Jump to content


thoffman

Established Members
  • Posts

    14
  • Joined

  • Last visited

thoffman's Achievements

Newbie

Newbie (1/14)

0

Reputation

  1. These are for software update packages, I don't see the option to updates DP's on a schedule. Good thought though! I opened a ticket up with Microsoft and they couldn't figure it out either. Very strange. Everything finally did update, just going to keep an eye on it. If it happens again I'll have to try and escalate it to a higher tier.
  2. SCCM should use a WMI Query to determine servers and clients. I would created separate collections and separate your servers out from the workstations with your own WMI Queries. That way you can control the policies and maintenance windows a little better. I'm going to use SCCM to update our servers, but we are going to do manual updates via the client to truly control reboots that resulted in software updates. Just can't risk certain servers shutting down during production hours.
  3. Anyone else ever have this happen? No one else was in the System (currently into the initial deployment phase, almost done). I've had everything up and running for about 3-4 months now. Several of our Windows Software Update packages were automatically redistributed to all of the Distribution points. (We have about 30 Distribution Points currently and 800 devices. Multiple small remote offices). No one was even in the system, by the time I got in today and did my daily check on the health of the system, I noticed every DP was receiving content. I don't have ADR setup on the software update packages, except for one which is endpoint protection updates. I looks like the packages updated the same time the ADR ran, but it isn't associated with the software update packages in anyway. I'm just not sure why this happened? I don't have content validation setup either. Anyone have any ideas?
  4. Is this the best method below? (thats the line the application builds for the .msi)
  5. No specific reason, I found some vbscripts that someone used to run all of there applications, the only real positive was the option where the script created a log file every time an msi was insalled in the following directory - C:\Windows\CCM\Logs and created a file name for the installer, but honestly this isn't a neccessity. For right now I just want to make this as simple and diverese enough to run on multiple OS. I ran the follwoing batch file below and it seemed to work on one windows 8.1 computer, but failed on a windows 7 computer. I can do some more trouble shooting on the other computer, could have been an issue on that pc, but packages and applications installed fine. Task sequence seemed to fail. Maybe I need to get a little more creative with my command line. This is what i ran as a .bat, would it be better to just put something in the command line and not reference a .bat file at all? @echo off msiexec.exe /q /i "%~dp0ClientSetupMSI.msi" exit Thanks a lot for the reply, I'm new to SCCM and pressure is starting to settle in for my deployments. This may be a seperate issue, but my task sequence just got stuck at downloading at 0% unless I logged off and back in when I select the option to download the content locally on deployment. If i select the option to download only when needed it works without issue, (but was then failing).
  6. Hello, So i've verified that running with PSExec.exe -i -s -d cmd.exe and kicking off my vbscript that my .msi will not install as local system. (the application installs, but has some errors after the install). I've attached to log files for the .msi, but this is a vendor packaged .msi so not sure what I could do about this. Is there any way at all to run this as a domain account that I specify instead? I would like to avoid using a task sequence if at all possible. I would prefer either an application or package. I would love to find a .vbs script that runs another script as a specified account calling the script from the current dirrectory. I found one, but could not successfully get it to call another script, much less run it as a domain account. Its hard to believe that SCCM 2012 doesn't have a built in option to run an application or package as a specified user. It just seems like I have much more success running packages or applications versues using the task sequence option. Our environment is filled with Windows 7 and Windows 8 clients. I have about 800-1000 workstations that will need this .msi installed. For the task sequence I ran, I kicked off a batch file that simply excecuted my .msi. Maybe there is a better way to do this without lossing the option to specify the account? Thanks in advance guys, I have a 1 week deadline to get this to work. I'm running out of ideas!
  7. So I take it back, task sequence is giving me some other errors with the .bat file. Is there a way to run a VBscript in the application model to run the msi as domain account? Something like - cscript.exe "clientinstall.vbs" to still use the application model? Anyone happen to have a script that does this that they use to deploy applications?
  8. Brief history on this one. I spent two days trying to get my .msi to deploy using the application model without success so I could potentially use the supercedence option in the future. Finally came to the conclusion that my application will not install properly running as local system. (This is a clinical EHR program). I found the following website and couldn't make this work properly either - http://www.bewi.at/?p=1173 . That script was run with a .exe in mind, and I struggled getting the msexec command to run successfully through powershell. What finally made me give up on the application model was that $PSScriptRoot requires powershell 3.0 to run, and we have Windows 7 which most cases is running powershell 2.0 and not looking to update powershell for 800 workstations. I really wish I could tell the application model to run with a domain admin account. Anyways what I ended up doing was just packaging out my .msi, and then deployed a batch script that was ran as a domain admin account to install the .msi through a task sequence. My concern is what is the best method to update the .msi in the future when there are updates(and I'm sure there will be). I'm assuming they will have a new full .msi that I will need to push out to all clients, so will most likely need to uninstall the current version, and then reinstall the updated client. Maybe do this through another task sequence, use something with another batch file to use msiexec.exe /x clientinstall.msi and then run another task to install the new client? Probably a reboot in between the install also. Or is there a much easier way to do this? Sorry for the long post, just wanted to give enough detail! Thanks!
  9. I figured it out! I added this to my batch file and the batch file it calls on and it finally successfully removed trend. I need to do more testing, but I think it finally works. @ECHO OFF IF NOT "%PROCESSOR_ARCHITEW6432%"=="AMD64" GOTO native ECHO "Re-launching Script in Native Command Processor..." %SystemRoot%\Sysnative\cmd.exe /c %0 %* EXIT :native ECHO "Running Script in Native Command Processor..." REM Your script starts here
  10. Do you have a maintenance window define for the collection? You may also want want to make sure they deployment type is set to Required and potentially set a deadline behavior if you don't have a maintenance window defined for the collection.
  11. This is a little off topic from my last post, was wanted to start a new one. I have some 64bit keys in the registry that need deleted, and it seems like since the SCCM client launches in 32bit mode it can't handle the call to a 64bit cmd during the script to delete the keys that I believe are 64bit keys.(i'm guessing these are 64 bit calls, I can't see any other reason why it won't delete these keys) The script deletes most of the keys except for these. I tried running the following commands in a custom task sequence with *Disable 64-bit file system redirection" turned off without any luck. (there are multiple keys in the tree i'm trying to delete, do I need to delete each individual key instead of the tree?) reg delete HKLM\SOFTWARE\TrendMicro /f reg.exe delete HKLM\SOFTWARE\TrendMicro cmd.exe /c reg delete HKLM\SOFTWARE\TrendMicro /f I found the following for some 64 bit cmd call functions, but couldn't figure out how to make these work in windows much less sccm. %windir%\syswow64\cmd.exe /c %windir%\sysnative\reg.exe If I run a call to reg.exe and refer to a .reg file will this work? Not sure why this is giving me so much trouble. Here are the Task Sequence Logs - Set a global environment variable _SMSTSLogPath=C:\Windows\CCM\Logs\SMSTSLog TSManager 9/27/2014 1:11:14 PM 5248 (0x1480) Expand a string: smsswd.exe /run: reg delete HKLM\SOFTWARE\TrendMicro /f reg delete HKLM\SOFTWARE\Wow6432Node\TrendMicro /f reg delete HKLM\SOFTWARE\Wow6432Node\TrendMicro_Volatile /f TSManager 9/27/2014 1:11:14 PM 5248 (0x1480) Expand a string: TSManager 9/27/2014 1:11:14 PM 5248 (0x1480) Start executing the command line: smsswd.exe /run: reg delete HKLM\SOFTWARE\TrendMicro /f reg delete HKLM\SOFTWARE\Wow6432Node\TrendMicro /f reg delete HKLM\SOFTWARE\Wow6432Node\TrendMicro_Volatile /f TSManager 9/27/2014 1:11:14 PM 5248 (0x1480) !--------------------------------------------------------------------------------------------! TSManager 9/27/2014 1:11:14 PM 5248 (0x1480) Expand a string: WinPEandFullOS TSManager 9/27/2014 1:11:14 PM 5248 (0x1480) Executing command line: smsswd.exe /run: reg delete HKLM\SOFTWARE\TrendMicro /f reg delete HKLM\SOFTWARE\Wow6432Node\TrendMicro /f reg delete HKLM\SOFTWARE\Wow6432Node\TrendMicro_Volatile /f TSManager 9/27/2014 1:11:14 PM 5248 (0x1480) [ smsswd.exe ] InstallSoftware 9/27/2014 1:11:14 PM 2944 (0x0B80) PackageID = '' InstallSoftware 9/27/2014 1:11:14 PM 2944 (0x0B80) BaseVar = '', ContinueOnError='' InstallSoftware 9/27/2014 1:11:14 PM 2944 (0x0B80) ProgramName = 'reg delete HKLM\SOFTWARE\TrendMicro /f reg delete HKLM\SOFTWARE\Wow6432Node\TrendMicro /f reg delete HKLM\SOFTWARE\Wow6432Node\TrendMicro_Volatile /f' InstallSoftware 9/27/2014 1:11:14 PM 2944 (0x0B80) SwdAction = '0001' InstallSoftware 9/27/2014 1:11:14 PM 2944 (0x0B80) Getting linked token InstallSoftware 9/27/2014 1:11:14 PM 2944 (0x0B80) Working dir 'not set' InstallSoftware 9/27/2014 1:11:15 PM 2944 (0x0B80) Executing command line: Run command line InstallSoftware 9/27/2014 1:11:15 PM 2944 (0x0B80) Process completed with exit code 1 InstallSoftware 9/27/2014 1:11:15 PM 2944 (0x0B80) ERROR: Invalid syntax. InstallSoftware 9/27/2014 1:11:15 PM 2944 (0x0B80) Type "REG DELETE /?" for usage. InstallSoftware 9/27/2014 1:11:15 PM 2944 (0x0B80) Command line returned 1 InstallSoftware 9/27/2014 1:11:15 PM 2944 (0x0B80) Process completed with exit code 1 TSManager 9/27/2014 1:11:15 PM 5248 (0x1480) !--------------------------------------------------------------------------------------------! TSManager 9/27/2014 1:11:15 PM 5248 (0x1480) Failed to run the action: Run Command Line. Incorrect function. (Error: 00000001; Source: Windows) TSManager 9/27/2014 1:11:15 PM 5248 (0x1480) Set authenticator in transport TSManager 9/27/2014 1:11:15 PM 5248 (0x1480) Set a global environment variable _SMSTSLastActionRetCode=1 TSManager 9/27/2014 1:11:15 PM 5248 (0x1480) Set a global environment variable _SMSTSLastActionSucceeded=false TSManager 9/27/2014 1:11:15 PM 5248 (0x1480) Clear local default environment TSManager 9/27/2014 1:11:15 PM 5248 (0x1480) Failed to run the action: Run Command Line. Execution has been aborted TSManager 9/27/2014 1:11:15 PM 5248 (0x1480) Set authenticator in transport TSManager 9/27/2014 1:11:15 PM 5248 (0x1480) Failed to run the last action: Run Command Line. Execution of task sequence failed. Incorrect function. (Error: 00000001; Source: Windows) TSManager 9/27/2014 1:11:15 PM 5248 (0x1480) Set authenticator in transport TSManager 9/27/2014 1:11:15 PM 5248 (0x1480) Task Sequence Engine failed! Code: enExecutionFail TSManager 9/27/2014 1:13:06 PM 5248 (0x1480) **************************************************************************** TSManager 9/27/2014 1:13:06 PM 5248 (0x1480) Task sequence execution failed with error code 80004005 TSManager 9/27/2014 1:13:06 PM 5248 (0x1480)
  12. So I think I figured out what the problem is, but i'm not sure how to fix the issue. I "think" what is going on is that the SCCM Client is running my batch file in 32bit mode, but the registry keys that need to be deleted need to be ran with 64bit permissions. I guess what I need to figure out is how to delete the registry keys with the client. I couldn't get the task sequence to work properly, but I haven't really had time to trouble shoot what I'm doing wrong.*there is disable 64bit file system redirection option, but like I said my task sequence is failing* (I didn't try to copy the files local, I tried to reference to a package, and then have the deployment download the files and store them locally on the client). But I don't think its running properly. Is there a simple way to delete registry files with a bat file with the regular package deployment? I tried the following but this didn't work - %windir%\sysnative\reg: delete "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS" /f These are what are left over - AEGIS LoadHTTP NSC PC-cillinNTCorp Here is what is in the Script - echo Remove registry call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AMSP" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AMSP_INST" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AMSPStatus" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AMSPTest" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\UniClient" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\AEGIS" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\NSC" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\Wofie" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\Vizor" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\LoadHTTP" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\LoadHTTP" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\OfcWatchDog" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\OfcWatchDog" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wofie" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OfficeScanNT" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\OfficeScanNT" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillin" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\Osprey" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\Osprey" *Edit* Looks like my task sequence actually did run, but it still didn't remove the registry entries. I can even do it with a different script, just need to find a way to accomplish this.
  13. Thanks for the reply Rocket Man. I'll have to figure out how to get the task sequence to work. (I'm new to SCCM, but almost ready to deploy to production, just waiting to get this Trend mess straightened out). The script is linked through the first script, which seems somewhat complex. I haven't tested if I just execute the first script, then the second script separately, if it will remove what I need. (This is a script written by trend themselves) I'll have to read through the script and concentrate on how to remove the integration of the second script within the script. The batch file also has a bunch of source .dll files and .exe files in the folder, but this is the closest I've come to removing Trend via automation. I wonder if SCCM application deployment is executing the script to quickly which is causing the second half not to run? Or is its a "%~dp0 that is missing from the script?
  14. Hey Everyone, Trying to uninstall Trend Micro Worry Free Business Security Agent from all of our computers to soon be replaced with Endpoint Protection. Endpoint Proection doesn't realiablly remove Trend every time, so I found a script that does. Currenlty the script is setup as a standard program running as admin pointing to the first script below being deployed as a package. The program can also only run when a user is logged in and the content is set to download from the DP and run locally. Problem is that the script partially removes trend, but doesn't remove the registry keys ect. that it does when I run it local. The primary script being ran (lets call it uninstall.bat) calls a second script AgentRemoval.bat that does the registry removal ect. It doesn't seem like this second script is running, but there aren't any errors in the logs. I also found the temporary directory that SCCM copys the scripts to on the test machine, launched the bat file from here, and everything runs as expected. I'm starting to run out of ideas, any help in identifying the issues with the script would be great! Primary Script that Runs - Uninstall.Bat @echo off IF EXIST "c:\trenduninstall" GOTO EXIT SETLOCAL EnableDelayedExpansion rem In elevated case, the current directory is not where the batch file is. rem Switch to where the script is first. chdir /d "%~dp0" copy /Y "AgentRemoval\AgentRemoval.bat" c:\ >NUL 2>&1 if ERRORLEVEL 1 ( echo -------------------------------------------------------- echo -------------------------------------------------------- echo -------------------------------------------------------- echo Please run this script with Administrator privilege!! echo -------------------------------------------------------- echo -------------------------------------------------------- echo -------------------------------------------------------- goto :EOF ) else ( del /f /q c:\AgentRemoval.bat ) echo "%~dp0">> "CheckPath.tmp" findstr /r /c:"[()]" CheckPath.tmp >>"CheckPath.tmp" if NOT ERRORLEVEL 1 ( echo -------------------------------------------------------- echo -------------------------------------------------------- echo -------------------------------------------------------- echo Please move these script files to a path name without echo "^(" and "^)" characters!! echo -------------------------------------------------------- echo -------------------------------------------------------- del /f /q CheckPath.tmp goto :EOF ) else ( del /f /q CheckPath.tmp ) set TIMESTAMP= for /F "tokens=1,2,3 delims=:. " %%a in ("%TIME%") do ( set TIMESTAMP=%%a_%%b_%%c ) set UNINST_LOG_PATH=%WINDIR%\Temp\WFBS_Debug\Uninstall_%TIMESTAMP% mkdir "%UNINST_LOG_PATH%" >NUL 2>&1 regedit /e "%UNINST_LOG_PATH%\TrendMicro.reg" HKEY_LOCAL_MACHINE\Software\TrendMicro sc query amsp > "%UNINST_LOG_PATH%\ServiceStatus.log" sc query tmlisten >> "%UNINST_LOG_PATH%\ServiceStatus.log" sc query ntrtscan >> "%UNINST_LOG_PATH%\ServiceStatus.log" sc query tmcomm >> "%UNINST_LOG_PATH%\ServiceStatus.log" sc query tmactmon >> "%UNINST_LOG_PATH%\ServiceStatus.log" sc query tmevtmgr >> "%UNINST_LOG_PATH%\ServiceStatus.log" echo WFBS 8.0 Security Agent Uninstall Tool echo WFBS 8.0 Security Agent Uninstall Tool>> "Uninstall.%TIMESTAMP%.log" 2>>&1 type AgentRemoval\Version.txt type AgentRemoval\Version.txt >> "Uninstall.%TIMESTAMP%.log" 2>>&1 echo Log file "Uninstall.%TIMESTAMP%.log" is created. call AgentRemoval\AgentRemoval.bat >> "Uninstall.%TIMESTAMP%.log" 2>>&1 set DESKTOP=%HOMEDRIVE%%HOMEPATH%\Desktop for /F "tokens=2 delims=:" %%d in ('REG QUERY "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v "Desktop" ^|FINDSTR /I "Desktop" 2^>NUL') do ( set DESKTOP=%HOMEDRIVE%%%d ) set PATH=%~dp0AgentRemoval\zip;%PATH% pushd "%WINDIR%\Temp\WFBS_Debug" zip.exe -rq ..\WFBS_Debug_%TIMESTAMP%.zip *.* move ..\WFBS_Debug_%TIMESTAMP%.zip "%DESKTOP%\" popd if exist "%DESKTOP%\WFBS_Debug_%TIMESTAMP%.zip" ( cls rem explorer /select,"%DESKTOP%\WFBS_Debug_%TIMESTAMP%.zip" cmd.exe /V:ON /C AgentRemoval\generate_label.bat AgentRemoval\msg_log_collected.txt ) cls cmd.exe /V:ON /C AgentRemoval\generate_label.bat AgentRemoval\msg_uninstall_end.txt md "c:\trenduninstall" :EXIT rem Built with WFBS 8.0.1315 Second Script that is linked - AgentRemoval.bat @ECHO OFF SETLOCAL EnableDelayedExpansion rem: Description: Force removal tool for Security Agent set INSTALL_RUNTIME_ROOT=%~dp0 rem: query installed folder from registry key echo Finding Security Agent 7... call :GETREGFOLDER "HKLM\Software\TrendMicro\Wofie\CurrentVersion" "Application Path" set PRODUCT_ROOT=%_REGFOLDER% if EXIST "%PRODUCT_ROOT%" ( set PRODUCT_ROOT_7=!PRODUCT_ROOT! ) if NOT EXIST "%PRODUCT_ROOT%" ( echo Finding 32-bit common client... call :GETREGFOLDER "HKLM\Software\TrendMicro\PC-cillinNTCorp\CurrentVersion" "Application Path" set PRODUCT_ROOT=!_REGFOLDER! set PRODUCT_ROOT_6=!PRODUCT_ROOT! ) if NOT EXIST "%PRODUCT_ROOT%" ( echo Finding 64-bit common client... call :GETREGFOLDER "HKLM\Software\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion" "Application Path" set PRODUCT_ROOT=!_REGFOLDER! set PRODUCT_ROOT_6=!PRODUCT_ROOT! ) if /I "%PROCESSOR_ARCHITEW6432%" EQU "AMD64" ( echo Running in WOW6432 environment. if NOT EXIST "!PRODUCT_ROOT!" ( set PRODUCT_ROOT=!ProgramW6432!\Trend Micro\Security Agent\ ) if NOT EXIST "!PRODUCT_ROOT_7!" ( set PRODUCT_ROOT_7=!ProgramW6432!\Trend Micro\Security Agent\ ) ) else ( echo Running in native environment. if NOT EXIST "!PRODUCT_ROOT!" ( set PRODUCT_ROOT=!ProgramFiles!\Trend Micro\Security Agent\ ) if NOT EXIST "!PRODUCT_ROOT_7!" ( set PRODUCT_ROOT_7=!ProgramFiles!\Trend Micro\Security Agent\ ) ) if NOT EXIST "%PRODUCT_ROOT_6%" ( if /I "!PROCESSOR_ARCHITECTURE!" EQU "AMD64" ( set PRODUCT_ROOT_6=!ProgramFiles^(x86^)!\Trend Micro\Client Server Security Agent\ ) else ( if /I "!PROCESSOR_ARCHITEW6432!" EQU "AMD64" ( set PRODUCT_ROOT_6=!ProgramFiles^(x86^)!\Trend Micro\Client Server Security Agent\ ) else ( set PRODUCT_ROOT_6=!ProgramFiles!\Trend Micro\Client Server Security Agent\ ) ) ) echo Security Agent installed at: %PRODUCT_ROOT% echo Client-Server Security Agent installed at: %PRODUCT_ROOT_6% echo Security Agent 7 installed at: %PRODUCT_ROOT_7% echo Finding Anti-Malware Solution Platform... call :GETREGFOLDER "HKLM\Software\TrendMicro\AMSP" InstallDir set INSTALL_ROOT=%_REGFOLDER% if NOT EXIST "%INSTALL_ROOT%AMSP" ( call :GETFOLDER "!PRODUCT_ROOT!..\" set INSTALL_ROOT=!_RESULT! ) if NOT EXIST "%INSTALL_ROOT%AMSP" ( if /I "!PROCESSOR_ARCHITEW6432!" EQU "AMD64" ( set INSTALL_ROOT=!ProgramW6432!\Trend Micro\ ) else ( set INSTALL_ROOT=!ProgramFiles!\Trend Micro\ ) ) echo AMSP installed at: %INSTALL_ROOT%AMSP echo Security Agent Remover Start [%DATE%][%TIME%] set AGENT_DISABLE_SVC=1 call "%INSTALL_RUNTIME_ROOT%AgentStop.bat" echo Remove AMSP, Communicator, Eagle Eye and AEGIS drivers call :DELSERVICE amsp tmactmon tmevtmgr tmcomm call :DELSERVICE tmcomm tmlisten ntrtscan tmbmserver tmprefilter vsapint tmfilter call :DELSERVICE tmproxy tmpfw call :DELSERVICE tmeevw tmusa echo Stop and Remove Firewall drivers call :GETWINMAJORVER if %WINMAJORVER% LEQ 5 ( call :FINDNSCUTIL ncfg.exe if exist "!_RESULT!" ( call :GETFOLDER "!_RESULT!" echo "!_RESULT!ncfg.exe" -ur tm_cfw "!_RESULT!ncfg.exe" -ur tm_cfw echo "!_RESULT!ncfg.exe" -c "!_RESULT!ncfg.exe" -c echo "!_RESULT!ncfg.exe" -X1 "!_RESULT!ncfg.exe" -X1 echo "!_RESULT!ncfg.exe" -S "!_RESULT!ncfg.exe" -S ) ) else ( call :FINDNSCUTIL tmlwfins.exe if exist "!_RESULT!" ( call :GETFOLDER "!_RESULT!" echo "!_RESULT!tmlwfins.exe" -u tmlwf "!_RESULT!tmlwfins.exe" -u tmlwf ) call :FINDNSCUTIL tmwfpins.exe if exist "!_RESULT!" ( call :GETFOLDER "!_RESULT!" echo "!_RESULT!tmwfpins.exe" -u "!_RESULT!tmwfp.inf" "!_RESULT!tmwfpins.exe" -u "!_RESULT!tmwfp.inf" ) ) echo Stop and Remove Proxy drivers set TMTDI_REG=Software\TrendMicro\AMSP call :FINDFILEBYNAME "%INSTALL_ROOT%AMSP\module\20004" tdiins.exe if not exist "!_RESULT!" ( call :FINDFILEBYNAME "%PRODUCT_ROOT%pfw_features" tdiins.exe ) if not exist "!_RESULT!" ( set TMTDI_REG=SOFTWARE\TrendMicro\NSC\TmProxy call :FINDFILEBYNAME "%PRODUCT_ROOT%" tdiins.exe ) if exist "!_RESULT!" ( call :GETFOLDER "!_RESULT!" echo "!_RESULT!tdiins.exe" -u "!_RESULT!tmtdi.inf" %TMTDI_REG% InfNameForTdi "!_RESULT!tdiins.exe" -u "!_RESULT!tmtdi.inf" %TMTDI_REG% InfNameForTdi ) echo Force Remove Proxy drivers if /I "%PROCESSOR_ARCHITECTURE%" EQU "AMD64" ( set RSTRTMGR=%INSTALL_RUNTIME_ROOT%x64\RestartManager.exe ) else ( if /I "%PROCESSOR_ARCHITEW6432%" EQU "AMD64" ( set RSTRTMGR=%INSTALL_RUNTIME_ROOT%x64\RestartManager.exe ) else ( set RSTRTMGR=%INSTALL_RUNTIME_ROOT%x86\RestartManager.exe ) ) echo Restart Manager "%RSTRTMGR%" if exist "%RSTRTMGR%" ( echo "%RSTRTMGR%" "%INSTALL_RUNTIME_ROOT%RemoveNSC.ini" "%RSTRTMGR%" "%INSTALL_RUNTIME_ROOT%RemoveNSC.ini" ) call :REMOVE_SHELL_EXT call :RMVTRENDPROTECT echo Remove files call :DELFOLDER "%INSTALL_ROOT%AMSP\" call :DELFOLDER "%INSTALL_ROOT%UniClient\" call :DELFOLDER "%PRODUCT_ROOT%..\BM" call :DELFOLDER "%PRODUCT_ROOT%" if EXIST "%PRODUCT_ROOT_6%" call :DELFOLDER "%PRODUCT_ROOT_6%" if EXIST "%PRODUCT_ROOT_7%" call :DELFOLDER "%PRODUCT_ROOT_7%" echo Remove Start Menu shortcuts set _RESULT=%ALLUSERSPROFILE%\Start Menu\Programs\Trend Micro Worry-Free Business Security Agent if exist "%_RESULT%" ( call :DELFOLDER "%_RESULT%" ) for /f "delims=" %%f in ('dir /b /s ^"!ALLUSERSPROFILE!^" ^| find /I ^"Business Security Agent^" ^| find /I /V ^".lnk^"') do ( set _RESULT=%%f ) if exist "%_RESULT%" ( call :DELFOLDER "%_RESULT%" ) for /f "delims=" %%f in ('dir /b /s ^"!ALLUSERSPROFILE!^" ^| find /I ^"Server Security Agent^" ^| find /I /V ^".lnk^"') do ( set _RESULT=%%f ) if exist "%_RESULT%" ( call :DELFOLDER "%_RESULT%" ) echo Remove registry call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AMSP" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AMSP_INST" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AMSPStatus" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AMSPTest" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\UniClient" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\AEGIS" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\NSC" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\Wofie" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\Vizor" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\LoadHTTP" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\LoadHTTP" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\OfcWatchDog" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\OfcWatchDog" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wofie" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OfficeScanNT" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\OfficeScanNT" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillin" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\Osprey" call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\Osprey" echo Remove Windows Installer record of SA 8.0 "%INSTALL_RUNTIME_ROOT%msizap.exe" TW! {19D84BB4-35C9-4125-90AB-C2ADD0F9A8EC} "%INSTALL_RUNTIME_ROOT%msizap.exe" TW! {8456195C-3BA3-45a4-A6A7-30AE7A62EADB} echo Remove Windows Installer record of CSA 7.0 "%INSTALL_RUNTIME_ROOT%msizap.exe" TW! {0A07E717-BB5D-4B99-840B-6C5DED52B277} rem call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A07E717-BB5D-4B99-840B-6C5DED52B277}" rem call :DELREGISTRY "HKEY_CLASSES_ROOT\Installer\Features\717E70A0D5BB99B448B0C6D5DE252B77" rem call :DELREGISTRY "HKEY_CLASSES_ROOT\Installer\Products\717E70A0D5BB99B448B0C6D5DE252B77" rem call :DELREGISTRY "HKEY_CLASSES_ROOT\Installer\UpgradeCodes\8A88AE84D667B304CB368C99791A74A6" echo Remove Windows Installer record of CSA 6.0 or earlier "%INSTALL_RUNTIME_ROOT%msizap.exe" TW! {ECEA7878-2100-4525-915D-B09174E36971} echo Cancel Ongoing Installation "%INSTALL_RUNTIME_ROOT%msizap.exe" PS echo Remove auto-startup programs call :DELREGVALUE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "Trend Micro Client Framework" call :DELREGVALUE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "OfficeScanNT Monitor" call :DELREGVALUE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "OE" call :DELREGVALUE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "OfficeScanNT Monitor" call :DELREGVALUE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "OE" echo Remove driver files call :DELFILE %WINDIR%\system32\drivers\tmactmon.sys call :DELFILE %WINDIR%\system32\drivers\tmevtmgr.sys call :DELFILE %WINDIR%\system32\drivers\tmcomm.sys call :DELFILE %WINDIR%\system32\drivers\tmeevw.sys call :DELFILE %WINDIR%\system32\drivers\tmusa.sys echo remove INF and PNF files "%INSTALL_RUNTIME_ROOT%\RemoveINF.exe" if "%UNINST_LOG_PATH%" NEQ "" ( if exist "%UNINST_LOG_PATH%" ( copy /Y *.log "%UNINST_LOG_PATH%\" copy /Y AgentRemoval\*.log "%UNINST_LOG_PATH%\" ) ) rem end of the file! goto :EOF :REMOVE_SHELL_EXT echo Stop and Un-register Shell Extensions if exist "%INSTALL_ROOT%UniClient\UiFrmwrk\tmdshell.dll" ( echo regsvr32 /u /s "%INSTALL_ROOT%UniClient\UiFrmwrk\tmdshell.dll" regsvr32 /u /s "%INSTALL_ROOT%UniClient\UiFrmwrk\tmdshell.dll" taskkill /F /IM explorer.exe >NUL 2>&1 start explorer ) echo Remove shell extension call :DELREGISTRY "HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}" call :DELREGISTRY "HKEY_CLASSES_ROOT\CLSID\{48F45200-91E6-11CE-8A4F-0080C81A28D4}" call :DELREGISTRY "HKEY_CLASSES_ROOT\DocShortcut\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}" call :DELREGISTRY "HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}" call :DELREGISTRY "HKEY_CLASSES_ROOT\InternetShortcut\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}" call :DELREGISTRY "HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}" call :DELREGISTRY "HKEY_CLASSES_ROOT\piffile\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}" GOTO :EOF :GETREGFOLDER set _REGFOLDER= for /F "tokens=1,2 delims=:" %%a in ('REG QUERY %1 /v %2 ^|FINDSTR /I %2 2^>NUL') do ( set DISK=%%a set FOLDER=%%b call :GETFOLDER "!DISK:~-1!:!FOLDER!\" set _REGFOLDER=!_RESULT! ) GOTO :EOF :FINDFILEBYNAME set _FINDTHIS=%~f1 set _RESULT= for /f "delims=" %%f in ('dir ^"!_FINDTHIS!^" /s /b ^| findstr /I %2') do ( set _RESULT=%%f ) GOTO :EOF :GETFOLDER set _RESULT=%~dp1 if "%_RESULT:~-1%" NEQ "\" set _RESULT=%_RESULT%\ GOTO :EOF :DELSERVICE set SERVICE_TO_DEL=%* for %%p in (%SERVICE_TO_DEL%) do ( echo sc delete %%p sc delete %%p ) GOTO :EOF :DISABLESERVICE set SERVICE_TO_DISABLE=%* for %%p in (%SERVICE_TO_DISABLE%) do ( echo sc config %%p start= disabled sc config %%p start= disabled ) GOTO :EOF :STOPSERVICE set SERVICE_TO_STOP=%* for %%p in (%SERVICE_TO_STOP%) do ( echo net stop /y %%p net stop /y %%p ) GOTO :EOF :DELFILE echo del /F /Q %* del /F /Q %* GOTO :EOF :DELFOLDER set FOLDER_TO_DEL=%* for %%p in (%FOLDER_TO_DEL%) do ( echo RMDIR /S /Q %%p RMDIR /S /Q %%p if exist %%p ( call :MOVEFOLDERTOTMP %%p ) ) GOTO :EOF :DELREGVALUE set REGISTRY_KEY=%1 set REGISTRY_VALUE=%2 echo REG DELETE %REGISTRY_KEY% /v %REGISTRY_VALUE% /f REG DELETE %REGISTRY_KEY% /v %REGISTRY_VALUE% /f GOTO :EOF :DELREGISTRY set REGISTRY_TO_DEL=%~1 echo Deleting registry key %REGISTRY_TO_DEL% echo Windows Registry Editor Version 5.00>temp4del.reg echo [-%REGISTRY_TO_DEL%]>>temp4del.reg start /wait regedit /s temp4del.reg del /f /q temp4del.reg GOTO :EOF :KILLPROCESS set IMAGENAME_TO_KILL=%* for %%p in (%IMAGENAME_TO_KILL%) do ( echo killing process: %%p for /F "tokens=2" %%t in ('TASKLIST /NH /FI "IMAGENAME eq %%p"' ) do ( echo TASKKILL /F /PID %%t TASKKILL /F /PID %%t ) ) GOTO :EOF :MOVEFOLDERTOTMP set FOLDER_TO_TMP=%~dp1 IF %FOLDER_TO_TMP:~-1%==\ set FOLDER_TO_TMP=%FOLDER_TO_TMP:~0,-1% call :GETTEMPNAME echo move "%FOLDER_TO_TMP%" "!_TMP_RESULT!" move "%FOLDER_TO_TMP%" "!_TMP_RESULT!" GOTO :EOF :GETTEMPNAME set _TMP_RESULT=%TMP%\RmvTool-%RANDOM%-%TIME:~6,5% if exist "%_TMP_RESULT%" GOTO :GETTEMPNAME GOTO :EOF :SHOWHELP echo AMSP UniClient Framework Removal Tool echo. echo Usage echo RmvTool.bat INSTALL_RUNTIME_ROOT [DEFAULT_INSTALL_ROOT] echo. GOTO :EOF :FINDNSCUTIL set TMCFW_REG=Software\TrendMicro\AMSP call :FINDFILEBYNAME "%INSTALL_ROOT%AMSP\module\20003" %1 if not exist "!_RESULT!" ( call :FINDFILEBYNAME "%PRODUCT_ROOT%pfw_features" %1 ) if not exist "!_RESULT!" ( set TMCFW_REG=Software\TrendMicro\NSC\PFW call :FINDFILEBYNAME "%PRODUCT_ROOT%" %1 ) if not exist "!_RESULT!" ( if /I "%PROCESSOR_ARCHITECTURE%" EQU "AMD64" ( call :FINDFILEBYNAME "%INSTALL_RUNTIME_ROOT%x64" %1 ) else ( if /I "%PROCESSOR_ARCHITEW6432%" EQU "AMD64" ( call :FINDFILEBYNAME "%INSTALL_RUNTIME_ROOT%x64" %1 ) else ( call :FINDFILEBYNAME "%INSTALL_RUNTIME_ROOT%x86" %1 ) ) ) GOTO :EOF :GETWINMAJORVER set WINMAJORVER=4 for /F "tokens=1 delims=." %%v in ('wmic os get version ^| findstr \.') do set WINMAJORVER=%%v GOTO :EOF :RMVTRENDPROTECT echo Finding Trend Protect 1.X if /I "%PROCESSOR_ARCHITECTURE%" EQU "AMD64" ( reg query HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D5462C8A-D08C-4163-8293-82F2E11A2760} /v "UninstallString" | findstr UninstallString > NUL 2>&1 ) else ( reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D5462C8A-D08C-4163-8293-82F2E11A2760} /v "UninstallString" | findstr UninstallString > NUL 2>&1 ) if NOT errorlevel 1 ( echo Removing Trend Protect 1.X echo MsiExec.exe /X{D5462C8A-D08C-4163-8293-82F2E11A2760} /qn MsiExec.exe /X{D5462C8A-D08C-4163-8293-82F2E11A2760} /qn ) GOTO :EOF :EOF rem ENDLOCAL rem Built with WFBS 8.0.1315 This is the Generate_labe.bat referenced above as well - @echo off for /F "delims=" %%l in (%1) do ( if "$$l" NEQ "" echo %%l ) Any help would be great!
×
×
  • Create New...