Trying to uninstall the Symantec Endpoint Protection [SEP] client using the third-party removal tool[ SCCM] or from Add remove Program. It failed to uninstall the SEP
It was observed that it failed to uninstall the Teefer2 driver
What is the Teefer2 driver?
In the MSI logs found below Error
MSI (s) (A8:B8) [10:19:59:579]: Executing op: ActionStart(Name=UninstallFirewall,,)
Action 10:19:59: UninstallFirewall.
MSI (s) (A8:B8) [10:19:59:587]: Executing op: CustomActionSchedule(Action=UninstallFirewall,ActionType=3073,Source=BinaryData,Target=UninstallFirewall,CustomActionData=C:\Program Files\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin)
MSI (s) (A8:B8) [10:19:59:600]: Creating MSIHANDLE (33825) of type 790536 for thread 17080
MSI (s) (A8:20) [10:19:59:601]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIEF5E.tmp, Entrypoint: UninstallFirewall
MSI (s) (A8!94) [10:19:59:654]: Creating MSIHANDLE (33826) of type 790531 for thread 25748
UninstallFirewall start
MSI (s) (A8!94) [10:19:59:656]: Closing MSIHANDLE (33826) of type 790531 for thread 25748
MSI (s) (A8!94) [10:20:00:511]: Creating MSIHANDLE (33827) of type 790531 for thread 25748
Error uninstalling teefer launching installTeefer.exe: 4
MSI (s) (A8!94) [10:20:00:512]: Closing MSIHANDLE (33827) of type 790531 for thread 25748
CustomAction UninstallFirewall returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
MSI (s) (A8:20) [10:20:00:516]: Closing MSIHANDLE (33825) of type 790536 for thread 17080
Action ended 10:20:00: InstallFinalize. Return value 3.
MSI (s) (A8:B8) [10:20:00:553]: User policy value 'DisableRollback' is 0
MSI (s) (A8:B8) [10:20:00:553]: Machine policy value 'DisableRollback' is 0
MSI (s) (A8:B8) [10:20:00:560]: Note: 1: 2318 2:
MSI (s) (A8:B8) [10:20:00:608]: Executing op: Header(Signature=1397708873,Version=500,Timestamp=1386041971,LangId=1033,Platform=0,ScriptType=2,ScriptMajorVersion=21,ScriptMinorVersion=4,ScriptAttributes=1)
MSI (s) (A8:B8) [10:20:00:608]: Executing op: DialogInfo(Type=0,Argument=1033)
MSI (s) (A8:B8) [10:20:00:609]: Executing op: DialogInfo(Type=1,Argument=Symantec Endpoint Protection)
MSI (s) (A8:B8) [10:20:00:610]: Executing op: RollbackInfo(,RollbackAction=Rollback,RollbackDescription=Rolling back action:,RollbackTemplate=[1],CleanupAction=RollbackCleanup,CleanupDescription=Removing backup files,CleanupTemplate=File: [1])
Action 10:20:00: Rollback. Rolling back action:
MSI (s) (A8:B8) [10:20:00:614]: Executing op: ActionStart(Name=UninstallFirewall,,)
MSI (s) (A8:B8) [10:20:00:615]: Executing op: ProductInfo(ProductKey={90FEEB01-1E20-4B5F-9F7F-164A425A8C25},ProductName=Symantec Endpoint Protection,PackageName=Sep.msi,Language=1033,Version=235015428,Assignment=1,ObsoleteArg=0,,,PackageCode={716D6FFE-D60E-481D-8F01-B8617807DC4E},,,InstanceType=0,LUASetting=0,RemoteURTInstalls=0,ProductDeploymentFlags=3)
Rollback: UninstallFirewall_RB
MSI (s) (A8:B8) [10:20:00:617]: Executing op: ActionStart(Name=UninstallFirewall_RB,,)
MSI (s) (A8:B8) [10:20:00:625]: Executing op: CustomActionRollback(Action=UninstallFirewall_RB,ActionType=1281,Source=BinaryData,Target=UninstallFirewall_RB,CustomActionData=C:\Program Files\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin)
MSI (s) (A8:B8) [10:20:00:640]: Creating MSIHANDLE (33828) of type 790536 for thread 17080
MSI (s) (A8:58) [10:20:00:641]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIF374.tmp, Entrypoint: UninstallFirewall_RB
MSI (s) (A8!7C) [10:20:00:694]: Creating MSIHANDLE (33829) of type 790531 for thread 23932
SEP version 14.2 Ru1
Issue reported on Win 7 32-bit SP1 system Only
According to the symptom and logs provided, Process “C:\Windows\system32\MsiExec.exe” calls installTeefer.exe to remove. the Teefer driver. However, installTeefer.exe has a security check and calls ccVerifyTrust to verify the certificate of the parent process “MsiExec.exe” that needs to be signed with “SignatureType_Microsoft”. Unfortunately, ccVerifyTrust fails to verify the Microsoft certificate. So, installTeefer.exe refuses to run and exits immediately with error code: 4: ERR_NO_TRUST. As a result, SEP uninstallation failed to remove the Teefer driver.
Please reach out to Broadcom support they can provide the fix.