Removing CA eTrust 8.x AntiVirus through a script

I had a problem where i needed to remove the AV off our servers on a large scale and found that the manual process for this was quite time consuming.

Because CA sold the antivirus business to TotalDefence, a lot of the documentation disappeared from their website so it took some playing around with how to do it successfully.

The batch file does the following steps:

  1. Stops all eTrust services.
  2. Kills the processes just in case they are lingering
  3. runs MSIEXEC uninstall of the software, in the order that they should be. ITM Agent first, then iTechnology iGateway.
  4. Prompts to tell you to reboot machine

The script is relatively simple, and quite rudimentary – the only modification you need to do is on line 21, where it uses PUSHD\POPD for the kill process. Note the kill.exe process is a tool not included with Windows (part of Debugging Tools for Windows) so you have to include the program in the same directory as the script.
If you want to download only Debugging Tools for Windows, install the SDK, and, during the installation, select the Debugging Tools for Windows box and clear all the other boxes.

The Code

Below is the code i used, with a few variations. I did a separate reboot myself and did not use the script. Use the script at your own risk. I dont do any true verification in this script that the software was completely removed.

Resources

Kill Toolhttp://msdn.microsoft.com/en-us/library/windows/hardware/ff551919%28v=vs.85%29.aspx

Restart or Shut Down a Remote Computer and Document the Reasonhttp://technet.microsoft.com/en-us/library/cc770416.aspx

Competetive Uninstall – Script Needed for CA Etrust 8.1http://www.symantec.com/connect/forums/competetive-uninstall-script-needed-ca-etrust-81-0

How to Remove CA eTrust ITM agent 8.1.637http://www.experts-exchange.com/Software/Anti-Virus/Q_28003488.html

CA Anti-Virus for the Enterprise eTrust Technical Document Indexhttp://supportconnectw.ca.com/public/antivirus/infodocs/etav-tecdoc.asp

Uninstalling ITM 8.1 (silently) using a command line or scripthttp://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=TEC437389 This article was not working at time of writing, however i do recall it contained all the good information to get this done easily. If anyone gets a copy of the article please share the link here.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

QR Code Business Card