Bryon H
asked on
create script to do these changes
hello,
i have to manually remove trendmicro WFBS from 12 servers. the beta install went..... eventful... and promptly killed all remote access to these servers.
we've since disabled the services for trendmicro so we could remote back in... now i need to manually remove it from all servers, so we can reinstall it
i don't know why trend apparently did not create a script already for this, or a program or something, but... lets make one. i tried to write these in such a way to make it really easy for you to copy/paste into your script. there are no spelling mistakes so don't correct anything that looks weird like pccnt or officescannt ... those are supposed to be doulbe-n like that, etc.
anyway, here's a set of tasks i'd like to see if i can get scripted... batch file is fine, or whatever is easiest
stop these services:
tmpfw
tmproxy
euq_monitor
ntrtscan
ofcservicetmicrcscanservic e
taskkill /IM thesetasksbelow /F:
pccntmon.exe
ntrtscan.exe
tmlisten.exe
pccnt.exe
tm_pfw.exe
cntaosmgr.exe
tmbmsrv.exe
tmproxy.exe
tmas_oe.exe.exe (duplicated exe as per their documentation)
tmas_oe.exe (threw this in there just because)
tmas_oemon.exe
ofcservice.exe
ofcaosmgr.exe
remove these registry keys and every sub object of them:
"hkcu\software\trendmicro"
"hkcu\software\trendmicro_ volatile"
"hklm\software\trendmicro"
"hklm\software\trendmicro_ volatile"
"hklm\software\microsoft\w indows\cur rentversio n\uninstal l\officesc annt"
"hklm\software\microsoft\w indows\cur rentversio n\uninstal l\security server"
"hklm\system\currentcontro lset\servi ces\ntrtsc an"
"hklm\system\currentcontro lset\servi ces\ofcaos mgr"
"hklm\system\currentcontro lset\servi ces\ofcser vice"
"hklm\system\currentcontro lset\servi ces\tmactm on"
"hklm\system\currentcontro lset\servi ces\tmbmse rver"
"hklm\system\currentcontro lset\servi ces\tmcfw"
"hklm\system\currentcontro lset\servi ces\tmcomm "
"hklm\system\currentcontro lset\servi ces\tmevtm gr"
"hklm\system\currentcontro lset\servi ces\tm filter"
"hklm\system\currentcontro lset\servi ces\tmlist en"
"hklm\system\currentcontro lset\servi ces\tmpfw"
"hklm\system\currentcontro lset\servi ces\tmpref ilter"
"hklm\system\currentcontro lset\servi ces\tmprox y"
"hklm\system\currentcontro lset\servi ces\tmtdi"
"hklm\system\currentcontro lset\servi ces\vsapin t"
delete these objects which live here: hklm\...\run
"officescannt monitor"
"officescannt oe"
uninstall these HIDDEN non-plug and play devices (this is the tricky part):
tmactmon
tmcomm
tmevtmgr
"trend micro filter"
"trend micro prefilter"
"trend micro tdidriver"
"trend micro vsapi nt"
uninstall this driver from the local area connection:
"trend micro common firewall driver"
whack this directory with YES confirmation:
rd "c:\program files\trend micro" /s
i have to manually remove trendmicro WFBS from 12 servers. the beta install went..... eventful... and promptly killed all remote access to these servers.
we've since disabled the services for trendmicro so we could remote back in... now i need to manually remove it from all servers, so we can reinstall it
i don't know why trend apparently did not create a script already for this, or a program or something, but... lets make one. i tried to write these in such a way to make it really easy for you to copy/paste into your script. there are no spelling mistakes so don't correct anything that looks weird like pccnt or officescannt ... those are supposed to be doulbe-n like that, etc.
anyway, here's a set of tasks i'd like to see if i can get scripted... batch file is fine, or whatever is easiest
stop these services:
tmpfw
tmproxy
euq_monitor
ntrtscan
ofcservicetmicrcscanservic
taskkill /IM thesetasksbelow /F:
pccntmon.exe
ntrtscan.exe
tmlisten.exe
pccnt.exe
tm_pfw.exe
cntaosmgr.exe
tmbmsrv.exe
tmproxy.exe
tmas_oe.exe.exe (duplicated exe as per their documentation)
tmas_oe.exe (threw this in there just because)
tmas_oemon.exe
ofcservice.exe
ofcaosmgr.exe
remove these registry keys and every sub object of them:
"hkcu\software\trendmicro"
"hkcu\software\trendmicro_
"hklm\software\trendmicro"
"hklm\software\trendmicro_
"hklm\software\microsoft\w
"hklm\software\microsoft\w
"hklm\system\currentcontro
"hklm\system\currentcontro
"hklm\system\currentcontro
"hklm\system\currentcontro
"hklm\system\currentcontro
"hklm\system\currentcontro
"hklm\system\currentcontro
"hklm\system\currentcontro
"hklm\system\currentcontro
"hklm\system\currentcontro
"hklm\system\currentcontro
"hklm\system\currentcontro
"hklm\system\currentcontro
"hklm\system\currentcontro
"hklm\system\currentcontro
delete these objects which live here: hklm\...\run
"officescannt monitor"
"officescannt oe"
uninstall these HIDDEN non-plug and play devices (this is the tricky part):
tmactmon
tmcomm
tmevtmgr
"trend micro filter"
"trend micro prefilter"
"trend micro tdidriver"
"trend micro vsapi nt"
uninstall this driver from the local area connection:
"trend micro common firewall driver"
whack this directory with YES confirmation:
rd "c:\program files\trend micro" /s
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
"If I want to run one of those lines straight off the cmd line, just change %% to % right?" - correct.
If you're testing on a live production server, please place pauses and such so to step through this one time first. I did the best I could not having the same environment (though some of the registry keys I did recreate here). If you need me to dig further into devcon for you, let me know.
~sirbounty
If you're testing on a live production server, please place pauses and such so to step through this one time first. I did the best I could not having the same environment (though some of the registry keys I did recreate here). If you need me to dig further into devcon for you, let me know.
~sirbounty
ASKER
i don't have time for the devcon stuff so i can just manually right-click uninstall those no problem, i will be logging into the servers anyway to run the scripts and watch them
the script alone saves me like 15 minutes per server so well worth it :)
the script alone saves me like 15 minutes per server so well worth it :)
But, how are you going to have a complete script? :^)
It's been a few years since I've used devcon, but I believe it uses hardware ID for the devices, so it would realistically take a while to work through it and get it working the way you need, particularly since I have no similar environment...
You mention though, that you would be logging on to the server - most of those items can all be launched remotely, fyi.
taskkill has a /s <system> parameter, as does sc <system>. And your reg deletes can all be run using \\<system\hklm...
So this could be tweaked a bit more to loop through a server list, though it still leaves the device drivers.
Good luck - and I hope you don't have to run this again!
It's been a few years since I've used devcon, but I believe it uses hardware ID for the devices, so it would realistically take a while to work through it and get it working the way you need, particularly since I have no similar environment...
You mention though, that you would be logging on to the server - most of those items can all be launched remotely, fyi.
taskkill has a /s <system> parameter, as does sc <system>. And your reg deletes can all be run using \\<system\hklm...
So this could be tweaked a bit more to loop through a server list, though it still leaves the device drivers.
Good luck - and I hope you don't have to run this again!
I just wanted to add this comment:
The asker accurately posed his problem at 10:12 PM.
"sirbounty", by 11:31 PM, wrote and delivered a 64 line, comprehensive batch file, complete with annotations to the asker.
Now that is truly what I call dedication to the concept of community volunteer support.
Good on ya, sirbounty! That is awesome, indeed!
---GRIFF
The asker accurately posed his problem at 10:12 PM.
"sirbounty", by 11:31 PM, wrote and delivered a 64 line, comprehensive batch file, complete with annotations to the asker.
Now that is truly what I call dedication to the concept of community volunteer support.
Good on ya, sirbounty! That is awesome, indeed!
---GRIFF
Sorry about that - I had to jump in the shower, otherwise it would have been sooner... ;^)
ASKER
plus he's against me leaving it unfinished, by manually doing the hwid uninstalls :)
sirbounty you're fearsome :)
now if i can just get my sheep to stop logging in, i can actually do it
sirbounty you're fearsome :)
now if i can just get my sheep to stop logging in, i can actually do it
ASKER
sorry for the delay
looks like it does most everything just have to remember to go get the devices by hand
line 3 in the script had this at the end:
rvice.exe ofcaosmgr.exe)) do taskkill /im %%a /f
i changed it to a single close paren and that let it keep going
for the most part though, that is great :)
looks like it does most everything just have to remember to go get the devices by hand
line 3 in the script had this at the end:
rvice.exe ofcaosmgr.exe)) do taskkill /im %%a /f
i changed it to a single close paren and that let it keep going
for the most part though, that is great :)
ASKER
very fast response and exactly as asked, thanks for the help
Glad I could help. Thanks for the grade! :^)
Great stuff - This might help someone going forward
D
:DevRemoval
REM uninstall these HIDDEN non-plug and play devices (this is the tricky part):
REM tmactmon ***Didn't see this listed on test machine WFBS 6 SP1***
REM tmcomm
REM tmevtmgr ***Didn't see this listed on test machine WFBS 6 SP1***
REM "trend micro filter"
REM "trend micro prefilter"
REM "trend micro tdidriver"
REM "trend micro vsapi nt"
REM Use devcon to set a hardware ID as the hidden non-pnp devices do not have one
devcon sethwid @ROOT\LEGACY_TMCOMM\0000 := TMCOMM
devcon sethwid @ROOT\LEGACY_TMFILTER\0000 := TMFILTER
devcon sethwid @ROOT\LEGACY_TMPREFILTER\0000 := TMPREFILTER
devcon sethwid @ROOT\LEGACY_TMTDI\0000 := TMTDI
devcon sethwid @ROOT\LEGACY_VSAPINT\0000 := VSAPINT
REM Remove the devices we just named
for %%a in ("TMCOMM" "TMFILTER" "TMPREFILTER" "TMTDI" "VSAPINT") do devcon remove %%a
REM Now we have to reboot to complete the uninstall of those devices
devcon reboot
D
ASKER
Absolutely :) and I know you know what it's for haha
(Don't say it tho keep the googles out)
(Don't say it tho keep the googles out)
ASKER
oh whoops i thought i was replying to a different scripting question, disregard that last question
in addition to this post here, i've recently found an official trendmicro dirty uninstaller from trend themselves - it's basically a batch file with all the changes above and then some
they have it on their public ftp server, but i've rehosted it for myself here:
www.thefocisgroup.com/helpdesk/tmuninstaller.zip
i found that even their uninstaller batch file crashes at first, saying you dont have admin rights when you really, really do... so i would just REM out that part of the batch file if it happens to you
in addition to this post here, i've recently found an official trendmicro dirty uninstaller from trend themselves - it's basically a batch file with all the changes above and then some
they have it on their public ftp server, but i've rehosted it for myself here:
www.thefocisgroup.com/helpdesk/tmuninstaller.zip
i found that even their uninstaller batch file crashes at first, saying you dont have admin rights when you really, really do... so i would just REM out that part of the batch file if it happens to you
ASKER
Can't wait to test it out tomorrow and let you know :)
I thought I knew a thing or two about batch files... but this.... this is rediculous.
A lot has been added to my bag of tricks after seeing your examples.
If I want to run one of those lines straight off the cmd line, just change %% to % right? Can do a lot more faster crafting things on the fly with loops wow