Removing CA eTrust 8.x AntiVirus through a script

I had a problem where i needed to remove the AV off our servers on a large scale and found that the manual process for this was quite time consuming.

Because CA sold the antivirus business to TotalDefence, a lot of the documentation disappeared from their website so it took some playing around with how to do it successfully.

The batch file does the following steps:

  1. Stops all eTrust services.
  2. Kills the processes just in case they are lingering
  3. runs MSIEXEC uninstall of the software, in the order that they should be. ITM Agent first, then iTechnology iGateway.
  4. Prompts to tell you to reboot machine

The script is relatively simple, and quite rudimentary – the only modification you need to do is on line 21, where it uses PUSHD\POPD for the kill process. Note the kill.exe process is a tool not included with Windows (part of Debugging Tools for Windows) so you have to include the program in the same directory as the script.
If you want to download only Debugging Tools for Windows, install the SDK, and, during the installation, select the Debugging Tools for Windows box and clear all the other boxes.

The Code

Below is the code i used, with a few variations. I did a separate reboot myself and did not use the script. Use the script at your own risk. I dont do any true verification in this script that the software was completely removed.

@Echo OFF
REM #######################################################
REM AUTHOR: Ivan Dretvic
REM BLOG: http://ivan.dretvic.com
REM DATE CREATED: 13/10/2014
REM Uninstall CA eTrust 8.x from machine
REM #######################################################

REM #######################################################
echo -- stopping services
net stop "CA pest patrol realtime protection service"
net stop "eTrust Antivirus Realtime Service"
net stop "eTrust ITM Job Service"
net stop "eTrust ITM RPC Service"
net stop "iTechnology iGateway 4.2"
Ping 1.2.3.4 -n 1 -w 3000

REM #######################################################
echo -- stopping services
REM Update this to the location of the Kill.exe process location
pushd \\SERVER\SHARE
kill.exe Ppcl.exe
kill.exe ITMRTSVC.exe
kill.exe InoTask.exe
kill.exe InoRT.exe
kill.exe InoRPC.exe
kill.exe igateway.exe
popd

REM #######################################################
echo -- Uninstall of eTrustITM
start /wait msiexec /qn /uninstall {107558c8-458b-45ea-a0fe-7cc10d687db6}
echo -- Uninstalling ITM Agent
start /wait msiexec /qn /uninstall {107558C8-458B-45EA-A0FE-7CC10D687DB6}
echo -- Uninstalling ITM Agent 2
start /wait msiexec /qn /uninstall {9342421A-36BA-4744-A253-A498BAB40621}
echo -- Uninstalling iTechnology iGateway (OLD)
start /wait msiexec /qn /uninstall {54056d16-28c6-4673-bc84-77da7553ef70}
echo -- Uninstalling iTechnology iGateway
start /wait msiexec /qn /uninstall {847501DF-07C0-4691-B04A-893929F108AE}
echo -- Uninstalling iTechnology iGateway 2
start /wait msiexec /qn /uninstall {55F9C3DD-772F-4E74-85E3-8E3AD6A5154F}
echo -- completed uninstall

REM #######################################################
echo !!!!REBOOT PC BEFORE DOING ANYTHING ELSE!!!!

REM To automate reboot uncheck the below line
REM shutdown /r /c "CA eTrust Uninstall script" /force

Resources

Kill Toolhttp://msdn.microsoft.com/en-us/library/windows/hardware/ff551919%28v=vs.85%29.aspx

Restart or Shut Down a Remote Computer and Document the Reasonhttp://technet.microsoft.com/en-us/library/cc770416.aspx

Competetive Uninstall – Script Needed for CA Etrust 8.1http://www.symantec.com/connect/forums/competetive-uninstall-script-needed-ca-etrust-81-0

How to Remove CA eTrust ITM agent 8.1.637http://www.experts-exchange.com/Software/Anti-Virus/Q_28003488.html

CA Anti-Virus for the Enterprise eTrust Technical Document Indexhttp://supportconnectw.ca.com/public/antivirus/infodocs/etav-tecdoc.asp

Uninstalling ITM 8.1 (silently) using a command line or scripthttp://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=TEC437389 This article was not working at time of writing, however i do recall it contained all the good information to get this done easily. If anyone gets a copy of the article please share the link here.

Leave a Reply

QR Code Business Card
%d bloggers like this: