

1 Spice up
8

Thanks for the replies everyone.

Capture.png
Capture.png800×11 11.2 KB

not sure if the image can be viewed but i got the command using PQD inventory.

Uninstall: MsiExec.exe /qn /norestart /X{7455BEA3-6EC2-424D-9FFC-C47529FDE10D}

Registry Hive: HKEY_LOCAL_MACHINE

Registry Path: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{7455BEA3-6EC2-424D-9FFC-C47529FDE10D}

Tried using just " MsiExec.exe /qn /norestart /X{7455BEA3-6EC2-424D-9FFC-C47529FDE10D} " but majority has failed to uninstall.

1.png
1.png800×457 101 KB
9

How can i run the uninstaller on silent mode?

edit:

Running uninstaller cant seem to work since it involves some tweaking on the client pc, safe mode, depending on its OS.

10

Most AV removal cannot be run in silent mode or should not be as AV are very important components in the system. Furthermore it will need to remove components that are in use and therefore need a reboot…where Windows Defender usually takes over (unless like in Win7 or earlier, the system will be totally unprotected).

The last thing you want is to remove the AV, then one user goes to a website (or the system already running malware) and then you have an explosion from within.

This is why we usually do AV switch-over during lunch, at the end of the business day (IT takes over when users leave) or have things like WOL (wake on LAN).

2 Spice ups
11

I know a lot of people totally dislike Symantec Enterprise AV & security products…

  • They are slow and heavy as they can systems areas, system files and user files very throughly

  • It comes with a deployment tool that can scan network, domain (via DCs) or even via installed agents

  • It have a set of un-installers for most other AV or competitor products (come on…its Symantec or Norton utilities…system tools were where it all began for them)

1 Spice up
12

So I will poke the little pink elephant in the room and ask “What A/V did your higher ups decide to go with? and was there no discussion with the IT dept of this leading up to this… this sounds like there would have been some heavy meetings and discussions surrounding this and not just… hey lets choose a different a/v since this company has a cooler logo or actually protects better”

13

If I remember correctly, almost every AV has a management software which can be used to safely install and uninstall the Endpoint Clients. As well as remotely configure them. This Tool as well handels the Licensing. Why did you not use that? Much easier than PDQ.

If your company changes to Norton, there surely is a Software for that. Does not always work well and Symantec has a lot of sh… coming with it… but the deployment will be fast. Just install it on a Server (not DC) configure it to work with your AD and you are good to go. This Software asks Passwords every time, but you can create Jobs with all Computers to install in it, so look out for that option.

1 Spice up
14

Failed is definitely a thing. You probably don’t want to hear this, but you likely want to go around and remove it with the Eset uninstaller in safe mode or at least be sure that it’s gone because if you install something else over top (I specifically had this issue with Trend Micro after Eset) the computer won’t boot anymore. Yay!

Only solution was to boot into safemode, run the eset uninstall tool, remove, reboot, install TM.

15

Our solution Action1 will help you Remotely uninstall software on any quantity of computers at once from the Cloud. It works similarly to using wmic to uninstall software remotely , but it provides a convenient and centralized way to manage batch uninstall software.

1 Spice up
16

Hello,

I would suggest contacting ESET’s business support. They should be able to tell you how to perform the uninstallation task from their management interface, or provide a scriptable command if you are not using that.

Regards,

Aryeh Goretsky

17

Thanks for all the replies.

I manage to uninstall all ESET Endpoint Using PDQ and Deploy Crowdstrike Falcon Sensor using the same tool.

1 Spice up