SCCM In-Place OS Upgrade on McAfee Encrypted Machines. Then after inplace OS upgrade, re-enable encryption. This need huge effort, time and impacts end user experience. This post describes Windows 10 upgrade task sequence configuration for McAfee Encrypted Machines. This configuration allows IT to perform successful OS upgrade keeping the Mcafee encryption intact.
Ever tried to silently uninstall the TrendMicro AntiVirus client when it’s password protected? You probably could not find a suitable, free and total solution for your situation. It happened to me a while ago and I would like to share my experiences. I know it’s possible to manage the installed clients through the TrendMicro server management console, but at the company where I implemented this solution they chose not to because of the limited bandwidth to certain company locations.
Environment description:
- Windows 2008 R2
- Window 7
- SCCM 2007 R2
- RES Workspace Manager 2011 SR2
- App-V 4.6 SP1
- TrendMicro v10.5+
The challenge:
Before installing the new version of the TrendMicro AV client the old client needs to be uninstalled. When I tried uninstalling the client with “msiexec.exe /x{guid} /qn /norestart” I noticed that the the uninstallation failed. At that point I discovered that the uninstallation required a password. The uninstall will be a part of a SCCM 2007 “Task Sequence” which will contain multiple software updates and contains one reboot at the end.
Requirements:
- Workarround for the Password protection
- No Reboot until planned reboot
- Silent Uninstall
Solution:
Searching the internet for a solution I didn’t find any working method to bypass the password protection and/or silently uninstalling the AV client. It seemed that the only solution was to manage the clients through the TrendMicro AV Management Console. Like mentioned earlier this was not an option. I needed to look for another solution. After some searching I came across the AUTOPCC.ini file on the TrendMicro management Server: AUTOPCC.ini located in:
“X:Program Files (x86)Trend MicroOfficeScanPCCSRVAutopcc.cfg”
Here I found the values -991334* (no password) and -0442* (silent uninstall).
I discovered that these parameters worked in combination with “ntrmv.exe” which is located in the following location on the client side:
I discovered that these parameters worked in combination with “ntrmv.exe” which is located in the following location on the client side:
“C:program FilesTrend MicroOfficeScan Client”
(*) I’ve recently changed these parameters for security reasons, if your not able to find these parameters on the location I mentioned. You are probably not authorized to uninstall the TrendMicro AV
By using these parameters in combination with “ntrmv.exe” the uninstall ignores the password protection and uninstalls the TrendMicro client silently without rebooting.
I created a script for the uninstall. In this script I prevented that the installation of the new client would start before the uninstall of the old client is completed. To achieve this I added a check in the script. It will check if the “ntrmv.exe” process is still running, if so it will keep on checking untill the process has stopped. Than the script will finish. Underneath the code of the vbs script I created.
VBS code
2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 | ' Description : Script for silently uninstalling TrendMicro client and bypass password protection. setFSO=CreateObject('Scripting.FileSystemObject') strApp='C:Program FilesTrend MicroOfficeScan Clientntrmv.exe' strPara2='-331' DimmyExit,return currentDirectory=left(WScript.ScriptFullName,(Len(WScript.ScriptFullName))-(len(WScript.ScriptName))) ' Run UnInstall of TrendMicro WshShell.run Chr(34)&strApp&Chr(34)&' '&Chr(34)&strPara1&Chr(34)&' '&Chr(34)&strPara2&Chr(34),0,True ' Activate the loop until result is 'myExit' = 1 ' Triggers the check on the active 'ntrmv.exe' process Loop SUBCheckTrendMicro() myExit=1 ' Check for active ntrmv.exe process. foreachProcess inService.InstancesOf('Win32_Process') myExit=0 ' wait for X time before checking for running process again. Endif EndSUB |
Underneath a version which will check if it’s a x86 or x64 installation;
2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50 52 54 56 58 | ' Description : Script for silently uninstalling TrendMicro client and bypass password protection. setFSO=CreateObject('Scripting.FileSystemObject') strApp='C:Program FilesTrend MicroOfficeScan Clientntrmv.exe' strPara2='-331' IfOSarchitecture()Then strApp='C:Program FilesTrend MicroOfficeScan Clientntrmv.exe' strApp='C:Program Files (x86)Trend MicroOfficeScan Clientntrmv.exe' myExit=0 currentDirectory=left(WScript.ScriptFullName,(Len(WScript.ScriptFullName))-(len(WScript.ScriptName))) ' Run UnInstall of TrendMicro WshShell.run Chr(34)&strApp&Chr(34)&' '&Chr(34)&strPara1&Chr(34)&' '&Chr(34)&strPara2&Chr(34),0,True ' Activate the loop until result is 'myExit' = 1 ' Triggers the check on the active 'ntrmv.exe' process Loop SUBCheckTrendMicro() myExit=1 ' Check for active ntrmv.exe process. foreachProcess inService.InstancesOf('Win32_Process') myExit=0 ' wait for X time before checking for running process again. Endif EndSUB 'Function to check if architecture is X86 or X64 (AMD64) ConstHKLM=&H80000002 strComputer='.' sOSarch=WshShell.RegRead('HKLMSYSTEMCurrentControlSetControlSession ManagerEnvironmentPROCESSOR_ARCHITECTURE') OSarchitecture=False IfsOSarch='AMD64'Then EndIf EndFunction |
After the uninstall I checked if there was anything left behind. As well as the installation folder as the TrendMicro registry-tree were completly deleted during the uninstall.
If you’ve got any comments or questions please post them below if not I hope this information was useful for you.