How to completely remove Symantec Antivirus (without entering password)

CleanWipe Utility

The cleanwipe utility is used to completely remove Symantec Antivirus and Symantec Endpoint Protection products. 
To obtain Cleanwipe please contact Symantec Technical support.

Once the utility has been obtained please follow these instructions:

This utility can be run on Windows 2000, Windows XP (32 and 64 bit), and Windows Server 2003 (32 and 64 bit.)

Warnings:
Do not run this utility on Windows NT, Windows 9x, or Windows Me.
Do not run this utility on systems that have Symantec AntiVirus 8.x or below installed.

You cannot select individual applications to remove. 

CleanWipe may remove LiveUpdate.

CleanWipe will remove Virus Definitions if you select Yes to "Do you want to do a detailed MSI Product Code registry search?...", even when selecting No to "If Virus Defs remain after uninstalling Symantec products do you want to uninstall the Virus Defs?". If you have other Symantec applications that use the VirusDefs folder, it is recommended that you make backup copy of the VirusDefs folder before running the CleanWipe tool. The VirusDefs folder is located under C:\Program Files\Common Files\Symantec Shared\

When using the CleanWipe utility, please be aware that it removes the following products and components from the computer:

Alert Management Server
Firewall Administrator
Quarantine Console
Quarantine Server
Symantec AntiVirus (Version 9.x and above)
Symantec AntiVirus Corporate Edition
Symantec Client
Symantec Client Firewall
Symantec Client Security
Symantec Endpoint Protection
Symantec Endpoint Protection Manager
Symantec LiveUpdate
Symantec Network Access Control
Symantec Sygate Enterprise Protection
Symantec System Center
Symevent

If you have other Symantec applications on the computer that depend on any of the applications listed above, those applications may not function properly. The customer may need to re-install the missing applications after running CleanWipe.

Note: The zip file is password protected.
Un-Zip Password: symantec

1. Extract the file to a new folder in a convenient location, such as the Desktop, using the un-zip password provided above.
2. Browse to the new folder and execute the utility by double clicking 'CleanWipe.exe'
3. Follow the on-screen instructions.

The utility runs in verbose mode and will ask you about the components you want uninstalled.

Note: If the CleanWipe utility fails to remove Symantec Endpoint Protection, please proceed through the manual uninstall procedure for the version of the product you have installed.

You can find the manual uninstall instructions in the following document: 

Title: How to manually uninstall Symantec Endpoint Protection client from Windows 2000, XP and 2003, 32-bit Editions
Solution ID: 2007073018014248
Document URL:
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007073018014248

Title: 'Manual uninstallation documents for Symantec Client Security products'
Solution ID: 2002031914291648
Document URL: http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2002031914291648

Symantec: How to work with Data Sources (ODBC) or ODBC connection in 64bit Windows OS

Problem

The Symantec Endpoint Protection Manager (SEPM) is installed on a 64 bit Windows Operating System. The Data Source Name (DSN) entry is not listed on the System DSN tab when Data Sources (ODBC) is accessed using control panel or through Administrative tools.

Symptoms
The Symantec Endpoint Protection Manager (SEPM) is installed on a 64 bit Windows Operating System.

  • The installation of the Symantec Endpoint Protection Manager (SEPM) produces no errors during installation, but the DSN name is still not listed.
  • The “SymantecEndpointDSN” is not listed in the System DSN tab in the ODBC connection.

Cause

The ODBC information for 64 bit systems will not appear in the Data Sources (ODBC) applet, because the Symantec Endpoint Protection Manager (SEPM) creates a 32-bit DSN.

Solution

Go to %systemroot%\Windows\SysWoW64 folder (Example – Click Start -> Run -> C:\Windows\Syswow64 and click on OK)

  1. Locate Odbcad32.exe & double click on the file
  2. Click on System DSN Tab
  3. You will find the “SymantecEndpointDSN” listed in the window.
  4. Now click on the CONFIGURE button and proceed with the configuration of the DSN for the Symantec Endpoint Protection Manager

source: http://www.symantec.com/docs/TECH103990

How To Use the Symantec Endpoint Recovery Tool with the Latest Virus Definitions

  1. Using an unzipping utility, unzip the .jdb file into a new folder.

    Note: It is possible to use the built-in Windows unzip utility to unzip the .jdb file. To do so, change the file extension on the .jdb file to .zip, right-click the file, and click “Extract All…”.

  2. After the .jdb is uncompressed, place the folder on a removable storage device or in at the root of the infected computer’s hard drive so that the Symantec Endpoint Recovery Tool can access the definitions.
  3. Confirm that the infected computer boots from CD or removable media first.
    Refer to the computer’s manual for information on configuring the computer appropriately.
  4. Boot the infected computer from the SERT disc created in step 2.
  5. Click Continue loading Endpoint Recovery Tool
  6. Select a language and click OK.
  7. When presented with the Symantec Software License Agreement, click I Agree.
  8. If a network connection is detected, the Symantec Endpoint Recovery Tool attempts to download the latest virus definitions. If the computer is isolated from the network, or if it is unable to download definitions for any reason, click Browse for Virus Definitions, and browse to the folder to which you unzipped the virus definitions.
  9. Verify that the virus definitions have been loaded by looking in the lower right-hand corner of the screen. Virus definitions current as of should reflect the current date.
  10. Make sure that Save scan session information is checked.
    Saving the scan session allows you to undo any modifications made by the tool.
    If needed, you can change the location where the scan session information will be stored. To do so, click  Change location and select the preferred location.
  11. Click Start Scan.

 

Source: http://www.symantec.com/docs/TECH131732

Which Communication Ports does Symantec Endpoint Protection 11.0 use?

To open firewall ports for SEP you need to know the following ports:

Number Port Type Initiated by Listening Process Description
80, 8014 TCP SEP Clients svchost.exe (IIS) Communication between the SEPM manager and SEP clients and Enforcers. (8014 in MR3 and later builds, 80 in older).
443 TCP SEP Clients svchost.exe (IIS) Optional secured HTTPS communication between a SEPM manager and SEP clients and Enforcers.
1433 TCP SEPM manager sqlservr.exe Communication between a SEPM manager and a Microsoft SQL Database Server if they reside on separate computers.
1812 UDP Enforcer w3wp.exe RADIUS communication between a SEPM manager and Enforcers for authenticating unique ID information with the Enforcer.
2638 TCP SEPM manager dbsrv9.exe Communication between the Embedded Database and the SEPM manager.
8443 TCP Remote Java or web console SemSvc.exe HTTPS communication between a remote management console and the SEPM manager. All login information and administrative communication takes place using this secure port.
9090 TCP Remote web console SemSvc.exe Initial HTTP communication between a remote management console and the SEPM manager (to display the login screen only).
8005 TCP SEPM manager SemSvc.exe The SEPM manager listens on the Tomcat default port.
39999 UDP Enforcer Communication between the SEP Clients and the Enforcer. This is used to authenticate Clients by the Enforcer.
2967 TCP SEP Clients Smc.exe The Group Update Provider (GUP) proxy functionality of SEP client listens on this port.

 

The Symantec Endpoint Protection Manager (SEPM) use two web servers: Internet Information Services (IIS) and Tomcat. IIS uses port 80 (or 8014) and 443 – Tomcat uses port 9090 and 8443. The communication between IIS and Tomcat uses the HTTP protocol. IIS uses port 9090 to talk to Tomcat, Tomcat uses port 80 to talk to IIS.

Client-Server Communication:
For IIS SEP uses HTTP or HTTPS between the clients or Enforcers and the server. For the client server communication it uses port 80 (or 8014) and 443 by default. In addition, the Enforcers use RADIUS to communicate in real-time with the manager console for clients authentication. This is done on UDP port 1812.

Remote Console:
9090 is used by the remote console to download .jar files and display the help pages.
8443 is used by the remote console to communicate with SEPM and the Replication Partners to replicate data.

Client-Enforcer Authentication:
The clients communicate with the Enforcer using a proprietary communication protocol. This communication uses a challenge-response to authenticate the clients. The default port for this is UDP 39,999.

http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/edda0cd89141a6788025734e004b6a02?OpenDocument

Create a bootable SERT USB key

The Symantec Endpoint Recovery Tool is an image that you can burn on a disc, which you can use to scan and remove malware from client computers. You use this tool for the computers that are too infected for Symantec  Endpoint Protection to clean effectively.

(http://www.symantec.com/connect/videos/symantec-endpoint-recovery-tool-sert)

You can download the tool from https://fileconnect.symantec.com/ and you need your license number like B1234567891.

Download the tool and get a USB key with at least 512 MB space

1.    Using WinRAR or similar, extract the SERT.iso file to the local file system (assume C:\SERT).
2.    Open a command prompt with admin rights.
3.    Insert the USB stick into the computer.
4.    Type the following command to start Diskpart:
diskpart <enter>
5.    Type the following command to list the available disks:
list disk <enter>

This command is important.  It will show you what number your USB drive is.  Failure to select the right disk at this point may result in loss of data from your hard disk.  Normally the drive is Disk 1, but you should confirm before proceeding.

6.    Type following commands to format the USB stick and prepare it for SERT:
select disk <number> <enter>
clean <enter>
create partition primary <enter>
select partition 1 <enter>
active <enter>
format fs=fat32 <enter>
assign <enter>
exit <enter>

7.    At the command prompt, type the following to copy the SERT files to the USB Stick:
xcopy C:\SERT\*.* <removable disk drive letter>\ /e /h /f <enter>

For updated definition files, download the JDB files and unzip them to the USB key. The JDB files can be found at http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce

To see how the SERT tool can be updated with the downloaded JDB file, read the following article: http://www.bvanleeuwen.nl/faq/?p=748

How to check local excluded dir’s in a Managed SAV environment

On a local machine you can check the excluded directories off Symantec Anti Virus in the following registry key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\Filesystem\RealTimeScan\FileExceptions]

 

For Windows 2008 (64Bit) and Symantec Endpoint Protection (SEP) 11, look at the following location:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions\ScanningEngines\Directory\Admin

Migrate Symantec Anti Virus to Symantec Endpoint Protection

Document ID: 2007071909500548

What should I think about in advance before I begin migrating my Symantec AntiVirus environment to Symantec Endpoint Protection?
Consider several factors before you begin your migration:

  • Do you have the resources to create a test migration environment?
    If you create such an environment is highly beneficial before you begin migration so that you can test exactly how clients and servers are grouped, which settings are migrated, and the overall migration success rate.
  • Can you perform a complete migration to Symantec Endpoint Protection?
    If your network contains operating systems (such as Netware) that are not supported with Symantec Endpoint Protection, then Symantec System Center must manage a subset of the clients and servers.
  • Do you want to create a new client groupings or use the existing groupings from Symantec System Center?
  • How do you plan on migrating Symantec Endpoint Protection to your clients? Do you plan to use third party tools or the Migration and Deployment Wizard?
  • After you determine the method that you want to use to migrate your clients, you can determine whether to use certain Symantec Endpoint Protection features.
  • Are there client settings that you must disable or reconfigure to ensure successful migration?
  • Some client settings such as scheduled scans must be disabled before you begin migration.

Before you begin migration, you must read the migration chapters in the Installation Guide for Symantec Endpoint Protection and Symantec Network Access Control.

What are the general steps to migrating Symantec AntiVirus to Symantec Endpoint Protection?
You must complete the following steps to migrate Symantec AntiVirus to Symantec Endpoint Protection in the order listed:

  1. Uninstall the Reporting Sever if you have it installed.
  2. Use Symantec System Center to configure settings for the management server and clients that prepare them for migration.
    These settings changes are: disable scheduled scans, modify Quarantine purge options, delete histories, disable LiveUpdate, disable roaming, unlock server groups, and disable Tamper Protection. Install the Symantec Endpoint Protection Manager.
  3. Migrate your legacy clients and servers.
  4. Uninstall Symantec System Center
  5. Migrate the legacy client or server that was used to protect the computer running Symantec System Center.

Create user account in Symantec System Center 10.x

To create a user account for a server group

  1. Start Symantec System Center.
  2. Right-click the appropriate server group.
  3. Click Account Management.
  4. In the Configure Server Group Accounts dialog box, click Add.
  5. In the Account Setup dialog box, do the following:
    • Type the user name.
    • In the New password box, type the password.
    • In Confirm password box, type the password again.
    • Under Account Type, check the role that you want to assign to the user: Read-only, Administrator, Central Quarantine, or Gateway Security.
  6. Click OK.
  7. Click Finished.
    The changes are then sent to the secondary management servers in the server group.

source