Recently I had to deploy System Center Endpoint Protection (SCEP). SCEP was not installing on clients. I knew I would run into problems because Symantec Endpoint Protection was on these clients and there was a password required to uninstall it. Sure enough the require uninstall password was causing the issue. Here are the details:
From the EP log on the client:
%systemdrive%\WINDOWS\CCM\Logs\EndpointProtectionAgent.log
Failed to install endpoint protection client with exit code = 0x8004ff67.
And
Detail error message is : [EppSetupResult]
HRESULT=0x8004FF67 Description=System Center 2012 Endpoint Protection installation error. The System Center Endpoint Protection Setup wizard was unable to remove one or more programs that conflict with System Center Endpoint Protection. To install System Center Endpoint Protection you must manually uninstall the following programs and then run the wizard again. Error code:0x80041108. Programs: Symantec Endpoint Protection LiveUpdate 3.3 (Symantec Corporation)
I performed a manual install of SCEP just to see what would happen.
Here is the resulting error when it came time to remove Symantec Endpoint Protection.
Manually uninstalling Symantec Endpoint Protection on 10,000 clients was not an option. Here is what I had to do to get past this.
I had to create a batch file that performed the following steps.
- Change to the Symantec directory.
- Stop the Symantec client service while inserting the password.
- Delete two Symantec registry keys.
- Change to the local ccmsetup directory.
- Kick off the System Center Endpoint Protection Install.
I placed my batch file in the packages directory on the SCCM server and pushed it out via software deployment to the clients. This is what was in my batch file:
cd C:\Program Files\Symantec\Symantec Endpoint Protection
smc -p YOURPASSWORDHERE -stop
regedit.exe /s \\SERVERNAME\SHARENAME\removesymantecep.reg
cd C:\Windows\ccmsetup
SCEPInstall.exe /s
NOTE: The default password for Symantec Endpoint Protection is symantec.
In the registry file add “-“ after “=” on these two keys
“smc_exit_test” and “SmcInstData”
They should look like this:
“smc_exit_test”=-
“SmcInstData”=-
The registry path to these keys is:
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC
Once this went out to the clients it was a smooth uninstall of Symantec and a smooth install of System Center Endpoint Protection without bothering the end user or rebooting the client PC.