I had a problem where i needed to remove the AV off our servers on a large scale and found that the manual process for this was quite time consuming.
Because CA sold the antivirus business to TotalDefence, a lot of the documentation disappeared from their website so it took some playing around with how to do it successfully.
The batch file does the following steps:
- Stops all eTrust services.
- Kills the processes just in case they are lingering
- runs MSIEXEC uninstall of the software, in the order that they should be. ITM Agent first, then iTechnology iGateway.
- Prompts to tell you to reboot machine
The script is relatively simple, and quite rudimentary – the only modification you need to do is on line 21, where it uses PUSHD\POPD for the kill process. Note the kill.exe process is a tool not included with Windows (part of Debugging Tools for Windows) so you have to include the program in the same directory as the script.
If you want to download only Debugging Tools for Windows, install the SDK, and, during the installation, select the Debugging Tools for Windows box and clear all the other boxes.
The Code
Below is the code i used, with a few variations. I did a separate reboot myself and did not use the script. Use the script at your own risk. I dont do any true verification in this script that the software was completely removed.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
@Echo OFF REM ####################################################### REM AUTHOR: Ivan Dretvic REM BLOG: https://ivan.dretvic.com REM DATE CREATED: 13/10/2014 REM Uninstall CA eTrust 8.x from machine REM ####################################################### REM ####################################################### echo -- stopping services net stop "CA pest patrol realtime protection service" net stop "eTrust Antivirus Realtime Service" net stop "eTrust ITM Job Service" net stop "eTrust ITM RPC Service" net stop "iTechnology iGateway 4.2" Ping 1.2.3.4 -n 1 -w 3000 REM ####################################################### echo -- stopping services REM Update this to the location of the Kill.exe process location pushd \\SERVER\SHARE kill.exe Ppcl.exe kill.exe ITMRTSVC.exe kill.exe InoTask.exe kill.exe InoRT.exe kill.exe InoRPC.exe kill.exe igateway.exe popd REM ####################################################### echo -- Uninstall of eTrustITM start /wait msiexec /qn /uninstall {107558c8-458b-45ea-a0fe-7cc10d687db6} echo -- Uninstalling ITM Agent start /wait msiexec /qn /uninstall {107558C8-458B-45EA-A0FE-7CC10D687DB6} echo -- Uninstalling ITM Agent 2 start /wait msiexec /qn /uninstall {9342421A-36BA-4744-A253-A498BAB40621} echo -- Uninstalling iTechnology iGateway (OLD) start /wait msiexec /qn /uninstall {54056d16-28c6-4673-bc84-77da7553ef70} echo -- Uninstalling iTechnology iGateway start /wait msiexec /qn /uninstall {847501DF-07C0-4691-B04A-893929F108AE} echo -- Uninstalling iTechnology iGateway 2 start /wait msiexec /qn /uninstall {55F9C3DD-772F-4E74-85E3-8E3AD6A5154F} echo -- completed uninstall REM ####################################################### echo !!!!REBOOT PC BEFORE DOING ANYTHING ELSE!!!! REM To automate reboot uncheck the below line REM shutdown /r /c "CA eTrust Uninstall script" /force |
Resources
Kill Tool – http://msdn.microsoft.com/en-us/library/windows/hardware/ff551919%28v=vs.85%29.aspx
Restart or Shut Down a Remote Computer and Document the Reason – http://technet.microsoft.com/en-us/library/cc770416.aspx
Competetive Uninstall – Script Needed for CA Etrust 8.1 – http://www.symantec.com/connect/forums/competetive-uninstall-script-needed-ca-etrust-81-0
How to Remove CA eTrust ITM agent 8.1.637 – http://www.experts-exchange.com/Software/Anti-Virus/Q_28003488.html
CA Anti-Virus for the Enterprise eTrust Technical Document Index – http://supportconnectw.ca.com/public/antivirus/infodocs/etav-tecdoc.asp
Uninstalling ITM 8.1 (silently) using a command line or script – http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=TEC437389 This article was not working at time of writing, however i do recall it contained all the good information to get this done easily. If anyone gets a copy of the article please share the link here.