Symantec SEP 12.1 removal script and process HOW TO

MACHOUSTON
New Contributor III

Due to the update to MacOS Sierra i had to test all mandatory software and Symantec ENDPOINT protection 12.1.6.MP2 need to be updated to 12.1.6MP6.
after a standard Casper deployment with a Symantec remote install PKG.
i run into a problem explained here

sudo kextutil -tn "/Library/Application Support/Symantec/AntiVirus/Signed/SymAPComm.kext"
Password:
Diagnostics for /Library/Application Support/Symantec/AntiVirus/Signed/SymAPComm.kext:
Code Signing Failure: code signature is invalid
/Library/Application Support/Symantec/AntiVirus/Signed/SymAPComm.kext appears to be loadable (including linkage for on-disk libraries).

The only way to really fix it easily is to remove the Symantec software.
To be able to do this i deployed silently the uninstaler PKG from Symantec (part of the ZIP file downloaded from Symantec)

this is fine but now you must run this manually!
to solve this i wrote this script:

!/bin/sh

BETA VERSION

GUILLAUME BROCARD Sept 22 2016.

use at your own risk.

cd /Library/Application Support/Symantec/Uninstaller

Run this in the background (&)

./SymantecRemovalTool -A &

Get the Process ID of the last comand run in the background ($!)

UninstallPID=echo "$!"

Wait for the comand to finish before rebooting

wait $UninstallPID
reboot

c0528f7a9efc4ad3898c492d993c0382

This works but it is absolutely silent and will reboot your WSS with no warning (in less than 2 min)...

Please give feedback or any improvement you think are needed.

Thanks

7 REPLIES 7

MACHOUSTON
New Contributor III

it seems my script is not copied properly!

mpermann
Valued Contributor II

If you install the newer 12.1.7061.6600 version before you upgrade to Sierra do you run into problems with the software? Just curious as I haven't had a chance to test Sierra and SEP.

MACHOUSTON
New Contributor III

Yes i actually had the issue on both (10.11.6 and 10.12) before upgrade or after.

mpermann
Valued Contributor II

That's interesting as Symantec claims the latest version is compatible with Sierra. I guess I better do some testing. Thanks for the heads up.

MACHOUSTON
New Contributor III

the installer 12.1.6MP6 works fine but for some reason my current implementation did not like to be upgraded.

My test included updating on 10.11.6 only.
updating after the upgrade to 10.12. both same issues.
so i had to do the removal process....
installing 12.1.6MP6 on 10.12 or 10.11.6 runs fine. (No Symantec product installed)

mpermann
Valued Contributor II

I took a MacBook Air 11-inch Early 2014 with OS X10.11.6 and Symantec Endpoint Protection 12.1.6867.6400 installed and ran the Sierra updater. When it was finished I got the message about about a Symantec kext file not being compatible and to contact the vendor. I proceeded to install the 12.1.7061.6600 installer using Casper Remote with a restart at the end and after the computer booted up SEP was working fine for me. Maybe there is a difference in our setups, but at least for me doing the upgrade with the old version already installed and then installing the new version worked fine. I'll try doing the upgrade to the new version first and then upgrading to Sierra to see if there is any difference.

ekkehard
Contributor