Solved

How to parse Windows command line output to find information

Posted on 2014-10-01
6
502 Views
Last Modified: 2014-10-12
I am using "reg query HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL /s" to display registry keys and subkeys.

From that output, I need to find a key with a subkey of DisplayName as "Symantec Endpoint Protection" or any value I choose. The output should be the parent key and/or associated UninstallPath subkey

Background:

I am trying to create a universal uninstall tool for antivirus programs (or atleast symmantec endpoint protection)

SEPprep does not seem to work with v11 even with "RemoveSymantec=Y"

Therefore I had to do it a different way using MSI command line interface (http://www.symantec.com/business/support/index?page=content&id=TECH102470)

It says to navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ and find a value with a subkey DisplayName = Symantec Endpoint Protection, to copy the key into the "msiexec.exe /x [insert key] /passive" command
0
Comment
Question by:scsyeg
  • 3
  • 2
6 Comments
 
LVL 24

Expert Comment

by:Mohammed Khawaja
ID: 40356065
I would suggest you use WMIC product to uninstall the product via a script and also note that you could even implement the uninstall as a Group Policy.  Below is a sample script

if exist c:\symantec-uninstalled.txt goto end
wmic product where "name like 'Symantec Endpoint %%" call uninstall /nointeractive   > c:\symantec-uninstalled.txt
:end

With the script above, once the software is uninstalled, file c:\symantec-uninstalled.txt is created.  Next time the script is run, it checks for the file exits and if so, the script ends.
0
 
LVL 32

Expert Comment

by:it_saige
ID: 40357159
Rob van der Woude wrote an elegant batch script to get the uninstall information:
:: Check command line arguments
IF     "%~1"=="" GOTO Syntax
IF NOT "%~2"=="" GOTO Syntax
ECHO "%~1" | FINDSTR /R /C:"[/?]" >NUL && GOTO Syntax

SETLOCAL ENABLEDELAYEDEXPANSION
SET Count=0
FOR /F "tokens=*" %%A IN ('REG Query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /F "%~1" /D /S 2^>NUL ^| FINDSTR /R /B /C:"HKEY_"') DO (
	REG Query "%%~A" /F DisplayName /V /E | FINDSTR /R /I /C:" DisplayName .* .*%~1" >NUL 2>&1
	IF NOT ERRORLEVEL 1 (
		SET /A Count += 1
		FOR /F "tokens=2*" %%B IN ('REG Query "%%~A" /F DisplayName    /V /E 2^>NUL ^| FIND /I " DisplayName "')     DO ECHO Program Name      = %%C
		FOR /F "tokens=2*" %%B IN ('REG Query "%%~A" /F DisplayVersion /V /E 2^>NUL ^| FIND /I " DisplayVersion "')  DO ECHO Program Version   = %%C
		FOR /F "tokens=2*" %%B IN ('REG Query "%%~A" /F InstallDate    /V /E 2^>NUL ^| FIND /I " InstallDate "')     DO (
			SET InstallDate=%%C
			ECHO Install Date      = !InstallDate:~0,4!-!InstallDate:~4,2!-!InstallDate:~6!
		)
		FOR /F "tokens=7 delims=\" %%B IN ("%%~A") DO ECHO Unique Identifier = %%B
		FOR /F "tokens=2*" %%B IN ('REG Query "%%~A" /F UninstallString /V /E ^| FIND /I " UninstallString "') DO ECHO Uninstall String  = %%C
		ECHO.
	)
)

WMIC.EXE Path Win32_Processor Get DataWidth 2>NUL | FIND "64" >NUL
IF ERRORLEVEL 1 (
	ECHO.
	ECHO %Count% programs found
) ELSE (
	SET Count32bit=0
	FOR /F "tokens=*" %%A IN ('REG Query HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall /F "%~1" /D /S 2^>NUL ^| FINDSTR /R /B /C:"HKEY_"') DO (
		REG Query "%%~A" /F DisplayName /V /E | FINDSTR /R /I /C:" DisplayName .* .*%~1" >NUL 2>&1
		IF NOT ERRORLEVEL 1 (
			SET /A Count32bit += 1
			FOR /F "tokens=2*" %%B IN ('REG Query "%%~A" /F DisplayName    /V /E 2^>NUL ^| FIND /I " DisplayName "')     DO ECHO Program Name      = %%C
			FOR /F "tokens=2*" %%B IN ('REG Query "%%~A" /F DisplayVersion /V /E 2^>NUL ^| FIND /I " DisplayVersion "')  DO ECHO Program Version   = %%C
			FOR /F "tokens=2*" %%B IN ('REG Query "%%~A" /F InstallDate    /V /E 2^>NUL ^| FIND /I " InstallDate "')     DO (
				SET InstallDate=%%C
				ECHO Install Date      = !InstallDate:~0,4!-!InstallDate:~4,2!-!InstallDate:~6!
			)
			FOR /F "tokens=7 delims=\" %%B IN ("%%~A") DO ECHO Unique Identifier = %%B
			FOR /F "tokens=2*" %%B IN ('REG Query "%%~A" /F UninstallString /V /E ^| FIND /I " UninstallString "') DO ECHO Uninstall String  = %%C
			ECHO.
		)
	)
	ECHO.
	ECHO     %Count% 64-bit programs and !Count32bit! 32-bit programs found
)

ENDLOCAL
GOTO:EOF


:Syntax
ECHO.
ECHO GetUninstall.bat,  Version 2.00 for Windows Vista and later
ECHO List or search uninstall command lines
ECHO.
ECHO Usage:    GETUNINSTALL.BAT  "filter"
ECHO.
ECHO Where:    "filter"    narrows down the search result to programs whose
ECHO                       uninstall data contains the string "filter"
ECHO.
ECHO Example:  GETUNINSTALL.BAT "Adobe Reader"
ECHO.
ECHO Written by Rob van der Woude
ECHO http://www.robvanderwoude.com

:: Set return code for Windows NT 4 or later
IF "%OS%"=="Windows_NT" COLOR 00

Open in new window


From http://www.robvanderwoude.com/files/getuninstall_w7.txt.

-saige-
0
 

Author Comment

by:scsyeg
ID: 40357409
@Mohammed Khawaja thank you for your response - currently have a little WMIC script of my own, however, I cannot find how to stop it from rebooting the system and scheduling it to reboot after hours. I have clients that have laptops or sporadic schedules to account for that I need to do this remotely from

@Saige thank you for your response - I will test this out and see if I can integrate it with an uninstall command (I'm a linux guy, so if you have suggestions on how to do this in cmd, I'd appreciate it)
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Accepted Solution

by:
scsyeg earned 0 total points
ID: 40366273
It seems one of the issues with SEPprep is that 32 bit versions cannot uninstall 64 bit SEP.

With a bit of tweaking of the SEPprep.ini and implementation of proper bit versions, I got it working.

I will keep both of your comments in mind for other applications however. Thank you.
0
 
LVL 24

Expert Comment

by:Mohammed Khawaja
ID: 40366318
There is a better way.  Run the following PowerShell command:

$product = Get-WmiObject -Class Win32_Product | Where-Object { $_.Name -like "xxx"}
$AppGuid = $product.properties["IdentifyingNumber"].value.toString()
MsiExec.exe /norestart /q/x $AppGuid REMOVE=ALL
0
 

Author Closing Comment

by:scsyeg
ID: 40375485
After further investigation, this turned out to be the cleanest solution to the situation (within scope).
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

In this tutorial I will show you how to make a simple HTML bar chart with the usage of WhizBase, If you want more information about WhizBase please read my previous articles at http://www.experts-exchange.com/ARTH_5123186.html (http://www.experts-ex…
This article will show, step by step, how to integrate R code into a R Sweave document
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now