Removing CA eTrust 8.x AntiVirus through a script

I had a problem where i needed to remove the AV off our servers on a large scale and found that the manual process for this was quite time consuming.

Because CA sold the antivirus business to TotalDefence, a lot of the documentation disappeared from their website so it took some playing around with how to do it successfully.

The batch file does the following steps:

  1. Stops all eTrust services.
  2. Kills the processes just in case they are lingering
  3. runs MSIEXEC uninstall of the software, in the order that they should be. ITM Agent first, then iTechnology iGateway.
  4. Prompts to tell you to reboot machine

The script is relatively simple, and quite rudimentary – the only modification you need to do is on line 21, where it uses PUSHD\POPD for the kill process. Note the kill.exe process is a tool not included with Windows (part of Debugging Tools for Windows) so you have to include the program in the same directory as the script.
If you want to download only Debugging Tools for Windows, install the SDK, and, during the installation, select the Debugging Tools for Windows box and clear all the other boxes.

The Code

Below is the code i used, with a few variations. I did a separate reboot myself and did not use the script. Use the script at your own risk. I dont do any true verification in this script that the software was completely removed.

@Echo OFF
REM #######################################################
REM AUTHOR: Ivan Dretvic
REM BLOG: http://ivan.dretvic.com
REM DATE CREATED: 13/10/2014
REM Uninstall CA eTrust 8.x from machine
REM #######################################################

REM #######################################################
echo -- stopping services
net stop "CA pest patrol realtime protection service"
net stop "eTrust Antivirus Realtime Service"
net stop "eTrust ITM Job Service"
net stop "eTrust ITM RPC Service"
net stop "iTechnology iGateway 4.2"
Ping 1.2.3.4 -n 1 -w 3000

REM #######################################################
echo -- stopping services
REM Update this to the location of the Kill.exe process location
pushd \\SERVER\SHARE
kill.exe Ppcl.exe
kill.exe ITMRTSVC.exe
kill.exe InoTask.exe
kill.exe InoRT.exe
kill.exe InoRPC.exe
kill.exe igateway.exe
popd

REM #######################################################
echo -- Uninstall of eTrustITM
start /wait msiexec /qn /uninstall {107558c8-458b-45ea-a0fe-7cc10d687db6}
echo -- Uninstalling ITM Agent
start /wait msiexec /qn /uninstall {107558C8-458B-45EA-A0FE-7CC10D687DB6}
echo -- Uninstalling ITM Agent 2
start /wait msiexec /qn /uninstall {9342421A-36BA-4744-A253-A498BAB40621}
echo -- Uninstalling iTechnology iGateway (OLD)
start /wait msiexec /qn /uninstall {54056d16-28c6-4673-bc84-77da7553ef70}
echo -- Uninstalling iTechnology iGateway
start /wait msiexec /qn /uninstall {847501DF-07C0-4691-B04A-893929F108AE}
echo -- Uninstalling iTechnology iGateway 2
start /wait msiexec /qn /uninstall {55F9C3DD-772F-4E74-85E3-8E3AD6A5154F}
echo -- completed uninstall

REM #######################################################
echo !!!!REBOOT PC BEFORE DOING ANYTHING ELSE!!!!

REM To automate reboot uncheck the below line
REM shutdown /r /c "CA eTrust Uninstall script" /force

Resources

Kill Toolhttp://msdn.microsoft.com/en-us/library/windows/hardware/ff551919%28v=vs.85%29.aspx

Restart or Shut Down a Remote Computer and Document the Reasonhttp://technet.microsoft.com/en-us/library/cc770416.aspx

Competetive Uninstall – Script Needed for CA Etrust 8.1http://www.symantec.com/connect/forums/competetive-uninstall-script-needed-ca-etrust-81-0

How to Remove CA eTrust ITM agent 8.1.637http://www.experts-exchange.com/Software/Anti-Virus/Q_28003488.html

CA Anti-Virus for the Enterprise eTrust Technical Document Indexhttp://supportconnectw.ca.com/public/antivirus/infodocs/etav-tecdoc.asp

Uninstalling ITM 8.1 (silently) using a command line or scripthttp://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=TEC437389 This article was not working at time of writing, however i do recall it contained all the good information to get this done easily. If anyone gets a copy of the article please share the link here.

Deploying GreenShot screen capture software with SCCM 2012

GreenshotA colleague of mine asked if i could make a handy screen capture tool available to our users. I said ‘Sure – piece of cake!’. Well it was for the most part, aside from the installer loading the website post install.

I will document how i successfully completed the deployment of this software to users who opted to install it via Software Catalog website. Read more »

Managing location based printers in an enterprise environment

I thought about why managing printing in an enterprise is so frustrating and came to a conclusion that the solutions available (and available to my budget) do not fill end users requirements but IT administrators requirements. Ultimately users what to print something, to the closest printer without having to install printers/drivers or speak to IT, where as IT administrators want to control deployment, configure default settings and centrally control access.
Read more »

Deploying Java 7 JRE – Deep Dive! (Part 2)

Welcome to Part 2 of my series of Deploying Java 7 JRE – Deep Dive!

Hopefully my first article, Deploying Java 7 JRE – Deep Dive! (Part 1) has helped you understand the history behind what Java have been doing over the past year and how all these changes will affect you. This part will cover the steps to successfully overcome the deployment of Java in an enterprise. So lets get into it! Read more »

Deploying Java 7 JRE – Deep Dive! (Part 1)

NO JAVAWe have all had troubles with Java and quite frankly its been a challenge to keep up with all the changes. Between Java 7 Update 10 through to update 45 there have been changes in features and functions that affect how IT administrators deploy the software in an enterprise, let alone general software functionality (wont be covering that). I think the best outcome of all of this is Oracle’s commitment to supporting enterprise deployments of Java.
Read more »

Migrating DHCP from Windows 2003 to Windows 2012 and setting up failover: Part 1

DHCPThe principles of DHCP are simple and Microsoft has not changed its core since before Windows NT days, however its not something you shouldn’t undertake lightly or ill-prepared. Most of your client devices will rely on DHCP to function and failing to migrate seamlessly will only cause disruptions to your business.

This article is to help document how to migrate multiple active DHCP servers to a new DHCP server running on Windows Server 2012. We will finalise the configuration by creating a failover for all scopes to a secondary server. I am writing the to include all the necessary information that I think is required to complete this successfully. Read more »

Decomission a Windows 2003 or 2008 Domain Controller

To decommission an Active Directory Domain Controller (Windows Server 2003/2008) is a fairly straightforward task so long as you make sure nothing is relying on that server specifically. I will cover off the demotions steps (fairly easy) but I will go through a checklist (and how-to) of gotchas that you might get caught out when doing this.

Read more »

Common WMI queries I have found useful

Below are some common WMI Queries that I have used, both during OSD (Operating System Deployment), startup/logon scripts or similar situations. I have broken them down to their most common form, and will show you how you can leverage this in a VB script at the end.

I will continue to update this post with new useful queries that I come across.

Read more »

Computer name conventions

Computer naming conventions are like creating an Active Directory hierarchy – there is no wrong or right. Its more about what best suits your current and future needs. Over the years my naming conventions have evolved and below I will document my currently preferred method. First we will look at the technical constraints when naming them, and what characters I recommend using.

Read more »

Automatically generate description field for computers in Active Directory

Having worked in help-desk roles in the past I know the importance of knowing which user has logged onto which computer. Its simple stuff really, but unless you have 3rd party systems like System Center 2012 (SC12) or client agents, its either hard or time consuming to find out the relation between users and computers. What we needed was an easy way to find out what the last logged on user was for every machine. Read more »

QR Code Business Card