I am cleaning up a Windows 10 system where I found McAfee not present in Programs and Features but must have been installed and perhaps improperly uninstalled in the past. I saw this when I ran autoruns and could see multiple components still set to run at startup and running now as Windows services. Same with Task Manager or procexp.exe. In autoruns, running as Administrator, I was unable to uncheck (disable) these services.
Next I download mcpr and it stalled after the progress bar hit around 20%. Process explorer showed it was stuck: no advancement in total cpu time for 10 minutes. I noted these processes all were properly signed (digital certificates) from the procexp.exe and autoruns points of view.
I don't trust these mcafee services still running and must remove them and am sure I will be able to do so (many options such as Safe Mode, remove disk and delete folders the live in, etc.). But it begs the question: (1) is this normal for McAfee and MCPR? In the past, having helped perhaps 500 customers in a few years, I was always able to remove McAfee in those situations meriting it. Since it it is so popular, if I were a bad actor I would try to tamper with it in some way so it both looks digitally signed (in procexp.exe and autoruns) and becomes difficult to remove even with mcpr.exe (in non-safe mode).
My real question is *not* how to remove it or what could be affecting this (for example, file or registry permission issues) but generally speaking are there know cases (articles) discussing how it was tampered with and made to be difficult for even mcpr to remove. Or is mcpr just riddled with issues preventing it from perfectly uninstalling and cleaning up? Deep down, I believe each antivirus is more or less tamperable and each company has more or less implemented some anti-tampering features. So, please link me to good articles showing it has been and can be tampered with so that mcpr gets stuck in non-safe mode. This is all Windows 10 v1903 .