Uninstall Symantec Endpoint Protection Without a Password

If you work in a corporate environment, you and your computer may be the unsuspecting victim of a terrible piece of software from Symantec called Endpoint Protection. It’s a giant behemoth of a program that includes anti-spyware, anti-virus, network threat detection, and all kinds of other super security crap.

I certainly do understand the need for these programs and I use them myself, but Endpoint Protection is a resource hog of enormous proportions. On top of that, it’s almost nearly impossible to turn off or kill. Actually, I’ve tried to kill all the processes related to it and it still continues to run.

The worst part about the program is it’s need to eat up all the processor power on your computer. My computer never fell from 100% CPU usage when the program was running. I tried to uncheck the services and startup programs for it using MSCONFIG to no avail.

uninstall endpoint protection

Finally, I tried to uninstall it and I couldn’t even do that! The program was password protected so that no sane human being could uninstall the crap! I understand that the password is there to prevent employees from uninstalling it, but if you can’t do any work because your computer is unbearably slow, then it should at least allow the uninstall and notify the administrator.

Anyway, if you are in a similar situation where you don’t know the password to uninstall Endpoint Protection, then you’ll be happy to know of a quick way to bypass the password and still uninstall the program.

When the password prompt comes up, go into Task Manager by pressing CTRL + ALT + DEL and choosing Task Manager, then click on the Processes tab. Now find the msiexec.exe process and kill it!


The picture above is actually from Process Explorer, not Task Manager, but it will have the same name there also. Once you kill the process, the password prompt disappears and the uninstall continues!!

After removing the program, my computer CPU usage dropped to a normal 2%. Talk about a terrible program. If you want a really good anti-virus, go with Kaspersky. Enjoy!

Comments [63]

  1. Seemed to work if using process explorer…

  2. I was able to follow the instructions above and it worked. I had to attempt it a couple of times since multiple misexec.exe processes showed up. You have to choose the correct one. It showed up under SYSTEM and under the default windows user and maybe under LOCAL SERVICE. I was able to uninstall after 3 attempts at removing the proper msiexec.exe.

  3. It does only work if you choose change instead or remove.

    When you choose remove, then the password windows will lock all other windows, so you cannot acces the task manager.

    When you select change and then uninstall, you can access the taskmanager. Sort by name. 2 msiexec are displayed. End the lowest.

  4. Hi Man, you just saved me from a very serious customer wahala! Thanks a lot. Your instructions worked. Many many thanks!!!!

  5. wonderful!!!

    worked wonders!!

    the msiexec.exe should not be the system one( delete the one with ur administrator/user name)

  6. Yeah – this thing is horrible for admins.

  7. Oh and to add – it does work, get PSKILL (cmd prompt executable) and keep Task Manager open and sorted by process name – watch the MSIEXEC's that pop up and run PSKILL against the PID # – took me killing it a few times, but it worked.

    I didn't know until after the fact this thing does not play nice with Citrix at all – when a user launches a Citrix app, SEP decides it wants to run too – even if the end user already has SEP running on their client.

  8. "Actually, I’ve tried to kill all the processes related to it and it still continues to run."

    Ummmm…that's by design. It's so viruses/trojans/etc aren't able to stop the services. And actually, if you simply run "smc -stop" from a command line or the Run window, it will stop.

  9. it is not working :( is there any other way to uninstall Symantec Endpoint Protection?

  10. I tried all of the trick I found here but none of them work. After all I tried to enter some password and I am amazed at the password was symantec. After I entered it, it worked.

    I don't know why they have set a so simple password or may be only i had this one.

  11. As a corporate SysAdmin I have to say that you should not attempt this on company computers.

    Doing so may violate your agreement/contract and could lead to disciplinary actions (at our company circumventing security may result in termination).

    If your computer is slow then you should talk to your IT/Helpdesk. It is not supposed to take up lots of resources (only when actively scanning the system). Your administrators have it misconfigured if you experience continued slowdowns.

  12. This tutorial does not work on latest versions of symantec endpoint protection. Anyway I have read Aman post, i have gave it a try and i was shocked, because it worked for me too!! Maybe it is a default password set in SEPM for symantec, so admins are lazy to change it :-D

  13. Genius dude!! Was able to finally get rid of Symantec EndPoint Protection!

  14. Thanks dude!!! I finally got rid of that crappy Symantec software!

  15. This did not work for me! Any other ideas?

  16. I have SEP 11.0.4202.75 & all the above solutions don’t work. thanks anyway. Is possible to try change the password ?

  17. Jimmy said:

    "And actually, if you simply run “smc -stop” from a command line or the Run window, it will stop."

    I disagree dude. I tried this a number of times and only got the damn password prompt, even after all the msiexec processes were stopped.

  18. This is really valuable. I'm saddled with S.E.P on my corporate laptop. My IT department inflicts a full system scan on my machine every day, seriously impacting performance. I'm not at the point yet where I'm going to install it. I just want to see if there is a way to defeat the forced scan and let ME choose when to scan my system instead of it being at an inconvenient time.

    Just to respond to FOO – yes, I hear what you are saying. However what IT system administrators overlook all too often is that some users actually are responsible enough to protect corporate and don't need the IT department to force scans upon us in the middle of a presentation to customers, while we are showing how well the new version of our company's software performs.

    I want good anti virus protection. I want frequent updates. I want good real-time protection. I can't live with resource heavy full system scans starting up in the middle of my work.

    If I can't figure out how to hack my S.E.P client so my admin scan doesn't happen (without the admins finding out), I'll have to see if I can get rid of it (again without the admins finding out) and replace it with something *I* have control over.

  19. Thanks. Worked great. Symantec Endpoint is a very crappy program!

  20. Uh guys…

    msiexec is the Windows installer. (MicroSoft Installer Executable).

    it's pretty unlikely that it's tied to anything from Symantec. If it IS symantec invoking the installer, then your software is broken.

    Pretty much every single program that runs on windows uses MSIEXEC to install itself. It's just as likely that it was that piece of freeware you just downloaded as it was endpoint chewing up your systems resources.

    Don't get me wrong, endpoint is a giant pile of crap. But you're not fixing anything with Symantec by killing an instance of the Windows installer.

  21. This doesn't work for me, I went to the task manager and killed the MSIEXEC process, the password prompt went away for a second, then another message popped up and said something like "Uninstall Password Not Supplied", and the uninstallation just exits. Anyone encountered this problem? Is there a new method to kill this junk?

  22. To uninstall without a password.

    1. I went to registry and deleted all the symantec entries.

    2. then open the services.msc look for anything that say's symantec that currently started and stop it.

    3. then add/remove programs and click remove button.

    then rebooted.

  23. Thank you Guys — Default password is Symantec

  24. you must remove all Symantec registry key in this path:

    hkey local machinesoftware

    and stop all services then go to add/remove programs and remove the anti virus!!!

  25. This endpoint protection is a worse nightmare to uninstall than security tool. All I want is to install the Nortan 2010 and it won't go in unless I uninstall corp ep. I am just going crazy with it. I sure hope your idea works- esp. since it doesn't even ask me for a pass word- it just instantlly jumps into manic install mode and pops itself up every 3 seconds.

  26. It's nice technique to get rid of Symantec Endpoint! Thanks dude!

  27. thanks for the info, worked great, thanks.

  28. Actually SEP is a great endpoint protection suite. Yes, by default all options are turned on, which can be a bit resource intensive. However, if you read the system requirements before installing Symantec recommends a decent workstation (plenty of RAM). I manage over 100 workstations/servers across 10 sites, all of which have SEP installed and I have no resource problems at all. I had to customize the settings for my environment prior to full deployment however, but that is to be expected.

    Make sure you customize the settings post-install to fit your needs:

    On-Access Scanning: Big I/O hog, especially durring logon and when applicaitons are executed or for I/O intensive operations; if you don't have a SATA2 (or Solid State) hdd it can bog you down.

    Start-Up Scan: Slows Windows boot and can degrade system performance until complete, even after login. This is best for systems that do not reboot often, or only reboot durring maintenance windows. A scheduled full scan (durring maintenance window) will accomplish the same thing.

    Also, turn down the default frequency for LiveUpdates. While Symantec does release several AV updates a day, Live-update can cause un-necessary network chatter if checking too often. Liveupdate once a day is usually good, unless ALL you do is surf questionable web-sites…

    Aside from that; my only comment is a question:

    –If you truily understand why this security is necessary, then why post an article describing how to circumvent said security? A little counter-intuative don't you think?

  29. @ lulu douglas:

    Find the SymClean utility. It will manually wipe out multiple Symantec/Norton applications when their native un-install fails.

  30. it works great for me, i just have to pick the right one! thanks.

  31. You can use the clean wipe utility!! Get the login id & password from Symentec technical support.

  32. Thanks for the info. It worked great. Thanks.

  33. I've had pretty good success using EEye's Blink Personal trial to remove password protected Symantec Endpoint Protection. You can find it here:


    I didn't even have to know the uninstall password! When you run it the first thing it will do is detect Symantec and ask for the uninstall password. We just left the password blank and it removed Symantec even though it was password protected. The nice thing is that after it uninstalls Symantec, you have to click again to actually install Blink so you can just cancel and not install Blink. I've found it to be a nice Symantec removal tool.

  34. I do not want to get between any users and their IT, but would suggest that you get with other users to get your AV policies adjusted. Some IT shops do get power-crazed on their policies but security tools are for your benefits. Symantec does have best practices documents for their AV. SEP and others have had some performance issues over time.

    Part of AV and a good Acceptable Use Policy/Security Settings require communication between end users and IT. If you do not clearly articulate to them where they need improvement, you are just as guilty as them, for not soliciting your feedback.

    At the end of the day, you have to be able to work but IT has responsibility for security corporate assets. Talk to the executive in your division to try and get IT to change, if needed.

  35. Has anyone heard of SEP being uninstalled and causing network adapter problems?

    I've got an email system here that needs it's network adapter manually repaired about every 10 minutes to keep mail flowing after we got rid of SEP.

    Thanks in advance,

  36. Thanks Dude,

    It worked for me.

    For those who are not using process explorer, when the password box comes while uninstalling, go to windows task manager -> go to applications window -> right-click on the password box -> click on go to process. The msiexec.exe which is highlighted needs to be killed.

    That's it. It works!!!

  37. Smc – stop works a treat. Now does anyone know how to switch off Symantec Endpoint Encryption? Don't get me wrong. I am all for encrypting files, especially those on external devices, such as hard drives, CDs etc., but occasionally I need to write an unencrypted file or files.

  38. For uninstalling sep 11 Client from your computer without any password, you must proceed this steps (Note you must have administrator rights):

    1. Go to Control Panel -> Performance and Maintenance -> Administrative Tools -> Services.
    2. Disable these services: "Symantec Endpoint Protection", "Symantec Event Manager", "Symantec Management Client", "Symantec Network Access Control", "Symantec Settings Manager".
    3. Restart your computer.
    4. Search for this file name: "ccapp" and rename it to another name.
    5. Now sep 11 start automatic repair.
    6. Restart your system manually.

  39. Viola! The Symantec crap is finally out of my PC, thank guys!

  40. I deleted the Symantec tree from HKEY_LOCAL_MACHINESOFTWARE

    Then went into the services manager and stopped all Symantec entries as well as disabled auto start up on each and at that point I was able to use the MS Uninstaller to finally rid myself of this beast of a program. To the fellow "ANON" up there in the comments: I'm sure you are happy with Norton and this product, but you seem to be the only one. For the rest of us getting rid of it is very good indeed.

  41. thx. I have been driven mad by the damned "protecter"!!

  42. It still there.. I have used all methods/technique suggested above , but nothing work on it. After spending my whole day in removing it, SEP still there.

    Any one there who can suggest me some effective way to remove SEP without P.W.

  43. My office PC runs the “Symantec Endpoint Protection”, I doesn't allow me to copy any video file except .mkv files and the most horrible thing is it doesn't allow me to Log on to internet even using my private HSDP dongle,

    I wanna get rid from this restrictions without uninstalling the application I have both symantec and administration passwords.

    Could you pls help me guys……………….

  44. I have symantec endpoint encryption8.1.0 on my laptop. Only prob is, when I turn on my cpu. It tells me to enter a user name and password. I canr even get to the start menu. How can I remove or uninstall thiWwws

  45. So I managed to remove this memory and CPU leeching software, but does anyone have any tips on how to fool cisco clean access into thinking I have it still? It's impossible to get stuff done via iPod touch, which is what I am resorting to right now.

  46. GUYS, Im using SEP 11, I tried many of the solutions on Google, none of them worked, Im running a centrally managed SEP 11. I tried this and it worked.
    Delete this: HKEY_LOCAL_MACHINESOFTWARESymantecSymantec Endpoint Protection

    Good luck Alex.

  47. default password is symantec. I typed it and worked for me.

  48. Thanks a lot for the solution.. It just works great. This Symantec encryption software was crashing my laptop and it was password protected, finally with your solution I just managed to uninstall the same. One small thing which we need to notice here is that there will be two msiexec.exe processes and you just need to kill only one which will be normally associated with your user ID. If you kill both the msiexec.exe, then the uninstall will fail.

  49. Worked perfectly. Thank you so much for this advice. I had some older Symantec installed.

  50. and now i have 400..500 megs more free ram in addition to system working rapidly again…

  51. Default password was Symantec… lol…

    I needed to reinstall a different version of endpoint…

  52. there are several ways to get rid of the symantec endpoint protection. the default passwords didn’t work for me and killing the password window didnt work either as i got a new message “no password given” or something like this.

    1) as i didnt care much about breaking stuff at this computer i started at first to disable the services.

    run: windowskey + r > services.msc

    and stop and deactivate all symantec services. one of the services can’t be stopped but that doesnt matter. (annoying windows keep popping up later, simply keep closing them.)

    2) then i went to the registry and simply whiped out everything that was called “symantec”

    run: windowskey +r > regedit

    and delete the whole keydirectory HKEY_LOCAL_MACHINE > SOFTWARE > SYMANTEC

    (i found out later that this disabled the password prompt, too)

    3) then i rebooted using a linux live cd and simply whiped out all symantec files on my hard drive

    C:\Program files\Symantec\

    C:\Program files\Shared Documents\Symantec Shared\

    and reboot back to windows. this did pretty much the job, but the annoying popups still kept coming (symantec was still there after whiping out almost everything)

    4) now i was able to stop and deactivate the last symantec services, see 1st step.

    5) finally i was able to go to system settings and to uninstall symantec without password.

    if some of the steps fail, keep trying and add reboots between them. good luck.

  53. Thanks for the tip Aman. Unbelievably, the same password, symantec, worked for me!

  54. doesnt work,,,,there ıs 3 msiexec, i tried all of them and non worked with me, also Symantec didnt work, this symantec end point is very crap

Leave a Reply

Your email address will not be published. Required fields are marked *