This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot Uninstall SESC From Endpoints (using MsiExec)

I've referenced the following KB on removing SEC from endpoints using MsiExec.exe after running a Reg Query.  When using the syntax in the KB (only the GUID between curly braces), it only results in a Windows Installer popup (i.e. it doesn't do anything).  If I include the full Reg Key path returned from the Reg Query, I am able to get an uninstall prompt, however, it results in the following error "This installation package could not be opened.  Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package".  SophosZap was successful in removing all products, however, I need to be able to run these commands to perform a silent/remote mass uninstall from 300+ endpoints.  

I have run all commands with domain admin privilege, and have run all commands after running as administrator. 

I have stopped all services using the below commands:

net stop "Sophos Agent"
net stop "Sophos Anti-Virus"
net stop "Sophos Anti-Virus status reporter"
net stop "Sophos AutoUpdate Service"
net stop "Sophos Client Firewall"
net stop "Sophos Client Firewall Manager"
net stop "Sophos Device Control Service"
net stop "Sophos Endpoint Defense Service"
net stop "Sophos Message Router"
net stop "Sophos Network Threat Protection"
net stop "Sophos Patch Agent"
net stop "Sophos System Protection Service"
net stop "Sophos Web Control Service"
net stop "Sophos Web Filter"
net stop "Sophos Web Intelligence Service"

Reg Query example:

MsiExec command using full path:

Error after selecting "OK" via the uninstall window:



This thread was automatically locked due to age.
Parents
  • Hello Eric Meinders,

    msiexec.exe /x {GUID} is the correct format. That you get the Windows Installer popup suggests a syntax error, specifically a missing /option (e.g. the /x). Did you indeed use msiexec.exe /x"{FED1005D-CBC8-45D5-A288-FFC7BB304121}"? Even with a non-existing product code you should get the Are you sure ... prompt.
    The full path is interpreted as path to a Product.msi, i.e. an installer package in the file system, not to the meta-information in the registry. That's why you get the could not be opened error..

    @Sophos User930: This is the on-premise SESC, there is no Sophos Endpoint Agent and hence no uninstallcli.exe.

    Christian

Reply
  • Hello Eric Meinders,

    msiexec.exe /x {GUID} is the correct format. That you get the Windows Installer popup suggests a syntax error, specifically a missing /option (e.g. the /x). Did you indeed use msiexec.exe /x"{FED1005D-CBC8-45D5-A288-FFC7BB304121}"? Even with a non-existing product code you should get the Are you sure ... prompt.
    The full path is interpreted as path to a Product.msi, i.e. an installer package in the file system, not to the meta-information in the registry. That's why you get the could not be opened error..

    @Sophos User930: This is the on-premise SESC, there is no Sophos Endpoint Agent and hence no uninstallcli.exe.

    Christian

Children
  • In that case, you probably just want to do a foreach product where Publisher match Sophos.

    Some will be MSI, some will not, so these are 2 cases to handle.

    The ones that aren't MSI based, the exe may require additional switches to the value in the uninstallstring.  So you probably will need to account for that.

    What about this as a starting point.

    /cfs-file/__key/communityserver-discussions-components-files/3/productremove.ps1.txt

    I've defaulted it not to run the uninstall commands just print them.

    Set $Uninstall = $false to $Uninstall = $true.

    Also, I've not populated:

    $ProductData = @(
    [PSCustomObject]@{DisplayName = ''; AdditionalUninstallArgument ='' }
    [PSCustomObject]@{DisplayName = ''; AdditionalUninstallArgument ='' }
    )

    But this is where you would put the DisplayName of the component and any additional command line options to supply when running the removal of it.

    Believe it or not, I've not actually tested it beyond just printing out the commands but maybe something to start with,

  • I think your reply just highlighted the issue -- the quotes are required.  Per the KB, the syntax is msiexec.exe /X{GUID} but it looks like this needs to be changed to msiexec.exe /X"{GUID}".  I haven't tested with /qn or reboot suppression yet, but it would appear the local/manual msiexec.exe commands work now with the quotes.

  • Hello Eric Meinders,

    the quotes are a requirement of PowerShell, the old shell (cmd) and script engines don't require them.

    Christian

  • Thanks Christian,

    themoreyouknow.gif