• Download Symantec Endpoint Protection M…
• Symantec Endpoint Protection 14 Update Definitions Manually
• Symantec Endpoint Protection Deployment …
• Manually Update Endpoint Definitions

Applies to: System Center Configuration Manager (Current Branch)

Manually upgrading your agent In Symantec Endpoint Protection Small Business Edition (SEP SBE) cloud, you can choose to do a manual upgrade before the agent LiveUpdate is made available. With the manual upgrade, you can run the installer on both servers and workstations and update to the most current version of the agent on a time schedule that. The Symantec Endpoint Protection Manager updater file has a.jdb extension. There should only be one.jdb listed at any time. The.jdb file updates content for both 32- and 64-bit systems. The.jdb files can also be used to update Symantec Endpoint Protection clients.

This procedure configures custom client settings for Endpoint Protection, which you can deploy to collections of devices in your hierarchy.

Important

Only configure the default Endpoint Protection client settings if you're sure that you want them applied to all computers in your hierarchy.

To enable Endpoint Protection and configure custom client settings

1. In the Configuration Manager console, click Administration.

2. In the Administration workspace, click Client Settings.

3. On the Home tab, in the Create group, click Create Custom Client Device Settings.

4. In the Create Custom Client Device Settings dialog box, provide a name and a description for the group of settings, and then select Endpoint Protection.

5. Configure the Endpoint Protection client settings that you require. For a full list of Endpoint Protection client settings that you can configure, see the Endpoint Protection section in About client settings.

   Important

   Install the Endpoint Protection site system role before you configure client settings for Endpoint Protection.

6. Click OK to close the Create Custom Client Device Settings dialog box. The new client settings are displayed in the Client Settings node of the Administration workspace.

7. Next, deploy the custom client settings to a collection. Select the custom client settings you want to deploy. In the Home tab, in the Client Settings group, click Deploy.

8. In the Select Collection dialog box, choose the collection to which you want to deploy the client settings and then click OK. The new deployment is shown in the Deployments tab of the details pane.

Clients are configured with these settings when they next download client policy. For more information, see Initiate policy retrieval for a Configuration Manager client.

How to provision the Endpoint Protection client in a disk image

Install the Endpoint Protection client on a computer that you intend to use as a disk image source for Configuration Manager OS deployment. This computer is typically called the reference computer. After you create the OS image, then use Configuration Manager OS deployment to deploy the image.

Important

Windows 10 and Windows Server 2016 have Windows Defender installed by default. You don't need this procedure on those versions of Windows.

Use the following procedures to help you install and configure the Endpoint Protection client on a reference computer.

Prerequisites

The following list contains the required prerequisites for installing the Endpoint Protection client software on a reference computer.

• You must have access to the Endpoint Protection client installation package, scepinstall.exe. Find this package in the Client folder of the Configuration Manager installation folder on the site server.

• To deploy the Endpoint Protection client with your organization's required configuration, create and export an antimalware policy. Then specify this policy when you manually install the Endpoint Protection client. For more information, see How to create and deploy antimalware policies.

  Note

  You can't export the Default Client Antimalware Policy.

• If you want to install the Endpoint Protection client with the latest definitions, download them from Windows Defender Security Intelligence.

Note

Starting in Configuration Manager 1802, you don't need to install the Endpoint Protection agent (SCEPInstall) on Windows 10 devices. If it's already installed on Windows 10 devices, Configuration Manager doesn't remove it. Administrators can remove the Endpoint Protection agent on Windows 10 devices that are running at least the 1802 client version. SCEPInstall.exe may still be present in C:Windowsccmsetup on some machines, but new client installations shouldn't download it.

How to install the Endpoint Protection client on the reference computer

Install the Endpoint Protection client locally on the reference computer from a command prompt. First get the installation file scepinstall.exe. For more information, see Install the Endpoint Protection client from a command prompt.

If necessary, also include a preconfigured antimalware policy or with an antimalware policy that you previously exported.

To install the Endpoint Protection client from a command prompt

1. Copy scepinstall.exe from the Client folder of the Configuration Manager installation folder to the computer on which you want to install the Endpoint Protection client software.

2. Open a command prompt as an administrator. Change directory to the folder with the installer. Then run scepinstall.exe, adding any additional command-line properties that you require:

   Property	Description
   /s	Run the installer silently
   /q	Extract the setup files silently
   /i	Run the installer normally
   /policy	Specify an antimalware policy file to configure the client during installation
   /sqmoptin	Opt-in to the Microsoft Customer Experience Improvement Program (CEIP)

3. Follow the on-screen instructions to complete the client installation.

4. If you downloaded the latest update definition package, copy the package to the client computer, and then double-click the definition package to install it.

   Note

   After the Endpoint Protection client install completes, the client automatically performs a definition update check. If this update check succeeds, you don't have to manually install the latest definition update package.

Example: install the client with an antimalware policy

scepinstall.exe /policy <full path><policy file>

Verify the Endpoint Protection client installation

After you install the Endpoint Protection client on your reference computer, verify that the client is working correctly.

1. On the reference computer, open System Center Endpoint Protection from the Windows notification area.

2. On the Home tab of the System Center Endpoint Protection dialog box, verify that Real-time protection is set to On.

3. Verify that Up-to-date is displayed for Virus and spyware definitions.

4. To make sure that your reference computer is ready for imaging, under Scan options, select Full, and then click Scan now.

Prepare the Endpoint Protection client for imaging

Perform the following steps to prepare the Endpoint Protection client for imaging:

1. On the reference computer, sign in as an administrator.

2. Download and install PsExec from Windows SysInternals.

3. Run a command prompt as an administrator, change directory to the folder where you installed PsTools, and then type the following command:

   psexec.exe -s -i regedit.exe

   Important

   Use caution when you run the Registry Editor in this manner. PsExec.exe runs it in the LocalSystem context.

4. In the Registry Editor, delete the following registry keys:

   Important

   Delete these registry keys as the last step before imaging the reference computer. The Endpoint Protection client recreates these keys when it starts. If you restart the reference computer, delete the registry keys again.

   • HKEY_LOCAL_MACHINESOFTWAREMicrosoftMicrosoft AntimalwareInstallTime

   • HKEY_LOCAL_MACHINESOFTWAREMicrosoftMicrosoft AntimalwareScanLastScanRun

   • HKEY_LOCAL_MACHINESOFTWAREMicrosoftMicrosoft AntimalwareScanLastScanType

   • HKEY_LOCAL_MACHINESOFTWAREMicrosoftMicrosoft AntimalwareScanLastQuickScanID

   • HKEY_LOCAL_MACHINESOFTWAREMicrosoftMicrosoft AntimalwareScanLastFullScanID

   • HKEY_LOCAL_MACHINESOFTWAREMicrosoftRemovalToolsMRTGUID

     Spanning the most turbulent era in Western history, your quest for territory and power takes you through Europe, Africa, and the Middle East, and even onto the shores of the New World. You'll manage your empire with an iron fist, handling everything from building and improving cities to recruiting and training armies. Download medieval total war 2 kingdoms. Wield diplomacy to manipulate allies and enemies, outsmart the dreaded Inquisition, and influence the Pope.

You're now ready to prepare the reference computer for imaging.

When you deploy an OS image that contains the Endpoint Protection client, it automatically reports information to the device's assigned Configuration Manager site. The client downloads and applies any targeted antimalware policy.

See also

For more information about OS deployment in Configuration Manager, see Manage OS images.

This document describes how to remove the Symantec Endpoint Protection 12.1 client from Windows Vista, Windows 7, and Windows 2008 based operating systems, both x86 (32 bit) and x64 (64 bit), manually. Upon completion of this manual uninstallation, the computer must be restarted one final time, in addition to any steps which require a restart.

11 Steps total

Step 1: Warning

The manual removal steps outlined below can disable any other Symantec products that are installed on the computer. It is recommended that all Symantec products be uninstalled by using Add or Remove Programs before starting this process. Manual uninstall via file removal and registry manipulation should only be attempted as a last resort after first running traditional removal through Add or Remove Programs, and if that does not work, by using CleanWipe.

Not all files, folders, registry keys, or registry values may be present. If an entry does not exist, move on to the next one.

Step 2: Log on as Administrator, Back up the Windows registry

Manual removal of Symantec Endpoint Protection must be done from the Administrator account. Before you begin this procedure, back up the Windows registry.

Step 3: To allow Symantec Endpoint Protection services to be configured

1.) Right-click the Symantec Endpoint Protection icon in the lower right corner of the screen, and click Open Symantec Endpoint Protection.
2.) In the left pane, click Change Settings.
3.) In the right pane, click Client Management > Configure Settings.
4.) On the Tamper Protection tab, uncheck Protect Symantec security software from being tampered with or shut down.
5.) Click OK.
6.) Close Symantec Endpoint Protection.

Step 4: To stop Symantec Endpoint Protection

1.) Click Start > Run.
2.) Type msconfig, and click OK.
3.) On the Services tab, uncheck the following (not all may be present):
4.) Symantec Management Client
5.) Symantec Network Access Control
6.) Symantec Endpoint Protection
7.) Click OK.
8.) Click Start > Run.
9.) Type regedit and click OK.
10.) Navigate to the following key:
11.) HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSepMasterService
12.) Change the Start value to 4.
13.) Repeat step 8 for the following keys:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSmcService
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNAC
Restart the computer.
After you restart the computer, a message appears. Check the box and click OK.

Step 5: Remove the Teefer driver (may not be present):

Click Start > Run.
Type regedit, and click OK.
Navigate to the following key:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlNetwork{4D36E974-E325-11CE-BFC1-08002BE10318}
Find the keys that have a value of ComponentId that is set to symc_teefer2, and update the value of Characteristics to 40000.
Navigate to the following key:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlNetwork
Delete the value Config.
Exit the Windows Registry Editor.
Click Start > Settings > Control Panel > Network Connections.
Click a connection.
In the dialog, click Properties.
Select Teefer Driver, and click Uninstall.
Repeat these steps for each Network Connection.
Restart the computer.

Step 6: To remove Symantec Endpoint Protection from the registry

Click Start > Run.
Type regedit, and click OK.
In the Windows registry editor, in the left pane, delete the following keys if they are present. If one is not present, proceed to the next one.

HKEY_CURRENT_USERSoftwareSymantecSymantec Endpoint Protection
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesBHDrvx86
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesIDSVix86
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesNAVENG
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesNAVEX15
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesSepMasterService
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesSmcService
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesSNAC
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesSnacNp
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesSRTSP
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesSRTSPX
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesSyDvCtrl
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesSymDS
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesSymEFA
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesSymEvent
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesSymIRON
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesSYMNETS
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesSysPlant
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesTeefer2

Go to HKEY_LOCAL_MACHINESOFTWARE, and delete the following keys if they are present:

MicrosoftSecurity CenterMonitoringSymantecAntiVirus
MicrosoftWindowsCurrentVersionApp PathsSmc.exe
MicrosoftWindowsCurrentVersionControls FolderDisplayshellexPropertySheetHandlersLDVP Shell Extensions
MicrosoftWindows NTCurrentVersionWinlogonNotifySEP
SymantecSymantec Endpoint Protection
MicrosoftWindowsCurrentVersionUninstallSevInst

Go to HKEY_LOCAL_MACHINESOFTWARESymantecInstalledApps, and delete the value SAVCE.
Go to HKEY_LOCAL_MACHINESOFTWAREWOW6432node, and delete the following keys if they are present:

MicrosoftSecurity CenterMonitoringSymantecAntiVirus
MicrosoftWindowsCurrentVersionApp PathsSmc.exe
MicrosoftWindowsCurrentVersionControls FolderDisplayshellexPropertySheetHandlersLDVP Shell Extensions
MicrosoftWindows NTCurrentVersionWinlogonNotifySEP
SymantecSymantec Endpoint Protection
MicrosoftWindowsCurrentVersionUninstallSevInst

Go to HKEY_LOCAL_MACHINESOFTWAREWOW6432nodeSymantecInstalledApps, and delete the value SAVCE.
Go to HKEY_CLASSES_ROOT, and delete the following keys if they are present:

*ShellexContextMenuHandlersLDVPMenu
AppIDCliproxy.dll
AppIDHPPProtectionProviderUI.dll
AppIDPatchWrap.exe
AppIDProtectionUtil.dll
AppIDSavMainUI.dll
AppIDSavUI.exe
AppIDSmcGui.exe
AppIDSymNAPSHAgent.dll
AppID{163A15AA-F8B0-4A44-8B5D-8C40F9B46E66}
AppID{2E259067-4D17-4873-9D0E-BC56A2A99124}
AppID{4D87269F-49AB-4095-93FF-52DAD221149E}
AppID{4E9AEDCC-5516-41CC-AF40-2740C2310662}
AppID{5C2FCE47-AC1E-43D5-8E5C-038570953896}
AppID{610056EB-8561-4720-9C05-8E8C368E8779}
AppID{6425FB43-BE2A-4AC9-9B70-1C18807882D1}
AppID{7BC12215-782A-4031-A4D2-3770336543C9}
AppID{7F9D125B-D23F-4275-8656-931F712092A7}
AppID{CA39D995-ACA4-42B1-AABA-0C77EF20F785}
cliproxy.objects
cliproxy.objects.1
Cliproxy.ScanManagerCOMCallback
Cliproxy.ScanManagerCOMCallback.1
CLSID{083684A2-47AB-4839-A3B3-8109F4266B29}
CLSID{09FA8089-EE3E-4362-B8C0-1B0F4FD0505D}
CLSID{0E4ACE4C-DB4D-42C4-83A6-9A71D9C2CC1C}
CLSID{0F0E0EE0-760F-11D2-8E55-72C9EE000000}
CLSID{173883C3-C6CF-4D17-9889-CDC51DCFF5E1}
CLSID{17DE501A-6AD7-488C-9045-29FACC2262EF}
CLSID{1CDDD0B9-03AA-4442-9A5B-AC98086513E1}
CLSID{1FBEF3C8-45A0-42E0-8C68-681C4EB26DF7}
CLSID{26AFF61A-3282-4915-92C6-DCD3DB29BD5C}
CLSID{2707AAC5-C268-11D1-8263-00A0C95C0756}
CLSID{2707AAC6-C268-11D1-8263-00A0C95C0756}
CLSID{28FE5CD9-272D-442D-BA16-822126FCBD00}
CLSID{2AA55A10-1373-499B-8485-561006D1A1B0}
CLSID{2AE1F986-F3C3-4EF3-95DF-ED32AFE49510}
CLSID{2E76B2BF-C603-11D1-826C-00A0C95C0756}
CLSID{2E76B2C0-C603-11D1-826C-00A0C95C0756}
CLSID{2E76B2C3-C603-11D1-826C-00A0C95C0756}
CLSID{2E76B2C4-C603-11D1-826C-00A0C95C0756}
CLSID{314F8196-D31F-456B-BAA6-0A87FEEC20E4}
CLSID{327C5962-08E2-4EC6-A21A-340838D6EDB5}
CLSID{35AF7390-D827-4C1C-B7E0-8A26EC695AF5}
CLSID{3839D6F2-9AC5-4F95-9A47-504FB453ACBD}
CLSID{3DA06333-6CF3-499D-83AE-804CB32863AA}
CLSID{40C57BF5-CA86-11D1-B782-00A0C99C7131}
CLSID{40C57BF6-CA86-11D1-B782-00A0C99C7131}
CLSID{4128E694-4BB9-11D1-8190-00A0C95C0756}
CLSID{4128E695-4BB9-11D1-8190-00A0C95C0756}
CLSID{425DC6B2-28B6-41D2-AE94-0CE5E1CE7D9F}
CLSID{43943CCA-883C-11D1-83A4-00A0C9749EEF}
CLSID{4572031A-44ED-411B-9254-76449055D796}
CLSID{47D635E3-9D14-40C9-A28C-64C2AA7AF647}
CLSID{4B37F436-A1C7-43D6-8B48-2578BFB82F9C}
CLSID{4DEF8DD1-C4D1-11D1-82DA-00A0C9749EEF}
CLSID{501F9014-F64A-49AD-A36D-CB8F722D3739}
CLSID{536604C2-B82E-11D1-8252-00A0C95C0756}
CLSID{536604C3-B82E-11D1-8252-00A0C95C0756}
CLSID{57BAFF80-7818-4874-9D14-0AEC89E8E713}
CLSID{592DC44C-4977-11D1-818D-00A0C95C0756}
CLSID{592DC44F-4977-11D1-818D-00A0C95C0756}
CLSID{5CEC0E13-CF22-414C-8D67-D44B06420FC1}
CLSID{62C95F44-F1B4-4460-A190-E0402B887BFF}
CLSID{661CE64B-B9C4-40A0-A935-8A7A512CC794}
CLSID{6C393196-AEEB-4CB0-8F8E-72EFC4C2C1CA}
CLSID{6CAD485D-61FD-4989-8BE1-22BFDBD4260B}
CLSID{6D53EC84-6AAE-4787-AEEE-F4628F01010C}
CLSID{6F129A02-26F1-4AFB-80C4-8D0073EA2679}
CLSID{72864BE2-6234-45AA-952D-00C10C34BEEE}
CLSID{72E2440E-EBEA-49E6-A185-1BE03F723E28}
CLSID{74F8002D-2DF2-479E-80B9-AF7AC93DF4A7}
CLSID{7F365837-F578-11D1-B7B2-00A0C99C7131}
CLSID{7F365838-F578-11D1-B7B2-00A0C99C7131}
CLSID{7FBB7DCB-FF3D-467E-8962-7F1F58DE5B50}
CLSID{84AC6BE7-8CF2-4E67-A80E-32ACD3D7C381}
CLSID{8630F7C0-73E6-4C27-80AF-6ED3A7152194}
CLSID{8BEEE74D-455E-4616-A97A-F6E86C317F32}
CLSID{8F6F6788-4009-11D1-8184-00A0C95C0756}
CLSID{91581CB1-0E7B-11D1-9D93-00A0C95C1762}
CLSID{921BD9FB-4963-11D1-818D-00A0C95C0756}
CLSID{94A95A15-EA82-46F5-B5BF-1176F6D77DF7}
CLSID{94BFEEF1-3EAD-41E2-86FC-E1502DB9CB06}
CLSID{98694799-6891-4FD7-A91D-FB43B78AEC8C}
CLSID{9A4A52A6-7B83-403D-A6C9-1C8A492687CD}
CLSID{A1987DB8-9F0D-47D1-80C9-DFCE76260841}
CLSID{A302D4CF-8AAD-4B44-ADDE-7D1630CF6C37}
CLSID{A5C06558-65A3-472D-A950-B5E3324A85C7}
CLSID{AB08D3A3-260C-4CAB-BC71-8784DF963C8F}
CLSID{AB124073-6726-461F-B219-BBD3E6DE19E1}
CLSID{ABBAB8BD-E4F1-11D1-A42C-00A0C9A243C6}
CLSID{ABBAB8BE-E4F1-11D1-A42C-00A0C9A243C6}
CLSID{AC0A837D-9BE0-49A4-9495-582AFB88A673}
CLSID{AE78D5A2-46A3-43BB-A166-1B0018F0F21B}
CLSID{AEF1A62D-7C44-4985-9388-E9EE70F6CCFE}
CLSID{AFBBB9C6-8A99-11D1-8892-0080C75FFCC4}
CLSID{AFBBB9C7-8A99-11D1-8892-0080C75FFCC4}
CLSID{B1E8CB59-77C3-4A8D-9B0D-73A1F71C71A8}
CLSID{B91B0CAE-D866-11D1-B78C-00A0C99C7131}
CLSID{BC66531F-3136-46B0-9FEA-AC2AB3B7CF66}
CLSID{BE70B0B7-25AF-46E2-AF30-ED4EBBC1F149}
CLSID{BEE62D80-4A07-11D1-818E-00A0C95C0756}
CLSID{C05C035C-9C26-4F1E-B8BB-13F847313208}
CLSID{C0C14422-4924-41B9-971A-030CB1119C3B}
CLSID{C859248A-513E-11D1-8194-00A0C95C0756}
CLSID{C859248B-513E-11D1-8194-00A0C95C0756}
CLSID{C904B403-EA5E-48AB-99B6-F5A6EAD6D908}
CLSID{CCD1C6CC-DCA5-448E-8C35-3BA8C6FBF99D}
CLSID{CED1DFB3-4A7D-463F-985C-DBF75C52680B}
CLSID{D4268CC3-BE07-4B6F-8364-B853D09FF3BD}
CLSID{DEB07E48-ABCF-48AA-9B43-97E45D338C50}
CLSID{DEDC07E8-EE02-4AB9-8DE3-15808156CB49}
CLSID{E17664B2-DFBE-4654-8E40-672EC40C0276}
CLSID{E25C22E6-78BD-45F9-88D2-6DF7A580E400}
CLSID{E381F1C0-910E-11D1-AB1E-00A0C90F8F6F}
CLSID{E59CB7FB-1C4E-4733-BBBD-29F3D366BAFD}
CLSID{E7329452-FE39-4129-AB0F-5F8FD0AC628C}
CLSID{E99BD5E1-FD77-4142-94DC-2BA6057951B3}
CLSID{EE68EAFC-BF28-4017-8A92-D17DACF0B459}
CLSID{F20393E2-7481-49A3-8543-0268AA252EA8}
CLSID{F32F2026-8607-11D1-8892-0080C75FFCC4}
CLSID{F32F2027-8607-11D1-8892-0080C75FFCC4}
CLSID{F32F202A-8607-11D1-8892-0080C75FFCC4}
CLSID{F32F202B-8607-11D1-8892-0080C75FFCC4}
CLSID{F50BD50D-952E-4C4E-BF0E-C435015C6ADD}
CLSID{FC894628-B91D-11D1-8254-00A0C95C0756}
CLSID{FC894629-B91D-11D1-8254-00A0C95C0756}
CLSID{FD49B8C4-41FE-498D-95A0-BD12BADE43A9}
CLSID{FF1C1AB8-C27D-11D1-8263-00A0C95C0756}
CLSID{FF1C1AB9-C27D-11D1-8263-00A0C95C0756}
DriveshellexContextMenuHandlersLDVPMenu
EXCHNGUI.ExchngUICtrl.1
FolderShellExContextMenuHandlersLDVPMenu
FwsCtrl.BrowserProtection
FwsCtrl.BrowserProtection.1
FwsCtrl.CAutoprotectFw
FwsCtrl.CAutoprotectFw.1
FwsCtrl.CCmcManagement
FwsCtrl.CCmcManagement.1
FwsCtrl.CNACProtection
FwsCtrl.CNACProtection.1
FwsCtrl.FwsProtectionProvider
FwsCtrl.FwsProtectionProvider.1
FwsCtrl.IpsProtection
FwsCtrl.IpsProtection.1
FwsCtrl.NACProtectionProvider
FwsCtrl.NACProtectionProvider.1
HPPProtectionProviderUI.BASHProtection
HPPProtectionProviderUI.BASHProtection.1
HPPProtectionProviderUI.HPPProtectionPr
HPPProtectionProviderUI.HPPProtectionProvider.1
INETMAILUI.InetMailUICtrl.1
InstallerProducts9488817E81CADEA4081E1969AF75C7F9
InstallerUpgradeCodes20A7FB42A06BB49448A397B3CB77ED4D
Interface{002E704B-6E16-40EA-AEBA-E858BCA82B89}
Interface{0579533D-B27A-4637-87EB-91DC6BA312B4}
Interface{11442D72-F6E6-402F-935D-259A138CDE24}
Interface{11D8A19E-B7BA-46EE-BCB7-4A8A741CAC2F}
Interface{1297D925-FC7C-4201-A721-EE628C757C1A}
Interface{26AFF61A-3282-4915-92C6-DCD3DB29BD5C}
Interface{2843A4DD-917F-4322-B5AA-5A262CAE143D}
Interface{2E9218D3-0CF5-4502-B308-63AC5EE5D137}
Interface{3CE447DF-10EC-4852-ACDA-617BFC495716}
Interface{3DF841FB-5316-48B4-B78A-AA62200897D3}
Interface{45389BB6-6A0A-41AE-8044-6B0FDDEC87CC}
Interface{4631BA12-67C1-4A91-9D98-BC74B0E5A716}
Interface{4D7099CB-24F4-4502-B317-56E0EDD3D378}
Interface{4DD8D82B-432C-40EF-9788-853452C20168}
Interface{501F9014-F64A-49AD-A36D-CB8F722D3739}
Interface{536604C0-B82E-11D1-8252-00A0C95C0756}
Interface{536604C1-B82E-11D1-8252-00A0C95C0756}
Interface{587162BB-EB25-423C-BE97-EFE38BB0A2AE}
Interface{633A25E8-4FFE-4BD5-BCBF-61B31D7FDDF3}
Interface{646C8A12-4A6B-425C-97F4-C22DDA93B744}
Interface{667C382E-70C4-45FA-9E01-9EB0B956AB3C}
Interface{6DEE0551-3EE6-4F3A-B420-48EBABA110CB}
Interface{7006BA9F-5D2C-4344-A3C9-9F82ADDF1A73}
Interface{888B91C3-9CC9-42E2-A085-0633B463FC13}
Interface{979920CF-81B8-4C1A-988F-15355AE8AD64}
Interface{A2B69D18-A0A3-45EC-8517-053075BD4D90}
Interface{A9CC9305-0A30-4015-92A0-0711EE24E720}
Interface{B473C0DD-AF12-4C13-9036-25D2BDCA2859}
Interface{B53FDB2B-BEBC-4502-BED2-26479677146C}
Interface{C05C035C-9C26-4F1E-B8BB-13F847313208}
Interface{C181575D-C0D6-4E1F-B517-0E2C3C312E4B}
Interface{CB4EB90C-FDA1-485A-ACB2-50D4804EA169}
Interface{CD653B9D-F5A3-4F91-A3BE-16B209E29339}
Interface{D0FE7F2E-0090-4237-9EA9-C432D661FF0A}
Interface{D57906B2-AA5D-4CFC-8728-296D0186776E}
Interface{D5B84A4F-1EB8-4C86-B6F9-3DA46B59891B}
Interface{D76F0CF0-AB6C-4604-8B1B-5CC305D5C289}
Interface{D7BD6E18-9468-42F5-9CAE-19B3164F635F}
Interface{D8ACF3FA-B1FD-ADB4-8660-6CAEF999B999}
Interface{D8FCD44A-B1FD-ABB4-8660-9C0EF889B752}
Interface{E4866660-DB82-4233-99A2-03F25C895214}
Interface{E7329452-FE39-4129-AB0F-5F8FD0AC628C}
Interface{EAA6B14E-CA51-4DAB-8049-96B243BD7F6E}
Interface{F0576720-A999-4A71-8ADE-61C621ED8407}
Interface{F672352D-267F-4E95-BD6F-9EB0D5791963}
Interface{FC2D4656-887F-474B-9A49-4FCEFD470DB4}
Interface{FED18B74-E38E-4738-B882-0FF8D74ABEB3}
LDDATETIME.LDDateCtrl.1
LDDATETIME.LDStaticDateTimeCtrl.1
LDDATETIME.LDTimeCtrl.1
LDVPCTLS.LDVPActionsCtrl.1
LDVPCTLS.LDVPEditCtrl.1
LDVPCTLS.LDVPExtensionsCtrl.1
LDVPCTLS.LDVPResultsCtrl.1
LDVPCTLS.LDVPVirusDetailsCtrl.1
LDVPDLGS.LDVPAboutDlgCtrl.1
LDVPDLGS.LDVPCompressedCtrl.1
LDVPDLGS.LDVPEmailNotifySettingsCtrl.1
LDVPDLGS.LDVPMessageConfigCtrl.1
LDVPDLGS.LDVPSchedule2Ctrl.1
LDVPDLGS.LDVPSchedule3Ctrl.1
LDVPDLGS.LDVPScheduleCtrl.1
LDVPDLGS.LDVPStorageViewCtrl.1
LDVPDLGS.LDVPThreatExclusionsDlgCtl.1
LDVPUI.LDVPUICtrl.1
PatchWrap.PatchWrapper
PatchWrap.PatchWrapper.1
ProtectionUtil.ProtectionCollection
ProtectionUtil.ProtectionCollection.1
ProtectionUtil.ProtectionProviderColl.1
ProtectionUtil.ProtectionProviderCollec
ProtectionUtil.Protection_GUID_Contai.1
ProtectionUtil.Protection_GUID_Containe
ProtectionUtil.StatusFinder
ProtectionUtil.StatusFinder.1
ProtectionUtil.StatusProblem_Autoprot.1
ProtectionUtil.StatusProblem_Autoprotec
ProtectionUtil.StatusProblem_BashError
ProtectionUtil.StatusProblem_BashError.1
ProtectionUtil.StatusProblem_Containe.1
ProtectionUtil.StatusProblem_Container
ProtectionUtil.StatusProblem_DAError
ProtectionUtil.StatusProblem_DAError.1
ProtectionUtil.StatusProblem_DAOff
ProtectionUtil.StatusProblem_DAOff.1
ProtectionUtil.StatusProblem_Definiti.1
ProtectionUtil.StatusProblem_Definition
ProtectionUtil.StatusProblem_DefsCorr.1
ProtectionUtil.StatusProblem_DefsCorrup
ProtectionUtil.StatusProblem_HostInte.1
ProtectionUtil.StatusProblem_HostIntegr
ProtectionUtil.StatusProblem_NetworkA.1
ProtectionUtil.StatusProblem_NetworkAcc
ProtectionUtil.StatusProblem_NetworkQ.1
ProtectionUtil.StatusProblem_NetworkQua
ProtectionUtil.StatusProblem_Provider.1
ProtectionUtil.StatusProblem_ProviderAu
ProtectionUtil.StatusProblem_ProviderEr
ProtectionUtil.StatusProblem_ProviderOf
ProtectionUtil.StatusProblem_RebootPending
ProtectionUtil.StatusProblem_RebootPending.1
ProtectionUtil.StatusProblem_Trialwar.1
ProtectionUtil.StatusProblem_TrialwareE
Rtvscan.CSavInfo
Rtvscan.CSavInfo.1
Rtvscan.CSavQuarantine
Rtvscan.CSavQuarantine.1
Rtvscan.MailScanEngine
Rtvscan.MailScanEngine.1
Rtvscan.ResultsViewCOMCallback
Rtvscan.ResultsViewCOMCallback.1
Rtvscan.ScanManagerService
Rtvscan.ScanManagerService.1
Rtvscan.VirusFoundCOMCallback
Rtvscan.VirusFoundCOMCallback.1
SavMainUI.ConfigureableScanCollection
SavMainUI.ConfigureableScanCollection.1
SavMainUI.SavAutoprotectExchange
SavMainUI.SavAutoprotectExchange.1
SavMainUI.SavAutoprotectFilesystem
SavMainUI.SavAutoprotectFilesystem.1
SavMainUI.SavAutoprotectInternetEmail
SavMainUI.SavAutoprotectInternetEmail.1
SavMainUI.SavAutoprotectNotes
SavMainUI.SavAutoprotectNotes.1
SavMainUI.SavConfigureableScan
SavMainUI.SavConfigureableScan.1
SavMainUI.SavProtectionProvider
SavMainUI.SavProtectionProvider.1
SavMainUI.SavQuarantineItem
SavMainUI.SavQuarantineItem.1
SavMainUI.SavQuarantineItemCollection
SavMainUI.SavQuarantineItemCollection.1
SavMainUI.TamperProtectionProvider
SavMainUI.TamperProtectionProvider.1
SavMainUI.TamperProtectProcess
SavMainUI.TamperProtectProcess.1
SavUI.ActionableAlertCOMAdapter
SavUI.ActionableAlertCOMAdapter.1
SavUI.ResultsViewCOMAdapter
SavUI.ResultsViewCOMAdapter.1
SavUI.VirusFoundCOMAdapter
SavUI.VirusFoundCOMAdapter.1
SEP.AV.ScanDlgs
SEPOutlookAddin.OutlookAddin
SEPOutlookAddin.OutlookAddin.1
Shelsel2.Shelsel2
Shelsel2.Shelsel2.1
Symantec.IPS.WebProtection
Symantec.IPS.WebProtection.1
SymNAPSHAgent.CSymNAPSHAgentComponentInfo
TypeLib{1708F2CA-DCD5-4492-8260-FC9F58358478}
TypeLib{1C68BD0A-0264-4D90-904E-69D63F9090FC}
TypeLib{2149B26D-55C9-4DC3-BD03-B982AAA1733A}
TypeLib{2707AAC2-C268-11D1-8263-00A0C95C0756}
TypeLib{2E76B2B4-C603-11D1-826C-00A0C95C0756}
TypeLib{536604BF-B82E-11D1-8252-00A0C95C0756}
TypeLib{592DC449-4977-11D1-818D-00A0C95C0756}
TypeLib{69A9E691-DD09-4DBD-BBE1-BB63B8BE2652}
TypeLib{6F952B50-BCEE-11D1-82D6-00A0C9749EEF}
TypeLib{7F1806A6-1864-4697-A06B-E36F41D75DEF}
TypeLib{9D75182B-19F7-469B-83CB-180FE3338F33}
TypeLib{A559E5DA-F585-4590-AAC4-E00737E19425}
TypeLib{C0155A1A-11F1-4178-BE82-32FA1BB6AA5D}
TypeLib{E8996CAF-8E36-4818-948E-5C627388056F}
TypeLib{F32F2023-8607-11D1-8892-0080C75FFCC4}
TypeLib{FAD5CC54-0E68-11D1-9D91-00A0C95C1762}
TypeLib{FF1C1AB5-C27D-11D1-8263-00A0C95C0756}
VpshellEx.VpshellEx
VpshellEx.VpshellEx.1

Go to HKEY_LOCAL_MACHINESOFTWAREClasses, and delete the keys listed in step 8.
Go to HKEY_LOCAL_MACHINESOFTWAREClassesWow6432Node, and delete the keys listed in step 8.
Go to HKEY_LOCAL_MACHINESOFTWAREWOW6432nodeClasses, and delete the keys listed in step 8.
Go to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall, and click the Uninstall registry key to select it.
On the Edit menu, click Find.
Type symantec, and click Find Next.
Look for any values that appear in the right pane that includes the word Symantec, in a key that is still in HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall.
If the key that is selected is still in HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall, delete the key (in the left pane) – it will be an 24 letter/number alphanumeric “GUID” surrounded by {} brackets. Repeat the search.
If the key that is selected is not in HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall, continue to the next step.
Remove any values with 'Symantec' in the path from the following key:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSharedDlls
Use Edit > Find to search for any instances of the following strings, and delete any registry values that contain them or have the string as the name:

Vpshell2
VpShellEx
VpshellRes

Step 7: To find and remove the product GUID

In the Windows registry editor, go to the following key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Products
Click Products to highlight it.
On the Edit menu, click Find.
Type Symantec Endpoint Protection.
Click Find Next.
A value appears in the right pane that includes the words Symantec Endpoint Protection, in a key named 'InstallProperties'. The 'InstallProperties' key resides within another key whose name is a hexadecimal string. This hexadecimal string is the product GUID.
Use Edit > Find to search for any instances of the product GUID, and delete any registry values that contain it or have the string as the name.

Download Symantec Endpoint Protection M…

Step 8: To restore default Windows network settings

Go to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetworkProviderHwOrder.
Edit the ProviderOrder value to take out SnacNp from the list.
Repeat step 2 for HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetworkProviderOrder.
Go to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRasManPPPEAP.
In the 13 key, delete the following values:
ConfigUIPath
IdentityPath
InteractiveUIPath
Path
Rename the ConfigUIPathBackup, IdentityPathBackup, InteractiveUIPathBackup, and PathBackup values to ConfigUIPath, IdentityPath, InteractiveUIPath, and Path respectively.
Repeat steps 5 and 6 for the 25, 26, and 4 keys.
Delete the key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRasManPPPEAP88.

Step 9: To remove Symantec Endpoint Protection files and folders

Restart the computer into Safe Mode. To enter Safe Mode on Windows Vista and Windows 7, read the Microsoft article Start your computer in safe mode.
In Safe Mode, log on as the Administrator account.
Delete the following files and folders. If a file or folder is not present, proceed to the next one.
C:Program Files (x86)SymantecSymantec Endpoint Protection
If you installed Symantec Endpoint Protection in a different folder, delete that folder instead.
C:UsersAll UsersMicrosoftWindowsStart MenuProgramsSymantec Endpoint Protection
C:UsersAll UsersSymantec
C:ProgramDataSymantec
C:WindowsSystem32driversSEP
Go to %systemdrive%System Volume Information.
Right-click EfaData, click Properties, and uncheck Read-only.
Delete EfaData.
Delete the following driver files in both C:WindowsSystem32drivers and C:WindowsSysWOW64drivers. In all cases delete the files with the extensions .sys, .cat, and .inf with the following prefixes:
SEP
SYMEVENT
SysPlant
Teefer
WGX
Delete the following driver files in both C:WindowsSystem32 and C:WindowsSysWOW64:
FwsVpn.dll
SysFer.dll
snacnp.dll
SysFerThunk.dll
SymVPN.dll
Go to C:WindowsInstaller.
For each file in C:WindowsInstaller, right-click the file and click Properties.
On the Summary tab, check to see whether the file was created by Symantec. If it was, delete the file.
Repeat steps 10 and 11 for every file in the folder.

Step 10: To remove the Teefer driver

Click Start > Search, type cmd, and press Ctrl+Shift+Enter to start a command prompt with Administrator privileges.
Type pnputil -e to list the Symantec drivers in the driver store.
Type pnputil -f -d oem.inf to remove Symantec drivers from driver store, where is a number corresponding to one of the Symantec drivers listed in the previous step.
Type exit to close the command prompt.
In the Windows registry editor, navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlClass{4D36E972-E325-11CE-BFC1-08002bE10318}.
Delete any keys that have a value of ComponentId that is set to symc_teefer2.
Navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlDeviceClasses{ad498944-762f-11d0-8dcb-00c04fc3358c}.
Delete any keys that have a name containing SYMC_TEEFERMP.
Navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlDeviceClasses{cac88424-7515-4c03-82e6-71a87abac361}.
Delete any keys that have a name containing SYMC_TEEFERMP.
Close the Windows Registry Editor.
In the Device Manager (devmgmt.msc), go to Network Adapters, and delete all entries with 'teefer' in them.
Delete any network adapters to which teefer was attached.
This causes the adapters to be reinstalled. This step must be done in order for there to be network connectivity after you restart the computer.
Restart the computer into normal mode.

Symantec Endpoint Protection 14 Update Definitions Manually

Step 11: Restart the computer

You must restart the computer again in order to ensure that all changes have been made.

References

Symantec Endpoint Protection Deployment …

• Symantec Endpoint Removal

Manually Update Endpoint Definitions

0 Comments