KNOWN ISSUE: Running aexagentutil.exe /clean on client machine uninstalls agent AND Windows system32 files

book

Article ID: 158726

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

The customer reported that during an upgrade from ITMS 7.1 to ITMS 7.5, when trying to uninstall the Symantec Management Agent he noted that most files under Windows\System32 directory were missing.

In this case the customer was using AexNSAgent.exe /uninstall or AexAgentUtil.exe /clean to uninstall the Symantec Management Agent.

Steps:
1. Install SMA and receive configuration
2. Open registry and browse to HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris Agent\Event Logging\LogFile
3. Set Windows folder as SMA logs location folder
4. Uninstall SMA (AexNSAgent.exe /uninstall or AexAgentUtil.exe /clean

Actual result: Uninstall process would attempt to erase the complete file tree including windows system files. in my case more than 2000 files were erased from c:\windows tree

Expected result: Only log folder should be erased or/and Agent*.log files.

Cause

Please note that this is NOT a regression in ITMS 7.5 - the problem was also applicable to earlier releases and happens only with custom changes for log file path location.

In this particular instance, the customer had the incorrect SMA agent log file path in the registry (check “FilePath”under HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris Agent\Event Logging\LogFile). Removal process uses the entries "FileName" and "FilePath" from "HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris Agent\Event Logging\LogFile"

Another option when this could happen is when there is no logging folder specified in the registry, in this case uninstall will try removing files from the process's current folder, which can be anything in the general case.

Resolution

Symantec has acknowledged that the above-mentioned issue is present in the current version of the product mentioned earlier on this article. Symantec is committed to product quality and satisfied customers.

Symantec currently addressed this issue by including a fix in the ITMS 7.5 Hotfix 2. See DOC7076

Development changed the Agent behavior where it should not remove all the files from this folder, only agent*.log files, then it should remove the folder only if it’s empty. Currently agent tries removing the complete file tree.


Applies To

ITMS 7.5