Jump to content

Remote uninstall of ESET Endpoint Antivirus


gpalau
 Share

Recommended Posts

Hi all

I would like to know how can I massively remote-uninstall via script ESET Endpoint Antivirus.  We are testing a process and we need to remove the antivirus from a large number of macOS endpoints so we can re-install again.

I have been looking for ways to accomplish this, but I have only found the script to remove ESET Remote Administrator Agent, but I havent been able find out the correct way to stop the Antivirus  service and remove the app...

Any ideas?

 

Link to comment
Share on other sites

  • Administrators

It shouldn't be possible to uninstall any AV software easily via scripting. Otherwise any malware or attacker could do that to disable protection first prior to performing other malicious actions. Since you mentioned that ERA Agent was installed, did you try uninstalling ESET via ERA ?

Link to comment
Share on other sites

34 minutes ago, Marcos said:

It shouldn't be possible to uninstall any AV software easily via scripting. Otherwise any malware or attacker could do that to disable protection first prior to performing other malicious actions. Since you mentioned that ERA Agent was installed, did you try uninstalling ESET via ERA ?

If the endpoint is managed by a higher authority this shouldnt be a problem.  Because the process would be running in elevated form.  The point is I havent found a way to remove the Endpoint AV remotely.  Currently we have a problem with a test group we are experiencing some DNS issue and we can't target the mac's properly via ERA.  So we wanted to remove the Endpoint AV remotely via a script or command option we can push to our deployment group, which is managed by our MDM.

If the option is not available on ERA, is there a way to remove the Endpoint AV remotely by script? or do you have an Uninstall_ESET.app we can push or how? I would not want to go manually one by one, so I could remove the client.

 

PS. I know how my post is looking suspicious to you, since this is my first post, and you have 11K but this is a genuine question.  I can send you a PM with my company name and phone and we can discuss privately with you wish...

Edited by gpalau
Link to comment
Share on other sites

For example, I found, a script that "should" start the removal process:

/Applications/ESET Endpoint Antivirus.app/Contents/Helpers/Uninstaller.app/Contents/Scripts/uninstall.sh

But when I execute the script internally I get a command not found error...

So then I copied the contents of the script to an file, changed its permissions and it runs, but then breaks giving this other error:
 

ESET Endpoint Antivirus Version 6.5.432.1 Uninstall Script
This script will uninstall ESET Endpoint Antivirus 6.5.432.1.

Starting uninstallation procedure using './eset_av_uninstall.sh'
Executing uninstaller tool 1...
ERROR: uninstallation step 1 failed! Cannot execute tool '/Users/admin/Desktop/Scripts/../Helpers/ut1'

I think its because its assuming that the files it needs to run are in the same folder...

 

Anyways, the scripts are there, so why make a half baked attempt keep the product "secure" by not including a fully remote engaged script to remove the product?

 

Link to comment
Share on other sites

Just doing the uninstall blindly I'd imagine you'll run into HIPS issues (self protection). I'd also imagine that the scripts are there to be run by the ERA Agent, likely kept in a way that is unusable otherwise (that'd be my guess).

I have a tool that will do an uninstall for the windows version (they have the tool available on their web page), i know for the current windows version of the tool it requires safe mode to operate.. but all that can be scripted if needed.

Would the instructions here help? https://support.eset.com/kb3244/

 

 

Link to comment
Share on other sites

I got a hold of support, I thought this was the support forum.... they provided the info, but basically it was like I dotted above

have to run this from root:

(I wish this was available in their knowledge base it is so easy, just dont understand the lack of communication...)

/Applications/ESET Endpoint Antivirus.app/Contents/Helpers/Uninstaller.app/Contents/Scripts/uninstall.sh
Edited by gpalau
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...