Uninstall Symantec Endpoint Protection

without a password
Posted by Aseem on Wednesday, January 28th 2009   
28
Jan

If you work in a corporate environment, you and your computer may be the unsuspecting victim
of a terrible piece of software from Symantec called Endpoint Protection. It’s a giant behemoth
of a program that includes anti-spyware, anti-virus, network

threat detection, and all kinds of other super security crap.

I certainly do understand the need for these programs and I use them myself, but Endpoint
Protection is a resource hog of enormous proportions. On top of that, it’s almost nearly
impossible to turn off or kill. Actually, I’ve tried to kill all the processes related to it and it still
continues to run.

The worst part about the program is it’s need to eat up all the processor power on your computer.
My computer never fell from 100% CPU usage when the program was running. I tried to
uncheck the services and startup programs for it using MSCONFIG to no avail.

Finally, I tried to uninstall it and I couldn’t even do that! The program was password protected so
that no sane human being could uninstall the crap! I understand that the password is there to
prevent employees from uninstalling it, but if you can’t do any work because your computer is
unbearably slow, then it should at least allow the uninstall and notify the administrator.
Anyway, if you are in a similar situation where you don’t know the password to uninstall
Endpoint Protection, then you’ll be happy to know of a quick way to bypass the password and
still uninstall the program.

When the password prompt comes up, go into Task Manager by pressing CTRL + ALT + DEL
and choosing Task Manager, then click on the Processes tab. Now find the msiexec.exe process
and kill it!

The picture above is actually from Process Explorer, not Task Manager, but it will have the same
name there also. Once you kill the process, the password prompt disappears and the uninstall
continues!!

After removing the program, my computer CPU usage dropped to a normal 2%. Talk about a
terrible program. If you want a really good anti-virus, go with Kaspersky. Enjoy!

Filed under: Help Desk

Share This Article

Save this page Buzz up!vote now

Stir it up on Mixx

Stumble this page Submit to Digg

Add to Reddit

Related Posts

 Windows is Currently Working with a File Message (June 15th, 2010)

 Disable Automatic Reboot During System Crash (June 9th, 2010)
 Windows Hangs during Shutdown? (June 8th, 2010)
 Troubleshoot Windows Defender Error Code 0×800106ba (March 13th, 2010)
 Fix “Error occurred while establishing a connection to SQL Server” (November 25th,
2009)
36 Comments Already

Hamed Said,
March 3rd, 2009 @1:08 am  

Hi
It doesn’t work dude.

snapfla Said,
March 31st, 2009 @10:02 pm  

Seemed to work if using process explorer…

Troy B Said,
April 1st, 2009 @8:21 pm  

I was able to follow the instructions above and it worked. I had to attempt it a couple of times
since multiple misexec.exe processes showed up. You have to choose the correct one. It showed
up under SYSTEM and under the default windows user and maybe under LOCAL SERVICE. I
was able to uninstall after 3 attempts at removing the proper msiexec.exe.

Sander Said,
April 16th, 2009 @5:30 pm  

It does only work if you choose change instead or remove.

When you choose remove, then the password windows will lock all other windows, so you
cannot acces the task manager.

When you select change and then uninstall, you can access the taskmanager. Sort by name. 2
msiexec are displayed. End the lowest.

oscar Said,
May 15th, 2009 @1:58 pm  

It works like a charm!

Beautiful!
dayisi Said,
June 19th, 2009 @1:15 pm  

Hi Man, you just saved me from a very serious customer wahala! Thanks a lot. Your instructions
worked. Many many thanks!!!!

hemant Said,
June 19th, 2009 @2:11 pm  

wonderful!!!
worked wonders!!

the msiexec.exe should not be the system one( delete the one with ur administrator/user name)

Overcast Said,
June 20th, 2009 @4:42 pm  

Yeah – this thing is horrible for admins.

Overcast Said,
June 20th, 2009 @4:46 pm  

Oh and to add – it does work, get PSKILL (cmd prompt executable) and keep Task Manager
open and sorted by process name – watch the MSIEXEC’s that pop up and run PSKILL against
the PID # – took me killing it a few times, but it worked.

I didn’t know until after the fact this thing does not play nice with Citrix at all – when a user
launches a Citrix app, SEP decides it wants to run too – even if the end user already has SEP
running on their client.

Jimmy Said,
September 1st, 2009 @6:14 pm  

“Actually, I’ve tried to kill all the processes related to it and it still continues to run.”

Ummmm…that’s by design. It’s so viruses/trojans/etc aren’t able to stop the services. And
actually, if you simply run “smc -stop” from a command line or the Run window, it will stop.
mac Said,
October 15th, 2009 @12:10 pm  

it is not working is there any other way to uninstall Symantec Endpoint Protection?

Aman Said,
October 18th, 2009 @2:22 pm  

I tried all of the trick I found here but none of them work. After all I tried to enter some password
and I am amazed at the password was symantec. After I entered it, it worked.

I don’t know why they have set a so simple password or may be only i had this one.

Foo Said,
October 23rd, 2009 @1:50 pm  

As a corporate SysAdmin I have to say that you should not attempt this on company computers.

Doing so may violate your agreement/contract and could lead to disciplinary actions (at our
company circumventing security may result in termination).

If your computer is slow then you should talk to your IT/Helpdesk. It is not supposed to take up
lots of resources (only when actively scanning the system). Your administrators have it
misconfigured if you experience continued slowdowns.

Tomas Said,
October 26th, 2009 @7:41 am  

This tutorial does not work on latest versions of symantec endpoint protection. Anyway I have
read Aman post, i have gave it a try and i was shocked, because it worked for me too!! Maybe it
is a default password set in SEPM for symantec, so admins are lazy to change it

Natasha Said,
November 14th, 2009 @10:08 am  

Genius dude!! Was able to finally get rid of Symantec EndPoint Protection!
mrigz Said,
November 26th, 2009 @11:39 am  

Thanks dude!!! I finally got rid of that crappy Symantec software!

also678 Said,
December 2nd, 2009 @6:56 am  

This did not work for me! Any other ideas?

also678 Said,
December 2nd, 2009 @7:04 am  

I have SEP 11.0.4202.75 & all the above solutions don’t work. thanks anyway. Is possible to try
change the password ?

Logan Said,
December 4th, 2009 @4:20 am  

Jimmy said:
“And actually, if you simply run “smc -stop” from a command line or the Run window, it will
stop.”

I disagree dude. I tried this a number of times and only got the damn password prompt, even
after all the msiexec processes were stopped.

zxc Said,
January 2nd, 2010 @4:49 am  

This is really valuable. I’m saddled with S.E.P on my corporate laptop

. My IT department inflicts a full system scan on my machine every day, seriously impacting
performance. I’m not at the point yet where I’m going to install it. I just want to see if there is a
way to defeat the forced scan and let ME choose when to scan my system instead of it being at
an inconvenient time.
Just to respond to FOO – yes, I hear what you are saying. However what IT system administrators
overlook all too often is that some users actually are responsible enough to protect corporate and
don’t need the IT department to force scans upon us in the middle of a presentation to customers,
while we are showing how well the new version of our company’s software performs.

I want good anti virus protection. I want frequent updates. I want good real-time protection. I can’t
live with resource heavy full system scans starting up in the middle of my work.

If I can’t figure out how to hack my S.E.P client so my admin scan doesn’t happen (without the
admins finding out), I’ll have to see if I can get rid of it (again without the admins finding out)
and replace it with something *I* have control over.

Prepress Boys Said,

January 6th, 2010 @4:13 pm  

Thanks. Worked great. Symantec Endpoint is a very crappy program!

Duh Said,
January 15th, 2010 @10:33 am  

Uh guys…

msiexec is the Windows installer. (MicroSoft Installer Executable).

it’s pretty unlikely that it’s tied to anything from Symantec. If it IS symantec invoking the
installer, then your software is broken.

Pretty much every single program that runs on windows uses MSIEXEC to install itself. It’s just
as likely that it was that piece of freeware you just downloaded as it was endpoint chewing up
your systems resources.

Don’t get me wrong, endpoint is a giant pile of crap. But you’re not fixing anything with
Symantec by killing an instance of the Windows installer.

spock Said,
January 29th, 2010 @9:10 pm  

This doesn’t work for me, I went to the task manager and killed the MSIEXEC process, the
password prompt went away for a second, then another message popped up and said something
like “Uninstall Password Not Supplied”, and the uninstallation just exits. Anyone encountered
this problem? Is there a new method to kill this junk?
k Said,
February 2nd, 2010 @12:38 pm  

To uninstall without a password.

1. I went to registry and deleted all the symantec entries.

2. then open the services.msc look for anything that say’s symantec that currently started and
stop it.

3. then add/remove programs and click remove button.

then rebooted.

Humayu Said,
February 4th, 2010 @11:34 am  

Thank you Guys — Default password is Symantec

ivetteotto Said,
April 6th, 2010 @7:01 pm  

you are a genius!! thanks alot…

arsham Said,
April 13th, 2010 @5:42 am  

you must remove all Symantec registry key in this path:

hkey local machine\software\

and stop all services then go to add/remove programs and remove the anti virus!!!

lulu douglas Said,

April 20th, 2010 @3:49 pm  

This endpoint protection is a worse nightmare to uninstall than security tool. All I want is to install
the Nortan 2010 and it won’t go in unless I uninstall corp ep. I am just going crazy with it. I sure
hope your idea works- esp. since it doesn’t even ask me for a pass word- it just instantlly jumps
into manic install mode and pops itself up every 3 seconds.

Rushil Said,
May 11th, 2010 @5:03 am  

It’s nice technique to get rid of Symantec Endpoint! Thanks dude!

divinedragon4000 Said,
May 15th, 2010 @9:38 pm  

thanks for the info, worked great, thanks.

Anon Said,
June 8th, 2010 @8:54 am  

Actually SEP is a great endpoint protection suite. Yes, by default all options are turned on, which
can be a bit resource intensive. However, if you read the system requirements before installing
Symantec recommends a decent workstation (plenty of RAM). I manage over 100
workstations/servers across 10 sites, all of which have SEP installed and I have no resource
problems at all. I had to customize the settings for my environment prior to full deployment
however, but that is to be expected.

Make sure you customize the settings post-install to fit your needs:

On-Access Scanning: Big I/O hog, especially durring logon and when applicaitons are executed
or for I/O intensive operations; if you don’t have a SATA2 (or Solid State) hdd it can bog you
down.

Start-Up Scan: Slows Windows boot and can degrade system performance until complete, even
after login. This is best for systems that do not reboot often, or only reboot durring maintenance
windows. A scheduled full scan (durring maintenance window) will accomplish the same thing.

Also, turn down the default frequency for LiveUpdates. While Symantec does release several
AV updates a day, Live-update can cause un-necessary network chatter if checking too often.
Liveupdate once a day is usually good, unless ALL you do is surf questionable web-sites…

Aside from that; my only comment is a question:

–If you truily understand why this security is necessary, then why post an article describing how
to circumvent said security? A little counter-intuative don’t you think?
Anon Said,
June 8th, 2010 @8:57 am  

@ lulu douglas:
Find the SymClean utility. It will manually wipe out multiple Symantec/Norton applications when
their native un-install fails.

maro Said,
June 10th, 2010 @8:58 am  

it works great for me, i just have to pick the right one! thanks.

Josh Said,
June 10th, 2010 @7:59 pm  

Its possible!! This is how U do it.

1) How to manually uninstall the Symantec Endpoint Protection client from Windows Vista,
Windows 7, and Windows 2008 R2 64-bit
URL: http://service1.symantec.com/support/ent-
security.nsf/854fa02b4f5013678825731a007d06af/714e764f97fb24d488257509000042b2?
OpenDocument

2) How to manually uninstall Symantec Endpoint Protection client from Windows 2000, XP and
2003, 32-bit Editions
URL: http://service1.symantec.com/support/ent-
security.nsf/854fa02b4f5013678825731a007d06af/5db8e519e16d42f2882573290005aa1d?
OpenDocument

Josh Said,
June 10th, 2010 @8:01 pm  

You can use the clean wipe utility!! Get the login id & password from Symentec