Jump to content
TimR

Check Point Endpoint Security

Recommended Posts

TimR

First off, I wanted to say, AutoIT is AMAZING and I have learned a lot from these forums.

I searched ALL over the forum and could not find this topic so I am going to post this one in hopes there is nothing already out there.

We have an Anti Virus piece of software that requires a password to be passed in a gui during the regular windows uninstall.  They call this "Tamper Protection".  The problem is I have to uninstall this software on nearly a thousand machines and thought that AutoIt would work.  I believe that Check Point Endpoint Security may have built some logic that makes it impossible to uninstall the software even with AutoIT.  

I wanted to know if anyone has had this issue in the past?  I have been spinning wheels and I hate asking.

 

I have tried to create this script manually using classes defined within the AutoIt v3 Window Information tool.  After several hours, I gave up and thought that I would try Au3Record.  That didn't even work.  In a nutshell, the AU3Record does not even really seem to record data typed in the password field.

Could there be protections against AutoIT or am I just too green with the product?

Run("C:\Windows\System32\control.exe appwiz.cpl")
WinWait("Programs and Features")
WinActivate("Programs and Features")
Send("Check Point Endpoint Security")
Send("{Enter}")
Sleep(1000)


ControlClick("Programs and Features", "&Yes", "[CLASS:Button; INSTANCE:1]")
Sleep(2000)

ControlFocus("Check Point Endpoint Security", "Please enter administrative password", "Edit1")
ControlSetText("Check Point Endpoint Securty", "Please enter administrative password", "Edit1", "the uninstall password")
Sleep(15000)

ControlClick("Check Point Endpoint Securty", "OK", "[CLASS:Button; INSTANCE:1]")

Exit
 

 

checkpoint_uninstallation.thumb.PNG.24a8d9d88ca81ff25dd9d8ef74bd23ba.PNG

Share this post


Link to post
Share on other sites
FrancescoDiMuro

Good morning @TimR :)

So, the issue you are having, is that, in the "final part", the password is not typed in the input box, is it right?

I always suggest to check return value of functions that you're using, so you can say: "Ok, calling this function, there is an issue" :)

 

Best Regards.


Click here to see my signature:

Spoiler

I will always thank you for the time you spent for me.
I'm here to ask, and from your response, I'd like to learn.
By my knowledge, I can help someone else, and "that someone" could help in turn another, and so on.

ALWAYS GOOD TO READ:

In case I am violating some pseudo Forum rule, or I am doing something wrong, I want let you know that I'm not doing this on purpose, and for this, I kindly ask you to send me a private message about the "bad content" I posted, in order to edit/remove it, and to not be warned wrongly.
Thanks in advance.

 

Share this post


Link to post
Share on other sites
AndyG
Posted (edited)

Hi,

there are many socalled "controls" in software products, that are definetly no "typically" windows controls! 

Sometimes the only way to place some text into an input-field is the send()-command.

If you are sure that the password-input-control is active ( ! ) try to use the "send()"-command to send the text.

"Active" means, the cursor is blinking into the input-control.

If ControlFocus() does´nt work, you could  try to activate the input-control via the TAB´s.

...and use more Sleep()´s between your lines of code, because your AutoIt-Script is normally way faster than the most Windows-Programs. 

Edited by AndyG

Share this post


Link to post
Share on other sites
orbs

@TimR, welcome to AutoIt and to the forum.

Check Point Endpoint Security - like all enterprise security products - has a central management console, through which you can uninstall the clients. no other method is going to be simpler, or feasible at all.

do NOT attempt it by simulating mouse clicks and key presses - this will fail in 99.9% of your targets (the rest 0.1% are your test targets), which will generate a lot more work for you to explain to users WTF is going on, then connect to their workstations and perform the process manually.

you have revealed your lack of experience in scripting by simulating opening the Control Panel applet of "Programs and Features", then trying to locate the software products for uninstall. if scripting is your way, you'd be using the formal uninstall command from the registry (typically handled by msiexec). script-wise, what you are dealing here is more complicated than usual; this be the second reason i advise you do not follow that path.

if, for some reason, you do not have access to the central management console, then either make such access for yourself, or ask the person in charge of it to do the remote uninstallation for you. if none of that is possible, consult Check Point support for other options. if manual uninstall is your only option, inform your boss you'd have to do it manually, and it will take as much as it will take. once your boss understands that, trust me - you'd have your access in no time and you will complete the uninstall in a few hours.

 

Share this post


Link to post
Share on other sites
Melba23

TimR,

Welcome to the AutoIt forums.

Quote

I believe that Check Point Endpoint Security may have built some logic that makes it impossible to uninstall the software even with AutoIT.  

I quite agree and so your question falls foul of the Forum rules - specifically the prohibition on discussing "Bypassing of security measures - log-in and security dialogs". I realise that your intentions are good, but you must realise that these features are put there for a reason and we are not going to help you - and therefore anyone else with less honest goals - to get around them. Thread locked.

I heartily endorse orbs proposal above - use the correct method to uninstall and forget trying to script it by simulation mouseclicks, etc.

M23

 


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites
Subz

Agree with orbs, a quick google search for Uninstall Checkpoint returns the Endpoint Security Management Guide, search for Uninstalling Endpoint Security Clients, which gives you the command line to uninstall the client using:

Quote

Msiexec /X /qn <Product Code> INSTALLPASSWORD=

Obtaining the product code To obtain the product code, (GUID), examine this registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Zone Labs\ZoneAlarm\MsiProductCode. The product key is the value for MsiProductCode.. You can verify this code by checking for a subfolder named with the product key

Using the vbscript at the end of the guide and translating it to AutoIt, however this is compatible with both x86/x64 systems.

#NoTrayIcon
#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_UseX64=n
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****

Global $g_sCheckPassword = "<Enter Password Here>"
Global $g_sProductCode = @OSArch = "x64" ? RegRead("HKLM64\SOFTWARE\Zone Labs\ZoneAlarm", "MSIProductCode") : RegRead("HKLM\SOFTWARE\Zone Labs\ZoneAlarm", "MSIProductCode")
    If $g_sProductCode = "" Then Exit ;~ CheckPoint is not installed on the system
If @OSArch = "x64" Then
    DllCall("kernel32.dll", "boolean", "Wow64DisableWow64FsRedirection", "boolean", 1) ;~ Turns Off 64 Bit Redirection
        RunWait("MsiExec.exe /x " & $g_sProductCode & " /qn INSTALLPASSWORD=" & $g_sCheckPassword, "", @SW_HIDE)
    DllCall("kernel32.dll", "boolean", "Wow64DisableWow64FsRedirection", "boolean", 0) ;~ Turns On 64 Bit Redirection
Else
    RunWait("MsiExec.exe /x " & $g_sProductCode & " /qn INSTALLPASSWORD=" & $g_sCheckPassword, "", @SW_HIDE)
EndIf

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×