Endpoint Protection

Hi All,

Really hoping that posting here gets us the help we need!

We have multiple workstations (over 800+) that are currently running Symantec EndPoint Protection Cloud (SEPC) and we're wanting to get that software removed.

I've spent the last month trying to tinker and uninstall it, but have had no success and unfortunately 'technical' support have failed time and time again to provide a satisfactory response. At the moment the only suggestion we've had is to uninstall the software manually on each of the machines.

I'm hoping that by posting this, someone who has had some success will be able to help/provide guidance or if someone from Broadcom/Symantec could step in and get us a resolution.

The issue

Upon running the inststub.exe /x /arp you'll get the following page.

Steps I've Tried

I'll detail below the steps I've already tried:

• I've tried the CleanWipe, SepPrep and CEDAR tool - this can be run silently but these open the InstStub.exe.
• I've tried the NRT tool - this can't be run silently
• I've tried every switch I can think of with the InstStub.exe file (the uninstaller file) and had no success
• I've tried to decode the InstStub.exe (worrying stuff in this file btw..)
• I've tried to ProcessMonitor the uninstaller - no luck there.
• I've tried to use WMI call Uninstall for Symantec, but SEPC isn't listed.

Conclusion

We're needing an automatic way of removing this software from our machines without user intervention. We'd usually use GPO or SCCM or something along those lines, we use software which allows us to send scripts through to machines so anything that we can script or a workaround would be appreciated.

If you work for Broadcom, please do get in touch if you're able to provide info- as I'm sure my experience isn't 'the norm' and we're getting desperate for a solution.

Thanks in advance for your support.

I would love to see this as well.  I have about 1500 endpoints that I need to uninstall Symantec endpoint protection cloud from.
Original Message:
Sent: 04-15-2020 02:44 AM
From: Kevin Dunn
Subject: Symantec EndPoint Protection Cloud (SEPC) Uninstall

Hi All,

Really hoping that posting here gets us the help we need!

We have multiple workstations (over 800+) that are currently running Symantec EndPoint Protection Cloud (SEPC) and we're wanting to get that software removed.

I've spent the last month trying to tinker and uninstall it, but have had no success and unfortunately 'technical' support have failed time and time again to provide a satisfactory response. At the moment the only suggestion we've had is to uninstall the software manually on each of the machines.

I'm hoping that by posting this, someone who has had some success will be able to help/provide guidance or if someone from Broadcom/Symantec could step in and get us a resolution.

The issue

Upon running the inststub.exe /x /arp you'll get the following page.

This page prevents you from automating the process and I haven't found a successful way of bypassing this.

According to the official KB mass uninstallation is considered a security risk, however this is simply not true. Symantec offers mass uninstalls on their other products which wouldn't be the case if it was a security risk.

Steps I've Tried

I'll detail below the steps I've already tried:

• I've tried the CleanWipe, SepPrep and CEDAR tool - this can be run silently but these open the InstStub.exe.
• I've tried the NRT tool - this can't be run silently
• I've tried every switch I can think of with the InstStub.exe file (the uninstaller file) and had no success
• I've tried to decode the InstStub.exe (worrying stuff in this file btw..)
• I've tried to ProcessMonitor the uninstaller - no luck there.
• I've tried to use WMI call Uninstall for Symantec, but SEPC isn't listed.

Conclusion

We're needing an automatic way of removing this software from our machines without user intervention. We'd usually use GPO or SCCM or something along those lines, we use software which allows us to send scripts through to machines so anything that we can script or a workaround would be appreciated.

If you work for Broadcom, please do get in touch if you're able to provide info- as I'm sure my experience isn't 'the norm' and we're getting desperate for a solution.

Thanks in advance for your support.

I've gone through all the same steps and currently have a ticket with Broadcom previously worked with symantec with pretty much both teams giving out the same answer. 

I understand you are looking for assistance in automating a process that is currently manual. Your request seems to fall under one of two categories:
1. Custom Script
2. Enhancement Request

In both of these instances this falls outside of the scope our Enterprise Support team provides.

If you are seeking a custom script, this is something that can be obtained through working with our Consulting Services department. Enterprise Support does not provide custom scripts or support for any custom scripts.

If you are seeking to request a Feature or Enhancement Request, these should be submitted through our Community Forums channel.

For a full treatment of the scope of Enterprise Technical Support, please see our Support Reference Guide for more information.

Enterprise Technical Support is only one pillar in a larger support strategy intended to provide you with end to end assistance with your product needs. Our Technical Support team provides critical break/fix support for our products within a production environment.

For product installation, configuration, and setup where additional assistance is required, our Consulting Services department is best suited to help with these needs.

For training on how to administer any of our products, our Education Services department does an excellent job at providing industry leading training for any size organization.

For licensing and any non-technical issue or question, our GCA team can be contacted 24/7/365.

I will proceed with closing this case concern. If there are any further issues, please raise a new case concern.

Original Message:
Sent: 04-15-2020 02:44 AM
From: Kevin Dunn
Subject: Symantec EndPoint Protection Cloud (SEPC) Uninstall

Hi All,

Really hoping that posting here gets us the help we need!

We have multiple workstations (over 800+) that are currently running Symantec EndPoint Protection Cloud (SEPC) and we're wanting to get that software removed.

I've spent the last month trying to tinker and uninstall it, but have had no success and unfortunately 'technical' support have failed time and time again to provide a satisfactory response. At the moment the only suggestion we've had is to uninstall the software manually on each of the machines.

I'm hoping that by posting this, someone who has had some success will be able to help/provide guidance or if someone from Broadcom/Symantec could step in and get us a resolution.

The issue

Upon running the inststub.exe /x /arp you'll get the following page.

This page prevents you from automating the process and I haven't found a successful way of bypassing this.

According to the official KB mass uninstallation is considered a security risk, however this is simply not true. Symantec offers mass uninstalls on their other products which wouldn't be the case if it was a security risk.

Steps I've Tried

I'll detail below the steps I've already tried:

• I've tried the CleanWipe, SepPrep and CEDAR tool - this can be run silently but these open the InstStub.exe.
• I've tried the NRT tool - this can't be run silently
• I've tried every switch I can think of with the InstStub.exe file (the uninstaller file) and had no success
• I've tried to decode the InstStub.exe (worrying stuff in this file btw..)
• I've tried to ProcessMonitor the uninstaller - no luck there.
• I've tried to use WMI call Uninstall for Symantec, but SEPC isn't listed.

Conclusion

We're needing an automatic way of removing this software from our machines without user intervention. We'd usually use GPO or SCCM or something along those lines, we use software which allows us to send scripts through to machines so anything that we can script or a workaround would be appreciated.

If you work for Broadcom, please do get in touch if you're able to provide info- as I'm sure my experience isn't 'the norm' and we're getting desperate for a solution.

Thanks in advance for your support.

Did anyone find a solution for this?
Original Message:
Sent: 04-15-2020 02:44 AM
From: Kevin Dunn
Subject: Symantec EndPoint Protection Cloud (SEPC) Uninstall

Hi All,

Really hoping that posting here gets us the help we need!

We have multiple workstations (over 800+) that are currently running Symantec EndPoint Protection Cloud (SEPC) and we're wanting to get that software removed.

I've spent the last month trying to tinker and uninstall it, but have had no success and unfortunately 'technical' support have failed time and time again to provide a satisfactory response. At the moment the only suggestion we've had is to uninstall the software manually on each of the machines.

I'm hoping that by posting this, someone who has had some success will be able to help/provide guidance or if someone from Broadcom/Symantec could step in and get us a resolution.

The issue

Upon running the inststub.exe /x /arp you'll get the following page.

This page prevents you from automating the process and I haven't found a successful way of bypassing this.

According to the official KB mass uninstallation is considered a security risk, however this is simply not true. Symantec offers mass uninstalls on their other products which wouldn't be the case if it was a security risk.

Steps I've Tried

I'll detail below the steps I've already tried:

• I've tried the CleanWipe, SepPrep and CEDAR tool - this can be run silently but these open the InstStub.exe.
• I've tried the NRT tool - this can't be run silently
• I've tried every switch I can think of with the InstStub.exe file (the uninstaller file) and had no success
• I've tried to decode the InstStub.exe (worrying stuff in this file btw..)
• I've tried to ProcessMonitor the uninstaller - no luck there.
• I've tried to use WMI call Uninstall for Symantec, but SEPC isn't listed.

Conclusion

We're needing an automatic way of removing this software from our machines without user intervention. We'd usually use GPO or SCCM or something along those lines, we use software which allows us to send scripts through to machines so anything that we can script or a workaround would be appreciated.

If you work for Broadcom, please do get in touch if you're able to provide info- as I'm sure my experience isn't 'the norm' and we're getting desperate for a solution.

Thanks in advance for your support.

You have any way for suscess unistall ?
Original Message:
Sent: 10-19-2020 12:20 PM
From: Joe Frish
Subject: Symantec EndPoint Protection Cloud (SEPC) Uninstall

Did anyone find a solution for this?
Original Message:
Sent: 04-15-2020 02:44 AM
From: Kevin Dunn
Subject: Symantec EndPoint Protection Cloud (SEPC) Uninstall

Hi All,

Really hoping that posting here gets us the help we need!

We have multiple workstations (over 800+) that are currently running Symantec EndPoint Protection Cloud (SEPC) and we're wanting to get that software removed.

I've spent the last month trying to tinker and uninstall it, but have had no success and unfortunately 'technical' support have failed time and time again to provide a satisfactory response. At the moment the only suggestion we've had is to uninstall the software manually on each of the machines.

I'm hoping that by posting this, someone who has had some success will be able to help/provide guidance or if someone from Broadcom/Symantec could step in and get us a resolution.

The issue

Upon running the inststub.exe /x /arp you'll get the following page.

This page prevents you from automating the process and I haven't found a successful way of bypassing this.

According to the official KB mass uninstallation is considered a security risk, however this is simply not true. Symantec offers mass uninstalls on their other products which wouldn't be the case if it was a security risk.

Steps I've Tried

I'll detail below the steps I've already tried:

• I've tried the CleanWipe, SepPrep and CEDAR tool - this can be run silently but these open the InstStub.exe.
• I've tried the NRT tool - this can't be run silently
• I've tried every switch I can think of with the InstStub.exe file (the uninstaller file) and had no success
• I've tried to decode the InstStub.exe (worrying stuff in this file btw..)
• I've tried to ProcessMonitor the uninstaller - no luck there.
• I've tried to use WMI call Uninstall for Symantec, but SEPC isn't listed.

Conclusion

We're needing an automatic way of removing this software from our machines without user intervention. We'd usually use GPO or SCCM or something along those lines, we use software which allows us to send scripts through to machines so anything that we can script or a workaround would be appreciated.

If you work for Broadcom, please do get in touch if you're able to provide info- as I'm sure my experience isn't 'the norm' and we're getting desperate for a solution.

Thanks in advance for your support.

I don't have any confirmed answer, but I do have a sort of wacky suggestion.  First though, since it was April that this thread got started, it'd be great if previous posters could reply with what they ended up doing.  I also want to add that in the past week or so, Symantec sent out a 3-step email to customers that seems to outline a migration process from SEPC to SES (if that's your goal), but I haven't followed up on it since my customers are all taken care of already.  But up until then, I wasn't aware of any sort of technical migration path, I had been advised that the only options existing are to literally uninstall SEPC somehow and just install SES fresh.  I regret that I've advised the same on this forum a few times too, but hey, we go with what we know and FWIW Symantec senior leadership has openly acknowledged they've dropped the ball on communications, so, so be it.  Of course, this doesn't address if you're a customer just moving away from Symantec entirely.  

Anyway, my wacky suggestion is this, and it's an untested long shot to be sure.  A few years ago someone mentioned to me a bit of software called Auto IT.  It's kind of like scripting a GUI session.  You pre-record actions that you do with your mouse and keyboard, and they can be replayed on the same or a different computer.  If you can solve for how to execute this remotely, that's step 1.  

Then, in theory, if all visual settings on endpoints were made to be the same, temporarily of course, and somehow you could build in sufficient delays in Auto IT between steps requiring mouse/keyboard interaction, accounting for different computer/Internet speeds etc., maybe you can automate the process of using the GUI with mouse and keyboard to remove SEPC.  You'd' probably first need to run a script that resets display settings to a common value that all systems support, so the mouse clicks occur at the same position on each screen, and then follow that up with this Auto IT thing to remove SEPC.  then perhaps run a script to reset display settings to previous values........well, a big maybe on all this. 

This suggestion is almost not worth posting but maybe it'll prompt some enterprising IT person to consider things beyond regular scripting.  

I also wonder if Powershell could somehow be leveraged on this situation.  Beats me.  




​
Original Message:
Sent: 04-15-2020 02:44 AM
From: Kevin Dunn
Subject: Symantec EndPoint Protection Cloud (SEPC) Uninstall

Hi All,

Really hoping that posting here gets us the help we need!

We have multiple workstations (over 800+) that are currently running Symantec EndPoint Protection Cloud (SEPC) and we're wanting to get that software removed.

I've spent the last month trying to tinker and uninstall it, but have had no success and unfortunately 'technical' support have failed time and time again to provide a satisfactory response. At the moment the only suggestion we've had is to uninstall the software manually on each of the machines.

I'm hoping that by posting this, someone who has had some success will be able to help/provide guidance or if someone from Broadcom/Symantec could step in and get us a resolution.

The issue

Upon running the inststub.exe /x /arp you'll get the following page.

This page prevents you from automating the process and I haven't found a successful way of bypassing this.

According to the official KB mass uninstallation is considered a security risk, however this is simply not true. Symantec offers mass uninstalls on their other products which wouldn't be the case if it was a security risk.

Steps I've Tried

I'll detail below the steps I've already tried:

• I've tried the CleanWipe, SepPrep and CEDAR tool - this can be run silently but these open the InstStub.exe.
• I've tried the NRT tool - this can't be run silently
• I've tried every switch I can think of with the InstStub.exe file (the uninstaller file) and had no success
• I've tried to decode the InstStub.exe (worrying stuff in this file btw..)
• I've tried to ProcessMonitor the uninstaller - no luck there.
• I've tried to use WMI call Uninstall for Symantec, but SEPC isn't listed.

Conclusion

We're needing an automatic way of removing this software from our machines without user intervention. We'd usually use GPO or SCCM or something along those lines, we use software which allows us to send scripts through to machines so anything that we can script or a workaround would be appreciated.

If you work for Broadcom, please do get in touch if you're able to provide info- as I'm sure my experience isn't 'the norm' and we're getting desperate for a solution.

Thanks in advance for your support.

Hi All,

The uninstall for SEPC requires user intervention. There is no way around this, unfortunately. This was a decision made by the development team.

------------------------------
John Owens
Strategic Support Engineer | Symantec Enterprise Division (SED)
Symantec
United States
------------------------------

Original Message:
Sent: 04-15-2020 02:44 AM
From: Kevin Dunn
Subject: Symantec EndPoint Protection Cloud (SEPC) Uninstall

Hi All,

Really hoping that posting here gets us the help we need!

We have multiple workstations (over 800+) that are currently running Symantec EndPoint Protection Cloud (SEPC) and we're wanting to get that software removed.

I've spent the last month trying to tinker and uninstall it, but have had no success and unfortunately 'technical' support have failed time and time again to provide a satisfactory response. At the moment the only suggestion we've had is to uninstall the software manually on each of the machines.

I'm hoping that by posting this, someone who has had some success will be able to help/provide guidance or if someone from Broadcom/Symantec could step in and get us a resolution.

The issue

Upon running the inststub.exe /x /arp you'll get the following page.

This page prevents you from automating the process and I haven't found a successful way of bypassing this.

According to the official KB mass uninstallation is considered a security risk, however this is simply not true. Symantec offers mass uninstalls on their other products which wouldn't be the case if it was a security risk.

Steps I've Tried

I'll detail below the steps I've already tried:

• I've tried the CleanWipe, SepPrep and CEDAR tool - this can be run silently but these open the InstStub.exe.
• I've tried the NRT tool - this can't be run silently
• I've tried every switch I can think of with the InstStub.exe file (the uninstaller file) and had no success
• I've tried to decode the InstStub.exe (worrying stuff in this file btw..)
• I've tried to ProcessMonitor the uninstaller - no luck there.
• I've tried to use WMI call Uninstall for Symantec, but SEPC isn't listed.

Conclusion

We're needing an automatic way of removing this software from our machines without user intervention. We'd usually use GPO or SCCM or something along those lines, we use software which allows us to send scripts through to machines so anything that we can script or a workaround would be appreciated.

If you work for Broadcom, please do get in touch if you're able to provide info- as I'm sure my experience isn't 'the norm' and we're getting desperate for a solution.

Thanks in advance for your support.