Top
Search
Subscribe
Social Media - Mubix
Login
Archives
« Offensive and Defensive SSH Patching at NoVA Hackers | Main | Acceptable Questions Checklist »
Tuesday
Nov162010

Silently uninstall SEP

DateTuesday, November 16, 2010 at 7:22PM

Uninstallation is not new

Deleting and removing things on a box you own isn't new

This method and how to do it remotely was posted in Feb 2007

But I didn't know how to do it, and I thought it was hilarious, so I made a video:

AuthorRob Fuller | Comments Off |
tagged , , ,

Reader Comments (7)

LMAO after i saw what you was doing in the ruby script i just started lol'ing hard.

sometimes, its the amazingly simple things that people kinda miss!

and on a typical user's machine (the average Joe) they wont notice the icon even disappeared, most don't even know what icon means what!

Now one idea i had in mind instead of malicious uses is actually use this is to help possibly get rid of some nasty spyware when all else fails....i will have to test some ideas based off this in my xp vm..that would be friggin epic

November 17, 2010 | Unregistered Commenterdustin c

Great!

November 18, 2010 | Unregistered Commenteroz

so whr is the video?:\

November 19, 2010 | Unregistered Commentervmw

Of course SEP is a MSI-compliant application. That means you can deploy it using MSI package, and change functionality with MSIexec commands, duh.

If SEP had a uninstall password and ant anti-tamper funcionality enabled, you would not be able to do this.

Oh the sillyness...

January 5, 2011 | Unregistered Commenternotejoe

@notejoe Anti-Tamper Functionality stops uninstallation? And where do you set the Uninstall password? Try helping instead of just complaining.

January 5, 2011 | Registered CommenterRob Fuller

If you are worried about the tray icon why not start a new app with the same icon and have that sit in the tray. Won't do anything if they click on it but at least it will sit there.

January 6, 2011 | Unregistered Commenterrobin

Setting a pwd on SEP for uninstalls
Open SEP Manager -> clients. -> policies -> general settings -> security settings -> enter a password ->
check require a password to uninstall. Don't forget to push the policy out.

They also have the ability to enable a pwd to stop the service in the same spot as above. No clue how well it works.

I haven't tested this lately, but once upon a time you can start the pwd protected uninstall, kill the msiexec running under the <user> process when the pwd prompt for uninstall appears and the <system> msiexec continues to run the uninstall.

January 23, 2011 | Unregistered CommenterTerminal_136
Comments for this entry have been disabled. Additional comments may not be added to this entry at this time.