Jump to content


  • 0
thoffman

Deploying Linked Batch Scripts through Application Management Packages

Question

Hey Everyone,

 

Trying to uninstall Trend Micro Worry Free Business Security Agent from all of our computers to soon be replaced with Endpoint Protection. Endpoint Proection doesn't realiablly remove Trend every time, so I found a script that does.

 

Currenlty the script is setup as a standard program running as admin pointing to the first script below being deployed as a package. The program can also only run when a user is logged in and the content is set to download from the DP and run locally.

 

Problem is that the script partially removes trend, but doesn't remove the registry keys ect. that it does when I run it local. The primary script being ran (lets call it uninstall.bat) calls a second script AgentRemoval.bat that does the registry removal ect. It doesn't seem like this second script is running, but there aren't any errors in the logs. I also found the temporary directory that SCCM copys the scripts to on the test machine, launched the bat file from here, and everything runs as expected.

 

I'm starting to run out of ideas, any help in identifying the issues with the script would be great!

 

Primary Script that Runs -

 

Uninstall.Bat

 

@echo off

IF EXIST "c:\trenduninstall" GOTO EXIT

SETLOCAL EnableDelayedExpansion

rem In elevated case, the current directory is not where the batch file is.
rem Switch to where the script is first.
chdir /d "%~dp0"

copy /Y "AgentRemoval\AgentRemoval.bat" c:\ >NUL 2>&1
if ERRORLEVEL 1 (
echo --------------------------------------------------------
echo --------------------------------------------------------
echo --------------------------------------------------------
echo Please run this script with Administrator privilege!!
echo --------------------------------------------------------
echo --------------------------------------------------------
echo --------------------------------------------------------
goto :EOF
) else (
del /f /q c:\AgentRemoval.bat
)

echo "%~dp0">> "CheckPath.tmp"
findstr /r /c:"[()]" CheckPath.tmp >>"CheckPath.tmp"
if NOT ERRORLEVEL 1 (
echo --------------------------------------------------------
echo --------------------------------------------------------
echo --------------------------------------------------------
echo Please move these script files to a path name without
echo "^(" and "^)" characters!!
echo --------------------------------------------------------
echo --------------------------------------------------------
del /f /q CheckPath.tmp
goto :EOF
) else (
del /f /q CheckPath.tmp
)

set TIMESTAMP=
for /F "tokens=1,2,3 delims=:. " %%a in ("%TIME%") do (
set TIMESTAMP=%%a_%%b_%%c
)
set UNINST_LOG_PATH=%WINDIR%\Temp\WFBS_Debug\Uninstall_%TIMESTAMP%
mkdir "%UNINST_LOG_PATH%" >NUL 2>&1
regedit /e "%UNINST_LOG_PATH%\TrendMicro.reg" HKEY_LOCAL_MACHINE\Software\TrendMicro
sc query amsp > "%UNINST_LOG_PATH%\ServiceStatus.log"
sc query tmlisten >> "%UNINST_LOG_PATH%\ServiceStatus.log"
sc query ntrtscan >> "%UNINST_LOG_PATH%\ServiceStatus.log"
sc query tmcomm >> "%UNINST_LOG_PATH%\ServiceStatus.log"
sc query tmactmon >> "%UNINST_LOG_PATH%\ServiceStatus.log"
sc query tmevtmgr >> "%UNINST_LOG_PATH%\ServiceStatus.log"

echo WFBS 8.0 Security Agent Uninstall Tool
echo WFBS 8.0 Security Agent Uninstall Tool>> "Uninstall.%TIMESTAMP%.log" 2>>&1
type AgentRemoval\Version.txt
type AgentRemoval\Version.txt >> "Uninstall.%TIMESTAMP%.log" 2>>&1
echo Log file "Uninstall.%TIMESTAMP%.log" is created.
call AgentRemoval\AgentRemoval.bat >> "Uninstall.%TIMESTAMP%.log" 2>>&1

set DESKTOP=%HOMEDRIVE%%HOMEPATH%\Desktop
for /F "tokens=2 delims=:" %%d in ('REG QUERY "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v "Desktop" ^|FINDSTR /I "Desktop" 2^>NUL') do (
set DESKTOP=%HOMEDRIVE%%%d
)
set PATH=%~dp0AgentRemoval\zip;%PATH%
pushd "%WINDIR%\Temp\WFBS_Debug"
zip.exe -rq ..\WFBS_Debug_%TIMESTAMP%.zip *.*
move ..\WFBS_Debug_%TIMESTAMP%.zip "%DESKTOP%\"
popd

if exist "%DESKTOP%\WFBS_Debug_%TIMESTAMP%.zip" (
cls
rem explorer /select,"%DESKTOP%\WFBS_Debug_%TIMESTAMP%.zip"
cmd.exe /V:ON /C AgentRemoval\generate_label.bat AgentRemoval\msg_log_collected.txt
)

cls
cmd.exe /V:ON /C AgentRemoval\generate_label.bat AgentRemoval\msg_uninstall_end.txt

md "c:\trenduninstall"

:EXIT

rem Built with WFBS 8.0.1315

 

 

 

 

Second Script that is linked -

 

 

AgentRemoval.bat

 

 

 

@ECHO OFF
SETLOCAL EnableDelayedExpansion
rem: Description: Force removal tool for Security Agent

set INSTALL_RUNTIME_ROOT=%~dp0

rem: query installed folder from registry key
echo Finding Security Agent 7...
call :GETREGFOLDER "HKLM\Software\TrendMicro\Wofie\CurrentVersion" "Application Path"
set PRODUCT_ROOT=%_REGFOLDER%
if EXIST "%PRODUCT_ROOT%" (
set PRODUCT_ROOT_7=!PRODUCT_ROOT!
)

if NOT EXIST "%PRODUCT_ROOT%" (
echo Finding 32-bit common client...
call :GETREGFOLDER "HKLM\Software\TrendMicro\PC-cillinNTCorp\CurrentVersion" "Application Path"
set PRODUCT_ROOT=!_REGFOLDER!
set PRODUCT_ROOT_6=!PRODUCT_ROOT!
)
if NOT EXIST "%PRODUCT_ROOT%" (
echo Finding 64-bit common client...
call :GETREGFOLDER "HKLM\Software\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion" "Application Path"
set PRODUCT_ROOT=!_REGFOLDER!
set PRODUCT_ROOT_6=!PRODUCT_ROOT!
)
if /I "%PROCESSOR_ARCHITEW6432%" EQU "AMD64" (
echo Running in WOW6432 environment.
if NOT EXIST "!PRODUCT_ROOT!" (
set PRODUCT_ROOT=!ProgramW6432!\Trend Micro\Security Agent\
)
if NOT EXIST "!PRODUCT_ROOT_7!" (
set PRODUCT_ROOT_7=!ProgramW6432!\Trend Micro\Security Agent\
)
) else (
echo Running in native environment.
if NOT EXIST "!PRODUCT_ROOT!" (
set PRODUCT_ROOT=!ProgramFiles!\Trend Micro\Security Agent\
)
if NOT EXIST "!PRODUCT_ROOT_7!" (
set PRODUCT_ROOT_7=!ProgramFiles!\Trend Micro\Security Agent\
)
)
if NOT EXIST "%PRODUCT_ROOT_6%" (
if /I "!PROCESSOR_ARCHITECTURE!" EQU "AMD64" (
set PRODUCT_ROOT_6=!ProgramFiles^(x86^)!\Trend Micro\Client Server Security Agent\
) else (
if /I "!PROCESSOR_ARCHITEW6432!" EQU "AMD64" (
set PRODUCT_ROOT_6=!ProgramFiles^(x86^)!\Trend Micro\Client Server Security Agent\
) else (
set PRODUCT_ROOT_6=!ProgramFiles!\Trend Micro\Client Server Security Agent\
)
)
)

echo Security Agent installed at: %PRODUCT_ROOT%
echo Client-Server Security Agent installed at: %PRODUCT_ROOT_6%
echo Security Agent 7 installed at: %PRODUCT_ROOT_7%

echo Finding Anti-Malware Solution Platform...
call :GETREGFOLDER "HKLM\Software\TrendMicro\AMSP" InstallDir
set INSTALL_ROOT=%_REGFOLDER%
if NOT EXIST "%INSTALL_ROOT%AMSP" (
call :GETFOLDER "!PRODUCT_ROOT!..\"
set INSTALL_ROOT=!_RESULT!
)
if NOT EXIST "%INSTALL_ROOT%AMSP" (
if /I "!PROCESSOR_ARCHITEW6432!" EQU "AMD64" (
set INSTALL_ROOT=!ProgramW6432!\Trend Micro\
) else (
set INSTALL_ROOT=!ProgramFiles!\Trend Micro\
)
)

echo AMSP installed at: %INSTALL_ROOT%AMSP


echo Security Agent Remover Start [%DATE%][%TIME%]

set AGENT_DISABLE_SVC=1
call "%INSTALL_RUNTIME_ROOT%AgentStop.bat"

echo Remove AMSP, Communicator, Eagle Eye and AEGIS drivers
call :DELSERVICE amsp tmactmon tmevtmgr tmcomm
call :DELSERVICE tmcomm tmlisten ntrtscan tmbmserver tmprefilter vsapint tmfilter
call :DELSERVICE tmproxy tmpfw
call :DELSERVICE tmeevw tmusa

echo Stop and Remove Firewall drivers
call :GETWINMAJORVER
if %WINMAJORVER% LEQ 5 (
call :FINDNSCUTIL ncfg.exe
if exist "!_RESULT!" (
call :GETFOLDER "!_RESULT!"
echo "!_RESULT!ncfg.exe" -ur tm_cfw
"!_RESULT!ncfg.exe" -ur tm_cfw
echo "!_RESULT!ncfg.exe" -c
"!_RESULT!ncfg.exe" -c
echo "!_RESULT!ncfg.exe" -X1
"!_RESULT!ncfg.exe" -X1
echo "!_RESULT!ncfg.exe" -S
"!_RESULT!ncfg.exe" -S
)
) else (
call :FINDNSCUTIL tmlwfins.exe
if exist "!_RESULT!" (
call :GETFOLDER "!_RESULT!"
echo "!_RESULT!tmlwfins.exe" -u tmlwf
"!_RESULT!tmlwfins.exe" -u tmlwf
)

call :FINDNSCUTIL tmwfpins.exe
if exist "!_RESULT!" (
call :GETFOLDER "!_RESULT!"
echo "!_RESULT!tmwfpins.exe" -u "!_RESULT!tmwfp.inf"
"!_RESULT!tmwfpins.exe" -u "!_RESULT!tmwfp.inf"
)
)

echo Stop and Remove Proxy drivers
set TMTDI_REG=Software\TrendMicro\AMSP
call :FINDFILEBYNAME "%INSTALL_ROOT%AMSP\module\20004" tdiins.exe
if not exist "!_RESULT!" (
call :FINDFILEBYNAME "%PRODUCT_ROOT%pfw_features" tdiins.exe
)
if not exist "!_RESULT!" (
set TMTDI_REG=SOFTWARE\TrendMicro\NSC\TmProxy
call :FINDFILEBYNAME "%PRODUCT_ROOT%" tdiins.exe
)
if exist "!_RESULT!" (
call :GETFOLDER "!_RESULT!"
echo "!_RESULT!tdiins.exe" -u "!_RESULT!tmtdi.inf" %TMTDI_REG% InfNameForTdi
"!_RESULT!tdiins.exe" -u "!_RESULT!tmtdi.inf" %TMTDI_REG% InfNameForTdi
)

echo Force Remove Proxy drivers
if /I "%PROCESSOR_ARCHITECTURE%" EQU "AMD64" (
set RSTRTMGR=%INSTALL_RUNTIME_ROOT%x64\RestartManager.exe
) else (
if /I "%PROCESSOR_ARCHITEW6432%" EQU "AMD64" (
set RSTRTMGR=%INSTALL_RUNTIME_ROOT%x64\RestartManager.exe
) else (
set RSTRTMGR=%INSTALL_RUNTIME_ROOT%x86\RestartManager.exe
)
)
echo Restart Manager "%RSTRTMGR%"
if exist "%RSTRTMGR%" (
echo "%RSTRTMGR%" "%INSTALL_RUNTIME_ROOT%RemoveNSC.ini"
"%RSTRTMGR%" "%INSTALL_RUNTIME_ROOT%RemoveNSC.ini"
)

call :REMOVE_SHELL_EXT
call :RMVTRENDPROTECT

echo Remove files
call :DELFOLDER "%INSTALL_ROOT%AMSP\"
call :DELFOLDER "%INSTALL_ROOT%UniClient\"
call :DELFOLDER "%PRODUCT_ROOT%..\BM"
call :DELFOLDER "%PRODUCT_ROOT%"
if EXIST "%PRODUCT_ROOT_6%" call :DELFOLDER "%PRODUCT_ROOT_6%"
if EXIST "%PRODUCT_ROOT_7%" call :DELFOLDER "%PRODUCT_ROOT_7%"

echo Remove Start Menu shortcuts
set _RESULT=%ALLUSERSPROFILE%\Start Menu\Programs\Trend Micro Worry-Free Business Security Agent
if exist "%_RESULT%" (
call :DELFOLDER "%_RESULT%"
)
for /f "delims=" %%f in ('dir /b /s ^"!ALLUSERSPROFILE!^" ^| find /I ^"Business Security Agent^" ^| find /I /V ^".lnk^"') do (
set _RESULT=%%f
)
if exist "%_RESULT%" (
call :DELFOLDER "%_RESULT%"
)
for /f "delims=" %%f in ('dir /b /s ^"!ALLUSERSPROFILE!^" ^| find /I ^"Server Security Agent^" ^| find /I /V ^".lnk^"') do (
set _RESULT=%%f
)
if exist "%_RESULT%" (
call :DELFOLDER "%_RESULT%"
)

echo Remove registry
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AMSP"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AMSP_INST"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AMSPStatus"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AMSPTest"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\UniClient"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\AEGIS"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\NSC"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\Wofie"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\Vizor"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\LoadHTTP"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\LoadHTTP"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\OfcWatchDog"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\OfcWatchDog"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wofie"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OfficeScanNT"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\OfficeScanNT"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillin"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\Osprey"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\Osprey"

echo Remove Windows Installer record of SA 8.0
"%INSTALL_RUNTIME_ROOT%msizap.exe" TW! {19D84BB4-35C9-4125-90AB-C2ADD0F9A8EC}
"%INSTALL_RUNTIME_ROOT%msizap.exe" TW! {8456195C-3BA3-45a4-A6A7-30AE7A62EADB}

echo Remove Windows Installer record of CSA 7.0
"%INSTALL_RUNTIME_ROOT%msizap.exe" TW! {0A07E717-BB5D-4B99-840B-6C5DED52B277}
rem call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A07E717-BB5D-4B99-840B-6C5DED52B277}"
rem call :DELREGISTRY "HKEY_CLASSES_ROOT\Installer\Features\717E70A0D5BB99B448B0C6D5DE252B77"
rem call :DELREGISTRY "HKEY_CLASSES_ROOT\Installer\Products\717E70A0D5BB99B448B0C6D5DE252B77"
rem call :DELREGISTRY "HKEY_CLASSES_ROOT\Installer\UpgradeCodes\8A88AE84D667B304CB368C99791A74A6"
echo Remove Windows Installer record of CSA 6.0 or earlier
"%INSTALL_RUNTIME_ROOT%msizap.exe" TW! {ECEA7878-2100-4525-915D-B09174E36971}
echo Cancel Ongoing Installation
"%INSTALL_RUNTIME_ROOT%msizap.exe" PS

echo Remove auto-startup programs
call :DELREGVALUE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "Trend Micro Client Framework"
call :DELREGVALUE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "OfficeScanNT Monitor"
call :DELREGVALUE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "OE"
call :DELREGVALUE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "OfficeScanNT Monitor"
call :DELREGVALUE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "OE"

echo Remove driver files
call :DELFILE %WINDIR%\system32\drivers\tmactmon.sys
call :DELFILE %WINDIR%\system32\drivers\tmevtmgr.sys
call :DELFILE %WINDIR%\system32\drivers\tmcomm.sys
call :DELFILE %WINDIR%\system32\drivers\tmeevw.sys
call :DELFILE %WINDIR%\system32\drivers\tmusa.sys

echo remove INF and PNF files
"%INSTALL_RUNTIME_ROOT%\RemoveINF.exe"


if "%UNINST_LOG_PATH%" NEQ "" (
if exist "%UNINST_LOG_PATH%" (
copy /Y *.log "%UNINST_LOG_PATH%\"
copy /Y AgentRemoval\*.log "%UNINST_LOG_PATH%\"
)
)

rem end of the file!

goto :EOF


:REMOVE_SHELL_EXT
echo Stop and Un-register Shell Extensions
if exist "%INSTALL_ROOT%UniClient\UiFrmwrk\tmdshell.dll" (
echo regsvr32 /u /s "%INSTALL_ROOT%UniClient\UiFrmwrk\tmdshell.dll"
regsvr32 /u /s "%INSTALL_ROOT%UniClient\UiFrmwrk\tmdshell.dll"
taskkill /F /IM explorer.exe >NUL 2>&1
start explorer
)

echo Remove shell extension
call :DELREGISTRY "HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}"
call :DELREGISTRY "HKEY_CLASSES_ROOT\CLSID\{48F45200-91E6-11CE-8A4F-0080C81A28D4}"
call :DELREGISTRY "HKEY_CLASSES_ROOT\DocShortcut\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}"
call :DELREGISTRY "HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}"
call :DELREGISTRY "HKEY_CLASSES_ROOT\InternetShortcut\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}"
call :DELREGISTRY "HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}"
call :DELREGISTRY "HKEY_CLASSES_ROOT\piffile\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}"
GOTO :EOF

:GETREGFOLDER
set _REGFOLDER=
for /F "tokens=1,2 delims=:" %%a in ('REG QUERY %1 /v %2 ^|FINDSTR /I %2 2^>NUL') do (
set DISK=%%a
set FOLDER=%%b
call :GETFOLDER "!DISK:~-1!:!FOLDER!\"
set _REGFOLDER=!_RESULT!
)
GOTO :EOF


:FINDFILEBYNAME
set _FINDTHIS=%~f1
set _RESULT=
for /f "delims=" %%f in ('dir ^"!_FINDTHIS!^" /s /b ^| findstr /I %2') do (
set _RESULT=%%f
)
GOTO :EOF

:GETFOLDER
set _RESULT=%~dp1
if "%_RESULT:~-1%" NEQ "\" set _RESULT=%_RESULT%\
GOTO :EOF

:DELSERVICE
set SERVICE_TO_DEL=%*
for %%p in (%SERVICE_TO_DEL%) do (
echo sc delete %%p
sc delete %%p
)
GOTO :EOF


:DISABLESERVICE
set SERVICE_TO_DISABLE=%*
for %%p in (%SERVICE_TO_DISABLE%) do (
echo sc config %%p start= disabled
sc config %%p start= disabled
)
GOTO :EOF

:STOPSERVICE
set SERVICE_TO_STOP=%*
for %%p in (%SERVICE_TO_STOP%) do (
echo net stop /y %%p
net stop /y %%p
)
GOTO :EOF

:DELFILE
echo del /F /Q %*
del /F /Q %*
GOTO :EOF

:DELFOLDER
set FOLDER_TO_DEL=%*
for %%p in (%FOLDER_TO_DEL%) do (
echo RMDIR /S /Q %%p
RMDIR /S /Q %%p
if exist %%p (
call :MOVEFOLDERTOTMP %%p
)
)
GOTO :EOF

:DELREGVALUE
set REGISTRY_KEY=%1
set REGISTRY_VALUE=%2
echo REG DELETE %REGISTRY_KEY% /v %REGISTRY_VALUE% /f
REG DELETE %REGISTRY_KEY% /v %REGISTRY_VALUE% /f
GOTO :EOF

:DELREGISTRY
set REGISTRY_TO_DEL=%~1
echo Deleting registry key %REGISTRY_TO_DEL%
echo Windows Registry Editor Version 5.00>temp4del.reg
echo [-%REGISTRY_TO_DEL%]>>temp4del.reg
start /wait regedit /s temp4del.reg
del /f /q temp4del.reg
GOTO :EOF

:KILLPROCESS
set IMAGENAME_TO_KILL=%*
for %%p in (%IMAGENAME_TO_KILL%) do (
echo killing process: %%p

for /F "tokens=2" %%t in ('TASKLIST /NH /FI "IMAGENAME eq %%p"' ) do (
echo TASKKILL /F /PID %%t
TASKKILL /F /PID %%t
)
)
GOTO :EOF

:MOVEFOLDERTOTMP
set FOLDER_TO_TMP=%~dp1
IF %FOLDER_TO_TMP:~-1%==\ set FOLDER_TO_TMP=%FOLDER_TO_TMP:~0,-1%
call :GETTEMPNAME
echo move "%FOLDER_TO_TMP%" "!_TMP_RESULT!"
move "%FOLDER_TO_TMP%" "!_TMP_RESULT!"
GOTO :EOF

:GETTEMPNAME
set _TMP_RESULT=%TMP%\RmvTool-%RANDOM%-%TIME:~6,5%
if exist "%_TMP_RESULT%" GOTO :GETTEMPNAME
GOTO :EOF

:SHOWHELP
echo AMSP UniClient Framework Removal Tool
echo.
echo Usage
echo RmvTool.bat INSTALL_RUNTIME_ROOT [DEFAULT_INSTALL_ROOT]
echo.
GOTO :EOF

:FINDNSCUTIL
set TMCFW_REG=Software\TrendMicro\AMSP
call :FINDFILEBYNAME "%INSTALL_ROOT%AMSP\module\20003" %1
if not exist "!_RESULT!" (
call :FINDFILEBYNAME "%PRODUCT_ROOT%pfw_features" %1
)
if not exist "!_RESULT!" (
set TMCFW_REG=Software\TrendMicro\NSC\PFW
call :FINDFILEBYNAME "%PRODUCT_ROOT%" %1
)
if not exist "!_RESULT!" (
if /I "%PROCESSOR_ARCHITECTURE%" EQU "AMD64" (
call :FINDFILEBYNAME "%INSTALL_RUNTIME_ROOT%x64" %1
) else (
if /I "%PROCESSOR_ARCHITEW6432%" EQU "AMD64" (
call :FINDFILEBYNAME "%INSTALL_RUNTIME_ROOT%x64" %1
) else (
call :FINDFILEBYNAME "%INSTALL_RUNTIME_ROOT%x86" %1
)
)
)
GOTO :EOF

:GETWINMAJORVER
set WINMAJORVER=4
for /F "tokens=1 delims=." %%v in ('wmic os get version ^| findstr \.') do set WINMAJORVER=%%v
GOTO :EOF

:RMVTRENDPROTECT
echo Finding Trend Protect 1.X
if /I "%PROCESSOR_ARCHITECTURE%" EQU "AMD64" (
reg query HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D5462C8A-D08C-4163-8293-82F2E11A2760} /v "UninstallString" | findstr UninstallString > NUL 2>&1
) else (
reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D5462C8A-D08C-4163-8293-82F2E11A2760} /v "UninstallString" | findstr UninstallString > NUL 2>&1
)
if NOT errorlevel 1 (
echo Removing Trend Protect 1.X
echo MsiExec.exe /X{D5462C8A-D08C-4163-8293-82F2E11A2760} /qn
MsiExec.exe /X{D5462C8A-D08C-4163-8293-82F2E11A2760} /qn
)
GOTO :EOF

:EOF

rem ENDLOCAL

rem Built with WFBS 8.0.1315

 

 

This is the Generate_labe.bat referenced above as well -

 

@echo off
for /F "delims=" %%l in (%1) do (
if "$$l" NEQ "" echo %%l
)

 

Any help would be great!


 

 

Share this post


Link to post
Share on other sites

4 answers to this question

Recommended Posts

  • 0

That is one big script!

Have you thought of running these as part of a task sequence?

In the first task you could copy the scripts locally via a run command line and point it to the package that contains these scripts. Then you could execute another command run line that will initiate the first batch file and then you could also use another run command line to execute the second batch file for cleaning the registry.

It may be worth a try if you haven't tried this yet?

Share this post


Link to post
Share on other sites

  • 0

Thanks for the reply Rocket Man.

 

I'll have to figure out how to get the task sequence to work. (I'm new to SCCM, but almost ready to deploy to production, just waiting to get this Trend mess straightened out). The script is linked through the first script, which seems somewhat complex. I haven't tested if I just execute the first script, then the second script separately, if it will remove what I need. (This is a script written by trend themselves) I'll have to read through the script and concentrate on how to remove the integration of the second script within the script. The batch file also has a bunch of source .dll files and .exe files in the folder, but this is the closest I've come to removing Trend via automation.

 

I wonder if SCCM application deployment is executing the script to quickly which is causing the second half not to run? Or is its a "%~dp0 that is missing from the script?

Share this post


Link to post
Share on other sites

  • 0

I wonder if SCCM application deployment is executing the script to quickly which is causing the second half not to run? Or is its a "%~dp0 that is missing from the script?

 

It is possible that it may be continuing to the next script before it has finished all of the other commands from the first script. TBH in any batch file I use for deployments %~dp0 is always inserted in front of any file that is needed to be executed from within the package.

 

You could put a timer run command line in between the execution of the 1st script and second script, So if it is a case the 1st script requires more time to finish the uninstall of the trend program then the timer will kick in to allow this before kicking in the registry removals? Does that make sense?

 

I will do up a quick step by step on how to achieve the above via a task sequence if you like later on at some stage today, with time permitting of course?

Share this post


Link to post
Share on other sites

  • 0

So I think I figured out what the problem is, but i'm not sure how to fix the issue. I "think" what is going on is that the SCCM Client is running my batch file in 32bit mode, but the registry keys that need to be deleted need to be ran with 64bit permissions.

 

I guess what I need to figure out is how to delete the registry keys with the client. I couldn't get the task sequence to work properly, but I haven't really had time to trouble shoot what I'm doing wrong.*there is disable 64bit file system redirection option, but like I said my task sequence is failing* (I didn't try to copy the files local, I tried to reference to a package, and then have the deployment download the files and store them locally on the client). But I don't think its running properly.

 

Is there a simple way to delete registry files with a bat file with the regular package deployment?

 

I tried the following but this didn't work -

 

%windir%\sysnative\reg: delete "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS" /f

 

These are what are left over -

AEGIS
LoadHTTP
NSC
PC-cillinNTCorp

 

 

Here is what is in the Script -

 

echo Remove registry
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AMSP"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AMSP_INST"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AMSPStatus"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AMSPTest"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\UniClient"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\AEGIS"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\NSC"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\Wofie"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\Vizor"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\LoadHTTP"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\LoadHTTP"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\OfcWatchDog"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\OfcWatchDog"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wofie"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OfficeScanNT"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\OfficeScanNT"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillin"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\Osprey"
call :DELREGISTRY "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\Osprey"

 

 

 

 

*Edit*

 

Looks like my task sequence actually did run, but it still didn't remove the registry entries. I can even do it with a different script, just need to find a way to accomplish this.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.