Uninstall Symantec Endpoint Protection Without a Password

If you work in a corporate environment, you and your computer may be the unsuspecting victim of a terrible piece of software from Symantec called Endpoint Protection. It’s a giant behemoth of a program that includes anti-spyware, anti-virus, network threat detection, and all kinds of other super security crap.

I certainly do understand the need for these programs and I use them myself, but Endpoint Protection is a resource hog of enormous proportions. On top of that, it’s almost nearly impossible to turn off or kill. Actually, I’ve tried to kill all the processes related to it and it still continues to run.

The worst part about the program is it’s need to eat up all the processor power on your computer. My computer never fell from 100% CPU usage when the program was running. I tried to uncheck the services and startup programs for it using MSCONFIG to no avail.

uninstall endpoint protection

Finally, I tried to uninstall it and I couldn’t even do that! The program was password protected so that no sane human being could uninstall the crap! I understand that the password is there to prevent employees from uninstalling it, but if you can’t do any work because your computer is unbearably slow, then it should at least allow the uninstall and notify the administrator.

Anyway, if you are in a similar situation where you don’t know the password to uninstall Endpoint Protection, then you’ll be happy to know of a quick way to bypass the password and still uninstall the program.

When the password prompt comes up, go into Task Manager by pressing CTRL + ALT + DEL and choosing Task Manager, then click on the Processes tab. Now find the msiexec.exe process and kill it!

msiexec

The picture above is actually from Process Explorer, not Task Manager, but it will have the same name there also. Once you kill the process, the password prompt disappears and the uninstall continues!!

After removing the program, my computer CPU usage dropped to a normal 2%. Talk about a terrible program. If you want a really good anti-virus, go with Kaspersky. Enjoy!

More posts from the Help Desk Category

Fix Missing System Restore Points in Windows Vista and 7

ie enhanced security

Fix “Windows cannot access the specified device path or file” Error

windows server 2008

Fix Windows Server 2008 Blank Screen After Login

IE 10 Metro vs Desktop Mode

Popular Posts This Month

windows defender

Windows Defender vs. Security Essentials vs Safety Scanner

youtube ie11 freezing

How To Fix Flash Crashes in Internet Explorer 11

bitlocker error

Fix “This device can’t use a Trusted Platform Module” When Enabling BitLocker

  1. Hamed says:

    Hi

    It doesn't work dude. :(

  2. snapfla says:

    Seemed to work if using process explorer…

  3. Troy B says:

    I was able to follow the instructions above and it worked. I had to attempt it a couple of times since multiple misexec.exe processes showed up. You have to choose the correct one. It showed up under SYSTEM and under the default windows user and maybe under LOCAL SERVICE. I was able to uninstall after 3 attempts at removing the proper msiexec.exe.

  4. Sander says:

    It does only work if you choose change instead or remove.

    When you choose remove, then the password windows will lock all other windows, so you cannot acces the task manager.

    When you select change and then uninstall, you can access the taskmanager. Sort by name. 2 msiexec are displayed. End the lowest.

  5. [...] Vista or if the Symantec installation has gone totally crazy, you might have to use CleanWipe to uninstall Symantec Endpoint Protection. It’s a very useful utility for completely remove all Symantec Antivirus and Endpoint Protection [...]

  6. oscar says:

    It works like a charm!

    Beautiful!

  7. dayisi says:

    Hi Man, you just saved me from a very serious customer wahala! Thanks a lot. Your instructions worked. Many many thanks!!!!

  8. hemant says:

    wonderful!!!

    worked wonders!!

    the msiexec.exe should not be the system one( delete the one with ur administrator/user name)

  9. Overcast says:

    Yeah – this thing is horrible for admins.

  10. Overcast says:

    Oh and to add – it does work, get PSKILL (cmd prompt executable) and keep Task Manager open and sorted by process name – watch the MSIEXEC's that pop up and run PSKILL against the PID # – took me killing it a few times, but it worked.

    I didn't know until after the fact this thing does not play nice with Citrix at all – when a user launches a Citrix app, SEP decides it wants to run too – even if the end user already has SEP running on their client.

  11. Jimmy says:

    "Actually, I’ve tried to kill all the processes related to it and it still continues to run."

    Ummmm…that's by design. It's so viruses/trojans/etc aren't able to stop the services. And actually, if you simply run "smc -stop" from a command line or the Run window, it will stop.

  12. mac says:

    it is not working :( is there any other way to uninstall Symantec Endpoint Protection?

  13. Aman says:

    I tried all of the trick I found here but none of them work. After all I tried to enter some password and I am amazed at the password was symantec. After I entered it, it worked.

    I don't know why they have set a so simple password or may be only i had this one.

  14. Foo says:

    As a corporate SysAdmin I have to say that you should not attempt this on company computers.

    Doing so may violate your agreement/contract and could lead to disciplinary actions (at our company circumventing security may result in termination).

    If your computer is slow then you should talk to your IT/Helpdesk. It is not supposed to take up lots of resources (only when actively scanning the system). Your administrators have it misconfigured if you experience continued slowdowns.

  15. Tomas says:

    This tutorial does not work on latest versions of symantec endpoint protection. Anyway I have read Aman post, i have gave it a try and i was shocked, because it worked for me too!! Maybe it is a default password set in SEPM for symantec, so admins are lazy to change it :-D

  16. Natasha says:

    Genius dude!! Was able to finally get rid of Symantec EndPoint Protection!

  17. mrigz says:

    Thanks dude!!! I finally got rid of that crappy Symantec software!

  18. also678 says:

    This did not work for me! Any other ideas?

  19. also678 says:

    I have SEP 11.0.4202.75 & all the above solutions don’t work. thanks anyway. Is possible to try change the password ?

  20. Logan says:

    Jimmy said:

    "And actually, if you simply run “smc -stop” from a command line or the Run window, it will stop."

    I disagree dude. I tried this a number of times and only got the damn password prompt, even after all the msiexec processes were stopped.

  21. zxc says:

    This is really valuable. I'm saddled with S.E.P on my corporate laptop. My IT department inflicts a full system scan on my machine every day, seriously impacting performance. I'm not at the point yet where I'm going to install it. I just want to see if there is a way to defeat the forced scan and let ME choose when to scan my system instead of it being at an inconvenient time.

    Just to respond to FOO – yes, I hear what you are saying. However what IT system administrators overlook all too often is that some users actually are responsible enough to protect corporate and don't need the IT department to force scans upon us in the middle of a presentation to customers, while we are showing how well the new version of our company's software performs.

    I want good anti virus protection. I want frequent updates. I want good real-time protection. I can't live with resource heavy full system scans starting up in the middle of my work.

    If I can't figure out how to hack my S.E.P client so my admin scan doesn't happen (without the admins finding out), I'll have to see if I can get rid of it (again without the admins finding out) and replace it with something *I* have control over.

  22. Prepress Boys says:

    Thanks. Worked great. Symantec Endpoint is a very crappy program!

  23. Duh says:

    Uh guys…

    msiexec is the Windows installer. (MicroSoft Installer Executable).

    it's pretty unlikely that it's tied to anything from Symantec. If it IS symantec invoking the installer, then your software is broken.

    Pretty much every single program that runs on windows uses MSIEXEC to install itself. It's just as likely that it was that piece of freeware you just downloaded as it was endpoint chewing up your systems resources.

    Don't get me wrong, endpoint is a giant pile of crap. But you're not fixing anything with Symantec by killing an instance of the Windows installer.

  24. spock says:

    This doesn't work for me, I went to the task manager and killed the MSIEXEC process, the password prompt went away for a second, then another message popped up and said something like "Uninstall Password Not Supplied", and the uninstallation just exits. Anyone encountered this problem? Is there a new method to kill this junk?

  25. k says:

    To uninstall without a password.

    1. I went to registry and deleted all the symantec entries.

    2. then open the services.msc look for anything that say's symantec that currently started and stop it.

    3. then add/remove programs and click remove button.

    then rebooted.

  26. Humayu says:

    Thank you Guys — Default password is Symantec

  27. ivetteotto says:

    you are a genius!! thanks alot…

  28. arsham says:

    you must remove all Symantec registry key in this path:

    hkey local machinesoftware

    and stop all services then go to add/remove programs and remove the anti virus!!!

  29. lulu douglas says:

    This endpoint protection is a worse nightmare to uninstall than security tool. All I want is to install the Nortan 2010 and it won't go in unless I uninstall corp ep. I am just going crazy with it. I sure hope your idea works- esp. since it doesn't even ask me for a pass word- it just instantlly jumps into manic install mode and pops itself up every 3 seconds.

  30. Rushil says:

    It's nice technique to get rid of Symantec Endpoint! Thanks dude!

  31. divinedragon4000 says:

    thanks for the info, worked great, thanks.

  32. Anon says:

    Actually SEP is a great endpoint protection suite. Yes, by default all options are turned on, which can be a bit resource intensive. However, if you read the system requirements before installing Symantec recommends a decent workstation (plenty of RAM). I manage over 100 workstations/servers across 10 sites, all of which have SEP installed and I have no resource problems at all. I had to customize the settings for my environment prior to full deployment however, but that is to be expected.

    Make sure you customize the settings post-install to fit your needs:

    On-Access Scanning: Big I/O hog, especially durring logon and when applicaitons are executed or for I/O intensive operations; if you don't have a SATA2 (or Solid State) hdd it can bog you down.

    Start-Up Scan: Slows Windows boot and can degrade system performance until complete, even after login. This is best for systems that do not reboot often, or only reboot durring maintenance windows. A scheduled full scan (durring maintenance window) will accomplish the same thing.

    Also, turn down the default frequency for LiveUpdates. While Symantec does release several AV updates a day, Live-update can cause un-necessary network chatter if checking too often. Liveupdate once a day is usually good, unless ALL you do is surf questionable web-sites…

    Aside from that; my only comment is a question:

    –If you truily understand why this security is necessary, then why post an article describing how to circumvent said security? A little counter-intuative don't you think?

  33. Anon says:

    @ lulu douglas:

    Find the SymClean utility. It will manually wipe out multiple Symantec/Norton applications when their native un-install fails.

  34. maro says:

    it works great for me, i just have to pick the right one! thanks.

  35. Josh says:

    Its possible!! This is how U do it.

    1) How to manually uninstall the Symantec Endpoint Protection client from Windows Vista, Windows 7, and Windows 2008 R2 64-bit

    URL: http://service1.symantec.com/support/ent-security

    2) How to manually uninstall Symantec Endpoint Protection client from Windows 2000, XP and 2003, 32-bit Editions

    URL: http://service1.symantec.com/support/ent-security

  36. Josh says:

    You can use the clean wipe utility!! Get the login id & password from Symentec technical support.

  37. bolave says:

    Thanks for the info. It worked great. Thanks.

  38. jccj says:

    I've had pretty good success using EEye's Blink Personal trial to remove password protected Symantec Endpoint Protection. You can find it here:

    eeye.com/Downloads/Personal-Software/Blink-Personal-Edition.aspx

    I didn't even have to know the uninstall password! When you run it the first thing it will do is detect Symantec and ask for the uninstall password. We just left the password blank and it removed Symantec even though it was password protected. The nice thing is that after it uninstalls Symantec, you have to click again to actually install Blink so you can just cancel and not install Blink. I've found it to be a nice Symantec removal tool.

  39. smeek says:

    I do not want to get between any users and their IT, but would suggest that you get with other users to get your AV policies adjusted. Some IT shops do get power-crazed on their policies but security tools are for your benefits. Symantec does have best practices documents for their AV. SEP and others have had some performance issues over time.

    Part of AV and a good Acceptable Use Policy/Security Settings require communication between end users and IT. If you do not clearly articulate to them where they need improvement, you are just as guilty as them, for not soliciting your feedback.

    At the end of the day, you have to be able to work but IT has responsibility for security corporate assets. Talk to the executive in your division to try and get IT to change, if needed.

  40. Lerch says:

    Has anyone heard of SEP being uninstalled and causing network adapter problems?

    I've got an email system here that needs it's network adapter manually repaired about every 10 minutes to keep mail flowing after we got rid of SEP.

    Thanks in advance,
    Lerch

  41. Nilesh Roy says:

    Thanks Dude,

    It worked for me.

    For those who are not using process explorer, when the password box comes while uninstalling, go to windows task manager -> go to applications window -> right-click on the password box -> click on go to process. The msiexec.exe which is highlighted needs to be killed.

    That's it. It works!!!

  42. smited01 says:

    Smc – stop works a treat. Now does anyone know how to switch off Symantec Endpoint Encryption? Don't get me wrong. I am all for encrypting files, especially those on external devices, such as hard drives, CDs etc., but occasionally I need to write an unencrypted file or files.

  43. sadegh says:

    For uninstalling sep 11 Client from your computer without any password, you must proceed this steps (Note you must have administrator rights):

    1. Go to Control Panel -> Performance and Maintenance -> Administrative Tools -> Services.
    2. Disable these services: "Symantec Endpoint Protection", "Symantec Event Manager", "Symantec Management Client", "Symantec Network Access Control", "Symantec Settings Manager".
    3. Restart your computer.
    4. Search for this file name: "ccapp" and rename it to another name.
    5. Now sep 11 start automatic repair.
    6. Restart your system manually.

  44. Romeo says:

    Viola! The Symantec crap is finally out of my PC, thank guys!

  45. shepherdsolutions says:

    I deleted the Symantec tree from HKEY_LOCAL_MACHINESOFTWARE

    Then went into the services manager and stopped all Symantec entries as well as disabled auto start up on each and at that point I was able to use the MS Uninstaller to finally rid myself of this beast of a program. To the fellow "ANON" up there in the comments: I'm sure you are happy with Norton and this product, but you seem to be the only one. For the rest of us getting rid of it is very good indeed.

  46. roy says:

    that worked. awesome. thanks

  47. zjh1943 says:

    thx. I have been driven mad by the damned "protecter"!!

  48. pleasuranand says:

    It still there.. I have used all methods/technique suggested above , but nothing work on it. After spending my whole day in removing it, SEP still there.

    Any one there who can suggest me some effective way to remove SEP without P.W.

  49. Speedster says:

    My office PC runs the “Symantec Endpoint Protection”, I doesn't allow me to copy any video file except .mkv files and the most horrible thing is it doesn't allow me to Log on to internet even using my private HSDP dongle,

    I wanna get rid from this restrictions without uninstalling the application I have both symantec and administration passwords.

    Could you pls help me guys……………….

  50. Sean says:

    I have symantec endpoint encryption8.1.0 on my laptop. Only prob is, when I turn on my cpu. It tells me to enter a user name and password. I canr even get to the start menu. How can I remove or uninstall thiWwws

  51. Jeff says:

    So I managed to remove this memory and CPU leeching software, but does anyone have any tips on how to fool cisco clean access into thinking I have it still? It's impossible to get stuff done via iPod touch, which is what I am resorting to right now.

  52. Alex Monkey says:

    GUYS, Im using SEP 11, I tried many of the solutions on Google, none of them worked, Im running a centrally managed SEP 11. I tried this and it worked.
    Delete this: HKEY_LOCAL_MACHINESOFTWARESymantecSymantec Endpoint Protection

    Good luck Alex.

  53. explorer1 says:

    default password is symantec. I typed it and worked for me.

  54. Sony says:

    Thanks a lot for the solution.. It just works great. This Symantec encryption software was crashing my laptop and it was password protected, finally with your solution I just managed to uninstall the same. One small thing which we need to notice here is that there will be two msiexec.exe processes and you just need to kill only one which will be normally associated with your user ID. If you kill both the msiexec.exe, then the uninstall will fail.

  55. xp user says:

    Worked perfectly. Thank you so much for this advice. I had some older Symantec installed.

  56. xp user says:

    and now i have 400..500 megs more free ram in addition to system working rapidly again…

  57. JJJ says:

    Default password was Symantec… lol…

    I needed to reinstall a different version of endpoint…

  58. donc_oe says:

    there are several ways to get rid of the symantec endpoint protection. the default passwords didn’t work for me and killing the password window didnt work either as i got a new message “no password given” or something like this.

    1) as i didnt care much about breaking stuff at this computer i started at first to disable the services.

    run: windowskey + r > services.msc

    and stop and deactivate all symantec services. one of the services can’t be stopped but that doesnt matter. (annoying windows keep popping up later, simply keep closing them.)

    2) then i went to the registry and simply whiped out everything that was called “symantec”

    run: windowskey +r > regedit

    and delete the whole keydirectory HKEY_LOCAL_MACHINE > SOFTWARE > SYMANTEC

    (i found out later that this disabled the password prompt, too)

    3) then i rebooted using a linux live cd and simply whiped out all symantec files on my hard drive

    C:\Program files\Symantec\

    C:\Program files\Shared Documents\Symantec Shared\

    and reboot back to windows. this did pretty much the job, but the annoying popups still kept coming (symantec was still there after whiping out almost everything)

    4) now i was able to stop and deactivate the last symantec services, see 1st step.

    5) finally i was able to go to system settings and to uninstall symantec without password.

    if some of the steps fail, keep trying and add reboots between them. good luck.

  59. Mark says:

    Unfortunately this method didn’t work for me on XP. When the password window popped up it prevented me from clicking on the task manager window. Symantec probably saw this blog and made a patch.

    This method worked for me:
    http://andrewblock.net/2011/03/07/how-to-uninstal

  60. LH says:

    Thanks for the tip Aman. Unbelievably, the same password, symantec, worked for me!

  61. Jorge says:

    It worked great!!!

  62. Don says:

    It works in my case. Thanks for the tip.

  63. fulesh says:

    doesnt work,,,,there ıs 3 msiexec, i tried all of them and non worked with me, also Symantec didnt work, this symantec end point is very crap

Leave a Reply