Fatal error while uninstalling Symantec Endpoint Protection with Symantec Critical System Protection 6.0 installed

book

Article ID: 160963

calendar_today

Updated On:

Products

Endpoint Protection Critical System Protection Client Edition

Issue/Introduction

You have both the Symantec Critical System Protection (SCSP) 6.0 agent and the Symantec Endpoint Protection (SEP) client software installed. When you try to uninstall Symantec Endpoint Protection 12.1.2 or later, it fails with a fatal error.
 

Process Modification Denied for calling Process C:\Windows\System32\svchost.exe on Target Process Installation_Path\Symantec Endpoint Protection\Current Version\Bin\Installteefer.exe

Where Installation_Path represents the actual installation path for Symantec Endpoint Protection and Current Version represents the version of Symantec Endpoint Protection you are uninstalling.
 

Cause

The default policies in Symantec Critical System Protection prevent the uninstallation of Symantec Endpoint Protection.
 

Resolution

To work around this issue and allow the uninstallation, you must edit the Symantec Data Center Security policy for each affected system as shown in the following process.

Note: This example uses the sym_win_protection_strict_sbp policy.

If an option is already enabled, do not disable it.
 

Process overview:

I. Locate the policy.
II. Update Safe Service Options.
III. Update Host Security Programs.
IV. Update Default Windows Services.
V. Update Full Service Options.
VI. Save and apply the policy changes.

 
I. Locate the policy

  1. Log on to the Symantec Data Center Security console.
  2. Click Policies > Prevention > Workspace Folders > Symantec.
  3. Under Filters, click Windows Policies.
  4. Click the appropriate policy in the right pane, and then click Edit.
  5. Under Advanced Policy Settings, click Sandboxes.

 
II. Update Safe Service Options

  1. Under Core OS Service Options, next to Safe Service Options [svc_safepriv_ps], click Edit.
  2. Click File Rules.
  3. Check the box next to Allow modifications to these files to enable the option.
  4. Click Edit > Add. Make the following entries:
    • For Resource Path, enter: \Device\Harddisk0\DR0
    • For Program Path, enter: C:\Windows\system32\MsiExec.exe
  5. Click OK.

 
III. Update Host Security Programs

  1. At the top of the policy window, click Sandboxes.
  2. Under Global Policy Options, next to Host Security Programs [hsecurity_ps], click Edit.
  3. Under General Settings then Advanced Options, under Alternate Privilege Level (choose only one), check the box next to Run with Full privileges.
     

Note: Sections IV (Update Default Windows Services) and V (Update Full Service Options) apply only if you have Windows Server 2003 (32-bit) or Windows XP (32-bit) in your environment. If you do not have any computers using these platforms, skip to Section VI (Save and apply the policy changes).


 
The Symantec Endpoint Protection file paths noted below are the default values. If you installed Symantec Endpoint Protection to a custom path, use that path instead.

 
IV. Update Default Windows Services

  1. At the top of the policy window, click Sandboxes.
  2. Under Core OS Service Options, next to Default Windows Services [def_winsvcs_ps,netsvcs_ps], click Edit.
  3. Click Process Access Controls.
  4. Check the box next to Allow full access to these processes to enable this option.
  5. Click Edit > Add. Make the following entries:
    • For Target Program Path, enter: C:\PROGRAM FILES\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\*\BIN\INSTALLTEEFER.EXE
    • For Program Path, enter: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
  6. Click OK.

 
V. Update Full Service Options

  1. At the top of the policy window, click Sandboxes.
  2. Under Core OS Service Options, next to Full Service Options [svc_fullpriv_ps], click Edit.
  3. Click Process Access Controls.
  4. Check the box next to Allow full access to these processes to enable the option.
  5. Click Edit > Add. Make the following entries:
    • For Target Program Path, enter: C:\PROGRAM FILES\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\*\BIN\INSTALLTEEFER.EXE
    • For Program Path, enter: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
  6. Click OK.

 
VI. Save and apply the policy changes

  1. At the bottom of the policy window, click Apply.
  2. Enter the policy change description, and then click Submit.
  3. Click OK to close the policy window.
  4. In the Prevention Policies window, click Apply to propagate the policy to your computers.