Uninstall Symantec Endpoint Protection without a password

Posted by Aseem on Wednesday, January 28th 2009

28
Jan

If you work in a corporate environment, you and your computer may be the unsuspecting victim of a terrible piece of software from Symantec called Endpoint Protection. It’s a giant behemoth of a program that includes anti-spyware, anti-virus, network threat detection, and all kinds of other super security crap.

I certainly do understand the need for these programs and I use them myself, but Endpoint Protection is a resource hog of enormous proportions. On top of that, it’s almost nearly impossible to turn off or kill. Actually, I’ve tried to kill all the processes related to it and it still continues to run.

The worst part about the program is it’s need to eat up all the processor power on your computer. My computer never fell from 100% CPU usage when the program was running. I tried to uncheck the services and startup programs for it using MSCONFIG to no avail.

Finally, I tried to uninstall it and I couldn’t even do that! The program was password protected so that no sane human being could uninstall the crap! I understand that the password is there to prevent employees from uninstalling it, but if you can’t do any work because your computer is unbearably slow, then it should at least allow the uninstall and notify the administrator.

Anyway, if you are in a similar situation where you don’t know the password to uninstall Endpoint Protection, then you’ll be happy to know of a quick way to bypass the password and still uninstall the program.

When the password prompt comes up, go into Task Manager by pressing CTRL + ALT + DEL and choosing Task Manager, then click on the Processes tab. Now find the msiexec.exe process and kill it!

The picture above is actually from Process Explorer, not Task Manager, but it will have the same name there also. Once you kill the process, the password prompt disappears and the uninstall continues!!

After removing the program, my computer CPU usage dropped to a normal 2%. Talk about a terrible program. If you want a really good anti-virus, go with Kaspersky. Enjoy!

Share This Article
Save this page	Stir it up on Mixx
Add to Reddit	Stumble this page	Submit to Digg

36 Comments Already

Hamed Said,

March 3rd, 2009 @1:08 am

Hi
It doesn’t work dude.

snapfla Said,

March 31st, 2009 @10:02 pm

Seemed to work if using process explorer…

Troy B Said,

April 1st, 2009 @8:21 pm

I was able to follow the instructions above and it worked. I had to attempt it a couple of times since multiple misexec.exe processes showed up. You have to choose the correct one. It showed up under SYSTEM and under the default windows user and maybe under LOCAL SERVICE. I was able to uninstall after 3 attempts at removing the proper msiexec.exe.

Sander Said,

April 16th, 2009 @5:30 pm

It does only work if you choose change instead or remove.
When you choose remove, then the password windows will lock all other windows, so you cannot acces the task manager.

When you select change and then uninstall, you can access the taskmanager. Sort by name. 2 msiexec are displayed. End the lowest.

oscar Said,

May 15th, 2009 @1:58 pm

It works like a charm!
Beautiful!

dayisi Said,

June 19th, 2009 @1:15 pm

Hi Man, you just saved me from a very serious customer wahala! Thanks a lot. Your instructions worked. Many many thanks!!!!

hemant Said,

June 19th, 2009 @2:11 pm

wonderful!!!
worked wonders!!

the msiexec.exe should not be the system one( delete the one with ur administrator/user name)

Overcast Said,

June 20th, 2009 @4:42 pm

Yeah – this thing is horrible for admins.

Overcast Said,

June 20th, 2009 @4:46 pm

Oh and to add – it does work, get PSKILL (cmd prompt executable) and keep Task Manager open and sorted by process name – watch the MSIEXEC’s that pop up and run PSKILL against the PID # – took me killing it a few times, but it worked.

I didn’t know until after the fact this thing does not play nice with Citrix at all – when a user launches a Citrix app, SEP decides it wants to run too – even if the end user already has SEP running on their client.

Jimmy Said,

September 1st, 2009 @6:14 pm

“Actually, I’ve tried to kill all the processes related to it and it still continues to run.”

Ummmm…that’s by design. It’s so viruses/trojans/etc aren’t able to stop the services. And actually, if you simply run “smc -stop” from a command line or the Run window, it will stop.

mac Said,

October 15th, 2009 @12:10 pm

it is not working is there any other way to uninstall Symantec Endpoint Protection?

Aman Said,

October 18th, 2009 @2:22 pm

I tried all of the trick I found here but none of them work. After all I tried to enter some password and I am amazed at the password was symantec. After I entered it, it worked.

I don’t know why they have set a so simple password or may be only i had this one.

Foo Said,

October 23rd, 2009 @1:50 pm

As a corporate SysAdmin I have to say that you should not attempt this on company computers.

Doing so may violate your agreement/contract and could lead to disciplinary actions (at our company circumventing security may result in termination).

If your computer is slow then you should talk to your IT/Helpdesk. It is not supposed to take up lots of resources (only when actively scanning the system). Your administrators have it misconfigured if you experience continued slowdowns.

Tomas Said,

October 26th, 2009 @7:41 am

This tutorial does not work on latest versions of symantec endpoint protection. Anyway I have read Aman post, i have gave it a try and i was shocked, because it worked for me too!! Maybe it is a default password set in SEPM for symantec, so admins are lazy to change it

Natasha Said,

November 14th, 2009 @10:08 am

Genius dude!! Was able to finally get rid of Symantec EndPoint Protection!

mrigz Said,

November 26th, 2009 @11:39 am

Thanks dude!!! I finally got rid of that crappy Symantec software!

also678 Said,

December 2nd, 2009 @6:56 am

This did not work for me! Any other ideas?

also678 Said,

December 2nd, 2009 @7:04 am

I have SEP 11.0.4202.75 & all the above solutions don’t work. thanks anyway. Is possible to try change the password ?

Logan Said,

December 4th, 2009 @4:20 am

Jimmy said:
“And actually, if you simply run “smc -stop” from a command line or the Run window, it will stop.”

I disagree dude. I tried this a number of times and only got the damn password prompt, even after all the msiexec processes were stopped.

zxc Said,

January 2nd, 2010 @4:49 am

This is really valuable. I’m saddled with S.E.P on my corporate laptop. My IT department inflicts a full system scan on my machine every day, seriously impacting performance. I’m not at the point yet where I’m going to install it. I just want to see if there is a way to defeat the forced scan and let ME choose when to scan my system instead of it being at an inconvenient time.

Just to respond to FOO – yes, I hear what you are saying. However what IT system administrators overlook all too often is that some users actually are responsible enough to protect corporate and don’t need the IT department to force scans upon us in the middle of a presentation to customers, while we are showing how well the new version of our company’s software performs.

I want good anti virus protection. I want frequent updates. I want good real-time protection. I can’t live with resource heavy full system scans starting up in the middle of my work.

If I can’t figure out how to hack my S.E.P client so my admin scan doesn’t happen (without the admins finding out), I’ll have to see if I can get rid of it (again without the admins finding out) and replace it with something *I* have control over.

Prepress Boys Said,

January 6th, 2010 @4:13 pm

Thanks. Worked great. Symantec Endpoint is a very crappy program!

Duh Said,

January 15th, 2010 @10:33 am

Uh guys…

msiexec is the Windows installer. (MicroSoft Installer Executable).
it’s pretty unlikely that it’s tied to anything from Symantec. If it IS symantec invoking the installer, then your software is broken.

Pretty much every single program that runs on windows uses MSIEXEC to install itself. It’s just as likely that it was that piece of freeware you just downloaded as it was endpoint chewing up your systems resources.

Don’t get me wrong, endpoint is a giant pile of crap. But you’re not fixing anything with Symantec by killing an instance of the Windows installer.

spock Said,

January 29th, 2010 @9:10 pm

This doesn’t work for me, I went to the task manager and killed the MSIEXEC process, the password prompt went away for a second, then another message popped up and said something like “Uninstall Password Not Supplied”, and the uninstallation just exits. Anyone encountered this problem? Is there a new method to kill this junk?

k Said,

February 2nd, 2010 @12:38 pm

To uninstall without a password.

1. I went to registry and deleted all the symantec entries.

2. then open the services.msc look for anything that say’s symantec that currently started and stop it.

3. then add/remove programs and click remove button.

then rebooted.

Humayu Said,

February 4th, 2010 @11:34 am

Thank you Guys — Default password is Symantec

ivetteotto Said,

April 6th, 2010 @7:01 pm

you are a genius!! thanks alot…

arsham Said,

April 13th, 2010 @5:42 am

you must remove all Symantec registry key in this path:
hkey local machine\software\

and stop all services then go to add/remove programs and remove the anti virus!!!

lulu douglas Said,

April 20th, 2010 @3:49 pm

This endpoint protection is a worse nightmare to uninstall than security tool. All I want is to install the Nortan 2010 and it won’t go in unless I uninstall corp ep. I am just going crazy with it. I sure hope your idea works- esp. since it doesn’t even ask me for a pass word- it just instantlly jumps into manic install mode and pops itself up every 3 seconds.

Rushil Said,

May 11th, 2010 @5:03 am

It’s nice technique to get rid of Symantec Endpoint! Thanks dude!

divinedragon4000 Said,

May 15th, 2010 @9:38 pm

thanks for the info, worked great, thanks.

Anon Said,

June 8th, 2010 @8:54 am

Actually SEP is a great endpoint protection suite. Yes, by default all options are turned on, which can be a bit resource intensive. However, if you read the system requirements before installing Symantec recommends a decent workstation (plenty of RAM). I manage over 100 workstations/servers across 10 sites, all of which have SEP installed and I have no resource problems at all. I had to customize the settings for my environment prior to full deployment however, but that is to be expected.

Make sure you customize the settings post-install to fit your needs:

On-Access Scanning: Big I/O hog, especially durring logon and when applicaitons are executed or for I/O intensive operations; if you don’t have a SATA2 (or Solid State) hdd it can bog you down.

Start-Up Scan: Slows Windows boot and can degrade system performance until complete, even after login. This is best for systems that do not reboot often, or only reboot durring maintenance windows. A scheduled full scan (durring maintenance window) will accomplish the same thing.

Also, turn down the default frequency for LiveUpdates. While Symantec does release several AV updates a day, Live-update can cause un-necessary network chatter if checking too often. Liveupdate once a day is usually good, unless ALL you do is surf questionable web-sites…

Aside from that; my only comment is a question:

–If you truily understand why this security is necessary, then why post an article describing how to circumvent said security? A little counter-intuative don’t you think?

Anon Said,

June 8th, 2010 @8:57 am

@ lulu douglas:
Find the SymClean utility. It will manually wipe out multiple Symantec/Norton applications when their native un-install fails.