TCC IT Dept

Remotely Uninstalling EAM

Recommended Posts

2 hours ago, TCC IT Dept said:

Is there some means of remotely uninstalling this software or am I going to have to touch (personally log into) ~100 machines?

There are a number of ways of remotely installing Emsisoft Anti-Malware. Several RMM services are supported (Kabuto for instance), and you can push the install through any means that supports MSI installers (Active Directory\Group Policy for instance). You can also use PSExec (a downloadable Microsoft tool) to push the install to computers on the network via command line.

Note that you should download the appropriate MSI installers from my.emsisoft.com (there are separate 32-bit and 64-bit MSI's) after logging in to your account and registering your license key. This will allowing you to ease the burden of configuration, especially if you create a workspace before you download the installer packages (this will allow new installations of Emsisoft Anti-Malware to automatically connect to Emsisoft Cloud Console, allowing remote management from anywhere you can access your my.emsisoft.com account).

Share this post


Link to post
Share on other sites

There's also a thread on Reddit that details how to push an MSI installer package to systems on a network using PowerShell, if you would prefer using it instead.

Share this post


Link to post
Share on other sites

Thank you for your reply! I appreciate your time and expertise.

However, UNinstall. I don't have the manpower/time available to take a2service and the EAM program OFF 100 PCs manually.....

Cheers,

JS

Share this post


Link to post
Share on other sites

My apologies, I misread your original post.

To my knowledge, there is no way to uninstall Emsisoft Anti-Malware on all workstations on a network automatically. Automating uninstalls of Anti-Virus software is a major security risk, as it would allow an attacker to remove protection from all computers on the network easily (a good example of where this would be possible is RDP compromise).

 

2 hours ago, TCC IT Dept said:

Actually I haven't been able to successfully uninstall it manually....Windows Installer says NO! 

The SysAdmin has set policies to prevent this installation.

Have you checked your Group Policies to see if software install/uninstall is restricted on the workstations?

Also, have you checked to see if there's an admin password configured in Emsisoft Anti-Malware? It's also possible that permissions have been configured per-user, either in Emsisoft Enterprise Console or Emsisoft Cloud Console, or manually on each workstation.

Share this post


Link to post
Share on other sites

Thanks for answering. Yeah there are enterprise grade endpoint security products. I am testing one now that in theory will uninstall the prior product, and it claims to be able to do it on most Emsisoft versions. Hasn't worked yet though. 

I don't think I have time to wipe 92 pcs manually. Oh well good times.....

But as I explore this there appears to be two different means of uninstalling Emsisoft. The unins000.exe in the C\Program Files\Emsisoft Anti-Malware folder.  Or the .msi in Windows\Installer. The latter seems to be named something different or unique to point of being useless to script.    I can script or at least launch the unins000.exe if I knew if it had a silent mode switch. That one asks for confirmation. 

I did check GPOs and there is no password on EAM but I think that workstation in the photo was jacked up. It was a test machine so I just wiped it.

Share this post


Link to post
Share on other sites

You would probably have to disable the self-protection on all workstations that Emsisoft Anti-Malware is installed on in order for third-party software to be able to uninstall it. That being said, using third-party software to try to automate the uninstall may not be safe. We use a disk filter driver, and it can cause a system to BSoD on boot if it isn't removed properly (simply stopping or deleting the driver will cause this unless a specific registry entry is edited to remove a reference to the driver).

Share this post


Link to post
Share on other sites
On 8/28/2019 at 5:22 AM, GT500 said:

My apologies, I misread your original post.

To my knowledge, there is no way to uninstall Emsisoft Anti-Malware on all workstations on a network automatically. Automating uninstalls of Anti-Virus software is a major security risk, as it would allow an attacker to remove protection from all computers on the network easily (a good example of where this would be possible is RDP compromise).

A hacker can easily uninstall the Anti-Malware without any problems and hardship!
There is no password request even for uninstallation!
Do you have a solution to this problem other than the group policy?

Share this post


Link to post
Share on other sites
On 10/6/2019 at 5:56 AM, Batman said:

A hacker can easily uninstall the Anti-Malware without any problems and hardship!
There is no password request even for uninstallation!
Do you have a solution to this problem other than the group policy?

It's physically impossible to prevent an attacker from removing security software. Once they're in the system, and have admin rights, they have full control. They can terminate any process, delete any file, disable any startup entry, etc. This is one of the reasons why it is imperative to prevent an attacker from getting in to the system in the first place.

EAM does have self-protection that can prevent automated removal of its components, however this will only stop an infection, and won't stop someone who's remotely accessing the system.

BTW: If you configure an admin password for Emsisoft Anti-Malware, it won't allow someone to uninstall it without the password while Windows is running normally.

Share this post


Link to post
Share on other sites
6 hours ago, GT500 said:

BTW: If you configure an admin password for Emsisoft Anti-Malware, it won't allow someone to uninstall it without the password while Windows is running normally.

Thanks a lot

I configured an admin password, but administrator password does not work to uninstall Anti-Malware!

Share this post


Link to post
Share on other sites
17 hours ago, Batman said:

I configured an admin password, but administrator password does not work to uninstall Anti-Malware!

It's supposed to be that way when Windows is running in Safe Mode (after all, if you forget your password, you need to have a way to regain control). I'll ask if we've changed this functionality.

Share this post


Link to post
Share on other sites
On 10/9/2019 at 7:11 AM, GT500 said:

It's supposed to be that way when Windows is running in Safe Mode (after all, if you forget your password, you need to have a way to regain control). I'll ask if we've changed this functionality.

This feature is missing. Is there an explanation for it?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.