Jump to content

Symantec Endpoint Protection Uninstall

Recommended Posts

So my company has several thousand endpoints which we are moving away from SEP, however the endpoints have passwords on them and are not communicating with the manager properly. I need to remotely uninstall the program.


Here is what I have thus far.

Run ("MsiExec.exe /norestart /qb /x{8A02B375-AA8C-422D-A230-D3E6BABFABB5} SYMREBOOT=REALLYSUPRESS")

$enter = WinWait("Please enter the uninstall password:")


Sleep (2000)

ControlSend ($enter:, "", "[ID:1000]", "PASSWORD")
Send ("{Enter}")


The problem is that the Password is not being passed to the window. I have tried send, controlsend etc with various uses of the information window.

Title: Please enter the uninstall password:

Class: #32770

Position: 646, 386

Handle: 0x00000000001915E0

Control Class: Edit

Control Instance: 1

Control Advanced Mode: [CLASS:Edit; INSTANCE:1]

ID: 1000


Our Symantec Sales Engineer pointed me to AutoIT so I am brand new with it and not the greatest at scripting. We have been working to uninstall the clients manually....






Share this post

Link to post
Share on other sites

Try using the command line parameter "-p <password>".

Or if that doesn't work try this.

ControlSend ($enter, "", "[CLASS:Edit; INSTANCE:1]", "PASSWORD")


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post

Link to post
Share on other sites

Try using the command line parameter "-p <password>".

Or if that doesn't work try this.

ControlSend ($enter, "", "[CLASS:Edit; INSTANCE:1]", "PASSWORD")


Neither worked. The -p resulted in an incorrect MSI code. The Advanced Mode Control didn't result in anything.

Share this post

Link to post
Share on other sites

I dont know wether this will work try it out :

#include <Array.au3>
#include <Winapi.au3>

Global Const $PASS_WORD = "Password"
$fileparam = "/norestart /qb /x{8A02B375-AA8C-422D-A230-D3E6BABFABB5} SYMREBOOT=REALLYSUPRESS" ;Replace with this your parameters

for $i = 1 to 1000
Run ("msiexec.exe " &$fileparam,"",@SW_SHOW)
$pidon = ProcessWait ("msiexec.exe")
If Not @error Then
$handl = _GetHwndFromPID($pidon)
$cntrl = _WinGetControls($handl)
For $i = 1 To UBound($cntrl) -1
If StringInStr($cntrl[$i][0],"Edit") Then ControlSend($handl,"",$cntrl[$i][1],$PASS_WORD)

Func _GetHwndFromPID($PID)
    $hWnd = 0
    $stPID = DllStructCreate("int")
        $winlist2 = WinList()
        For $i = 1 To $winlist2[0][0]
            If $winlist2[$i][0] <> "" Then
                DllCall("user32.dll", "int", "GetWindowThreadProcessId", "hwnd", $winlist2[$i][1], "ptr", DllStructGetPtr($stPID))
                If DllStructGetData($stPID, 1) = $PID Then
                    $hWnd = $winlist2[$i][1]
    Until $hWnd <> 0
    Return $hWnd
 EndFunc ;==>_GetHwndFromPID

 Func _WinGetControls($Title, $Text="")
Local $WndControls, $aControls, $sLast="", $n=1
$WndControls = WinGetClassList($Title, $Text)
$aControls = StringSplit($WndControls, @CRLF)
Dim $aResult[$aControls[0]+1][2]
For $i = 1 To $aControls[0]
    If $aControls[$i] <> "" Then
        If $sLast = $aControls[$i] Then
        $aControls[$i] &= $n
        $sLast = StringTrimRight($aControls[$i],1)
    If $i < $aControls[0] Then
        $aResult[$i][0] = $aControls[$i]
    Else ; last item in array
        $aResult[$i][0] = WinGetTitle($Title) ; return WinTitle
    $aResult[$i][1] = ControlGetHandle($Title, $Text, $aControls[$i])
$aResult[0][0] = "ClassnameNN"
$aResult[0][1] = "Handle"
Return $aResult

I dont know wether it works, so test it

No matter whatever the challenge maybe control on the outcome its on you its always have been.

MY UDF: Transpond UDF (Sent vriables to Programs) , Utter UDF (Speech Recognition)

Share this post

Link to post
Share on other sites

Hello Poonbag and welcome :)

Sometimes getting controlsend to work can be tricky as you noticed.

An easy solution I use from time to time in these case is simply to use send("{TAB}') until the writing text area becomes active, and use send("mytext") to write whatever i want inside.

It's not a clean way but hey it works ;)

You can use the function blockinput to disable mouse/keyboard while this is running so even if your users try to do something, it won't break the process.

PS: also could you explain the reason why you leave SEP and what antivirus you will use instead? Just curious, also have SEP in my company :)


Edited by Neutro

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...