cancel
Showing results for 
Search instead for 
Did you mean: 
McDuff
Level 10
Report Inappropriate Content
Message 1 of 3

Removing ENS Firewall using SCCM Task Sequence Prompting for Password

Greetings

We're wanting to remove *only* the firewall component for ENS dring an SCCM task sequence,  but we're finding the uninstall is erroring out because it's expecting the ENS unlock password.  We're running this command to remove the firewall:

smsswd.exe /run: msiexec.exe /x {23E52C73-A84B-47C2-8D8D-24C5C04181B3} /quiet /passive 

And the uninstall is erroring out becuse it's expecting an unlock password:

 [5916] [GenericCustomAction] Please provide an appropriate password using PASSWORD switch while uninstalling in silent mode.

Has anyone else experienced this?  Any way to make SCCM a "trusted installer" that doesn't require the unlock password?  We have added ccmexec and smsswd.exe as excluded exes and the Microsoft certificate as well.

 

2 Replies
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Removing ENS Firewall using SCCM Task Sequence Prompting for Password

While I didn't see a way to pass along the ENS Uninstall password via msiexec.exe command line, there is an alternative method that may help here by importing an ENS ESP (Common) module policy (that has the Uninstall password disabled) prior to running the ENS FW uninstall.  This is what I tested that worked for me without using SCCM; I don't support/have SCCM, but it will probably not be much of an issue to incorporate another step.

  1. Your ENS Common (ESP) policy is set with an Uninstall password.
  2. On one of the ENS clients, modify the local ENS Common policy and disable the Uninstall password feature.
  3. On this client, create a new encrypted ENS Common policy file that has the Uninstall password disabled, by running the ESConfigtool.exe tool (please see Page 50 of ENS install guide for more details about this tool).  You will need to replace <password> with the password you configured in your ENS Common policy.  
    "C:\Program Files\McAfee\Endpoint Security\Endpoint Security Platform\ESConfigTool.exe" /export c:\temp\policy_nopassword.xml /module ESP /unlock <password>
    Command executed successfully. Please refer to Endpoint Security logs for details
  4. So now you have a ENS Common policy file (which the only difference from the running/configured policy is that the Uninstall password feature is disabled) that can be imported onto the client prior to running the ENS FW uninstall.  Import this file to the client (ensure the /unlock command and Uninstall password are provided here), which will disable the ENS Uninstall password, then the uninstall Msiexec command can be ran.

 

  • Import new ENS Common policy with Uninstall password disabled.
    "c:\Program Files\McAfee\Endpoint Security\Endpoint Security Platform\ESConfigTool.exe" /import c:\temp\policy_nopassword.xml /module ESP /unlock <password>
    Command executed successfully. Please refer to Endpoint Security logs for details
  • Execute the MSIEXEC uninstall command.  You can add the /l*v switch (and whichever directory path you desire) to Msiexec in order to create an uninstall log.  The 5B73AED4... product code below is for a Win10 x64 system; insert the appropriate ENS product GUID for your environment  (check the Uninstall registry key at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall for details).
    MsiExec.exe /X{5B73AED4-BABE-4F0D-BF43-BCDA4BBF6B7F} /l*v c:\temp\ensfw_uninstall.log /quiet /passive
McDuff
Level 10
Report Inappropriate Content
Message 3 of 3

Re: Removing ENS Firewall using SCCM Task Sequence Prompting for Password

Sorry for the delay, thanks for the suggestion.  In the end we decided to take a shortcut and use ePO to do the uninstall prior to the task sequence.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community