15/01/2011 Uninstalling Trend Micro Client/Serve…

Free Tools
About Me
search
skip to content ↓

Adventures in Technobabble
Journeys Through an Unending Sea of Crap

Home
Antivirus
Linux
Linux – Scripting
Wordpress
Networking
Cisco
Firewalls
Programming
.NET
C#
Project Euler
Security
Uncategorized
Watchguard
Web Hosting
Windows
Active Directory
SQL
Visual Studio
Windows – Group Policy
Windows – Registry
Windows – Scripting

Uninstalling Trend Micro Client/Server

Security without a Password or Why are
Some Consultants Pricks
by Christopher Webb on May.04, 2009, under Antivirus, Linux -
Scripting, Security, Windows

So, I have been working with a new client recently. They switched
from another IT vendor with a “lack of communication skills”. The
other provider would never tell them if they were going to reboot the
server, did not provide ANY antivirus, on the server or clients, and
several other issues that I don’t really care about(seem personal).
During the transition, I told my client to request all passwords from
their previous vendor(PIX fw password, domain admin, local admin
pw if different, and pw to wireless router) The vendor gave the
domain administrator password up(although they had some GPO’s
restricting it from adding new users and other things because they
used custom admin accounts instead), but “didn’t remember” the
Cisco PIX pw. Either they really are a horrible IT provider or they
are assholes… you choose. Although this really isn’t as uncommon
as I wish it was I had having to dick with resetting passwords and

blog.christophermichaelwebb.com/?p… 1/8
15/01/2011 Uninstalling Trend Micro Client/Serve…
trial of Trend’s newest worry-free small business client/security. I
thought this was a huge sign that the vendor was trying, since they
didnt have av for the previous 2 years and the event viewer was
flooded with errors and the clients just though IT didnt work
altogether. Shortly after this 30-day trial was installed, the transition
was made. I ordered the client Symantec Endpoint Protection 11.0
(MR4) w/ SEPM (my preferred av). I went to install the new av and
realized, since they never had av before, I had not had my clients ask
for an uninstall password for the av. I called the company and asked
them for the uninstall password. Of course, they “forgot” this
password as well…

Off I go on one of my favorite tasks: removing av from an entire

office without a management console to expedite or a password to
even do it remotely fast on each machine. First, I decided to take it
off of the server and put SEPM on the server. I wanted to make sure
the server was taken care of first. I used this page to take care of it.
Worked ok, except when the server came back online, it could not
pick up a network connection. Of course it is set with a static IP. I
tried WinSockFix, which I would not recommend to use on a server,
but by the time i used it, I was somewhat desperate. I checked all
services. Removed some updates that I had known to cause issues
before on SBS 2003(951746 and 951748, if ipsec service wont start
and these were recently installed, remove and reboot. they cause
issues on sbs 03 and kill networking). Finally, downloaded the
newest drivers for the nic from dell and moved over on my flash
drive. installed them, with no effect, so I rolled back the driver
and… it worked. That was my dumb ass not reallizing right off the
bat to just reinstall the driver. We all make mistakes I guess.
Anyway, I got SEP and SEPM on the server, but now had to uninstall
trend from all of the clients. What a nightmare. It isn’t a big
company, but I didn’t want to go through and kick anyone off of
their machines unnecessarily and have to manually do each machine.
Here’s what I did to remove trend from the clients:

First, remote registry service must be running on the clients and you
must be using a domain administrator account. By default, remote
registry is enabled on XP. Here is what to do: to allow uninstall of
clients without a password, you can modify with regedit and connect
to remote computer, but if working with multiple machines, I use
multi-remote registry change. The trial version does everything you
need, but only 10 clients at a time. This is worth it for me to save
some cash. i had multiple pcs, but not enough to pay for the product,
although i may purchase it now, just to support the company in hopes
of a tool for vista. select the client computers and modify the
following key:

HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-
cillinNTCorp\CurrentVersion\Misc.\Allow Uninstall

change the value to 1.

(do a “replace” in multi remote changing value from 0 to 1)

Now, we are able to uninstall the application without the password.

We need the path to the uninstaller for Trend. This is found by going
to the

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\
\ \

blog.christophermichaelwebb.com/?p… 2/8
15/01/2011 Uninstalling Trend Micro Client/Serve…
trend client\server. I only put this section in, because you can find
the manual uninstall for any application this way. I have the path for
trend’s for you already, though.

“C:\Program Files\Trend Micro\Client Server Security

Agent\ntrmv.exe”

Now, we know how to uninstall it, but to remotely run the uninstaller,
we need a tool called psexec. This is part of the PsTools Suite from
sysinternals(now microsoft). Use the psexec command from the
command prompt like so:
psexec \\computer_name "C:\Program Files\Trend Micro\Client
Server Security Agent\ntrmv.exe"

Now it will uninstall from that machine. You could make a quick
batch file to have it run through every machine on the domain doing
this, but I dont feel like writing that out here. leave a comment if you
want more detail. Anyway, there is no restart required for this
uninstall, so you are good to install whatever new AV you have…
next time, brute forcing a Pix 501 because jerks won’t give you
passwords.

Share and Enjoy:

:client/server security, multi-remote registry change, multiple clients,

no password, remote registry, remote uninstall, sbs 2003, trend micro,
uninstall trend, windows server 2003, windows xp

9 Comments for this entry

Mark
July 22nd, 2009 on 7:47 pm

Thanks chap – need this fix.

Reply

Jeff
September 25th, 2009 on 7:36 pm

Thank you sir, I am dealing with this same exact thing right
now. Shitty IT provider take over, and we cant get the
passwords for Trend from these stupid assholes.

Reply

R2

blog.christophermichaelwebb.com/?p… 3/8
15/01/2011 Uninstalling Trend Micro Client/Serve…
after changing the reg key.

Thanks again.

-R2

Reply

dan
July 15th, 2010 on 1:15 am

thanks – really useful

Reply

Chad
September 15th, 2010 on 10:33 am

I have been looking for this answer for awhile now, awesome
fix.

Thank you!

Reply

Clint
November 11th, 2010 on 2:43 pm

Was trying to remove an old 2006 install without a password.

Found many solutions but none as clear and simple. Many
thanks.

Reply

Christopher Webb
November 11th, 2010 on 4:22 pm

Thanks for the comment. Glad to hear its been helpful.

Reply

Harjinder
November 11th, 2010 on 3:53 pm

thks it is very help full

Reply

blog.christophermichaelwebb.com/?p… 4/8
15/01/2011 Uninstalling Trend Micro Client/Serve…

No problem, let me know if you have any other questions or

notice anything missing

Reply

Leave a Reply

Name (required)

Mail (will not be published) (required)

Website

Leave comment

RSS feed for this post (comments) TrackBack URI

Hi! Welcome to Adventures in

Technobabble!
Thanks for dropping by! Feel free to join the discussion by
leaving comments, and stay updated by subscribing to the RSS
feed. See ya around!

You can also subscribe by email by filling the field below:

Subscribe

Adventures in Technobabble
SSH VPN Tunnels – Secure, Unrestricted Access From
Public/Work
Cisco PIX VPN Setup for Windows 7 & Vista x64
Know No Stranger Presents
Wordpress mySQL troubles
Wake Press Opening Friday, May 7

Search keywords Find it

Archives
September 2010 (1)
July 2010 (1)
May 2010 (3)
April 2010 (1)
February 2010 (2)

blog.christophermichaelwebb.com/?p… 5/8
15/01/2011 Uninstalling Trend Micro Client/Serve…
September 2009 (3)
August 2009 (2)
July 2009 (1)
June 2009 (5)
May 2009 (3)
April 2009 (5)

Popular Tags
.net .net 3.5 64 bit 2008 active directory ad add printers apache automatic updates
batch file Cisco client client/server security code command prompt connect to ad customize
dead process gpo group policy iis multiple clients Programming remote

remote registry scripting server 2000 server 2003 server 2008

SQL ssh vbscript vista Visual Basic vpn wake press web server
Windows windows 7 windows server 2003 windows vista
windows xp WSUS x64 xp

Categories
.NET (1)
Active Directory (1)
Antivirus (1)
C# (1)
Cisco (1)
Firewalls (3)
Linux (3)
Linux – Scripting (1)
Networking (2)
Programming (3)
Project Euler (1)
Security (2)
SQL (1)
Uncategorized (10)
Visual Studio (1)
Watchguard (1)
Web Hosting (2)
Windows (14)
Windows – Group Policy (2)
Windows – Registry (1)
Windows – Scripting (6)
Wordpress (1)

January 2011
S M T WT F S
1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31
« Sep

blog.christophermichaelwebb.com/?p… 6/8
15/01/2011 Uninstalling Trend Micro Client/Serve…
About Me
Free Tools

Profile Page
MCP Virtual Business Card
My Elance Profile
My Home Page
My LinkedIn Profile
My Resume

Sites I have worked on/maintain

American Animal Control
Minorities in Hospitality
Northside Gastro
Sydney Webb

Uncategorized
Make the Move to Linux
Wake Press

Find Me On

Categories
Antivirus
Linux
Linux – Scripting
Wordpress
Networking
Cisco
Firewalls
Programming
.NET
C#
Project Euler
Security
Uncategorized
Watchguard
Web Hosting
Windows
Active Directory
SQL
Visual Studio
Windows – Group Policy
Windows – Registry
Windows – Scripting

blog.christophermichaelwebb.com/?p… 7/8
15/01/2011 Uninstalling Trend Micro Client/Serve…

Register
Log in
Valid XHTML

Looking for something?

Use the form below to search the site:

Search keywords Find it

Still not finding what you're looking for? Drop a comment on a post
or contact us so we can take care of it!

Blogroll
A few highly recommended websites...

American Animal Control

Make the Move to Linux
MCP Virtual Business Card
Minorities in Hospitality
My Elance Profile
My Home Page
My LinkedIn Profile
My Resume
Northside Gastro
Sydney Webb
Wake Press

Archives
All entries, chronologically...

September 2010
July 2010
May 2010
April 2010
February 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009

Powered by WordPress. Theme: Pixel. Sweet icons by famfamfam.

Back to top ↑

blog.christophermichaelwebb.com/?p… 8/8