Fix Symantec Endpoint Protection Uninstall Issues – 3 Easy Ways

Aseem Kishore
·
4 min read

Help Desk Geek is reader-supported. We may earn a commission when you buy through links on our site. Learn more.

Orange shield with a padlock on the left, and a green gear with a wrench breaking into particles on the right, divided by a diagonal line to symbolize security vs. maintenance/engineering.

Symantec Endpoint Protection is blocking its own uninstall with a password prompt, and you don’t have the password. The officially supported fix is Broadcom’s CleanWipe removal tool, but there are a few things to try first depending on whether your PC is managed by a corporate IT team or not.

Fix #1: Try the default password first

Some installations, especially older or misconfigured ones, still use the factory default. It takes 10 seconds and is worth ruling out before anything else.

  1. Start the uninstall from Settings > Apps > Installed apps, find Symantec Endpoint Protection, and click Uninstall.
  2. When the password prompt appears, type symantec (all lowercase) and press Enter.
  3. If that fails, try Symantec with a capital S.

If either password works, the uninstaller will proceed normally. If not, move on to Fix #2.

Fix #2: Use the official CleanWipe removal tool

CleanWipe is Broadcom’s dedicated removal tool for Symantec Endpoint Protection. It’s designed to strip out SEP completely, including password-protected installations, without needing the admin password. Run it in Safe Mode so SEP’s self-protection mechanisms can’t interfere.

  1. On a working PC (or a different device if needed), download CleanWipe from Broadcom’s support portal. Search for “CleanWipe” and download the version that matches your SEP version and Windows edition.
  2. Copy the CleanWipe executable to a USB drive or accessible folder on the affected PC.
  3. Restart your PC into Safe Mode: press Windows + R, type msconfig, press Enter, go to the Boot tab, check Safe boot, and click OK. Restart when prompted.
  4. Once in Safe Mode, navigate to the CleanWipe executable and double-click it to launch.
  5. Follow the on-screen prompts to complete the removal.
  6. When CleanWipe finishes, restart your PC normally. Go back to msconfig and uncheck Safe boot so Windows starts normally going forward.
Windows 11 msconfig Boot tab with Safe boot checkbox selected

After the reboot, open Task Manager (Ctrl + Shift + Esc) and confirm there are no Symantec processes running. CPU usage should drop noticeably if SEP was the culprit.

If CleanWipe itself asks for a password

Some previously managed systems require a password even for CleanWipe. Make sure you’re running it in Safe Mode (step 3 above) – this bypasses SEP’s self-defense layer and resolves the password prompt for most users. If it still asks for a password, your PC is likely still registered to a corporate SEP Manager, which means Fix #3 applies.

Fix #3: Contact your IT team (managed corporate PCs)

If your PC is…or ever was managed by a corporate IT department, the password protecting SEP is the SEP Manager’s admin password, not something you can reset yourself. Attempting to force-remove SEP on a managed machine can also trigger compliance alerts or break your network access.

  1. Contact your IT or security team and explain that SEP is causing performance problems and you need it removed or replaced.
  2. Ask them to either push an authorized uninstall from the SEP Manager console, or provide the admin password so you can run CleanWipe yourself.
  3. If your PC was previously managed but is no longer (for example, a decommissioned work laptop you now own), ask IT to formally release the device from the SEP Manager before you attempt removal.
Windows 11 Task Manager showing no Symantec processes after successful removal

When none of these work

If CleanWipe fails and IT can’t help, gather the error codes CleanWipe produces and open a support case directly with Broadcom support. Attempting ad hoc workarounds like killing Windows Installer processes mid-uninstall is not reliable on modern SEP versions (13 or 14) and can leave broken registry entries that cause problems later.

Conclusion

CleanWipe in Safe Mode (Fix #2) resolves this for most people on unmanaged or home PCs — it’s the method Broadcom officially supports and it handles the password protection without any workarounds. If your PC is corporate-managed, Fix #3 is the only safe path; forcing removal on a managed machine risks compliance issues that are harder to fix than slow antivirus software.