Deleting assets

I am looking to switch a lot of my clients to be auto billed per asset. After I move retired assets to a policy that removes av, is there any reason I should NOT just delete the asset after that runs?

Here’s my cleanup script for removing remnants (always attempt to use the proper uninstaller or uninstall tool first!):

Import-Module $env:SyncroModule -DisableNameChecking

taskkill /IM explorer.exe /F

# AVG
reg delete "HKLM\SOFTWARE\AVG" /f

# Norton/Symantec
reg delete "HKLM\SOFTWARE\Symantec" /f
Remove-Item -Recurse -Force "C:\ProgramData\Norton"
Remove-Item -Recurse -Force "C:\ProgramData\NortonInstaller"
Remove-Item -Recurse -Force "C:\Program Files\NortonInstaller"

# ESET
reg delete "HKLM\SOFTWARE\ESET" /f
Remove-Item -Recurse -Force "C:\Program Files\ESET"

# TeamViewer's ITbrain Anti-Malware
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ITbrain Anti-Malware" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ITbrain Monitoring" /f
Remove-Item -Recurse -Force "C:\Program Files\ITbrain"

# Malwarebytes
reg delete "HKLM\SOFTWARE\Malwarebytes " /f

# McAfee
reg delete "HKLM\SOFTWARE\Mcafee" /f
reg delete "HKLM\SOFTWARE\McAfee.com" /f
reg delete "HKLM\SOFTWARE\mcafeeupdater" /f
reg delete "HKLM\SOFTWARE\mcafeeupdater.com" /f
Remove-Item -Recurse -Force "C:\Program Files\Common Files\McAfee" /s /q

# SolarWinds AV Defender stuff
reg delete "HKLM\SOFTWARE\AVDefender" /f
reg delete "HKLM\SOFTWARE\N-Able Technologies\AVDefender" /f
Remove-Item -Recurse -Force "C:\Program Files(x86)\N-able Technologies\Windows Agent\AVDefender"
Remove-Item -Recurse -Force "C:\Program Files\N-able Technologies\AVDefender"
Remove-Item -Recurse -Force "C:\Program Data\N-Able Technologies"
Remove-Item -Force "C:\Program Files(x86)\N-Able Technologies\Windows Agent\config\AVDefender\Config.xml"
Remove-Item -Force "C:\Program Files(x86)\N-Able Technologies\Windows Agent\config\AVDefender\ErrorManager.xml"

# SolarWinds/LogicNow/Managed AV stuff
reg delete "HKCU\Software\Microsoft\Installer\Features\1CCD6B22A40736744A571AE34B990DE8" /f
reg delete "HKCU\Software\Microsoft\Installer\Products\1CCD6B22A40736744A571AE34B990DE8" /f
reg delete "HKEY_CLASSES_ROOT\Installer\Products\1CCD6B22A40736744A571AE34B990DE8" /f
reg delete "HKEY_CLASSES_ROOT\Installer\Products\4CD5C3BD0A7A09843BC123024BB352CE" /f
reg delete "HKLM\SOFTWARE\LogicNow" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1CCD6B22A40736744A571AE34B990DE8" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4CD5C3BD0A7A09843BC123024BB352CE" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2465414843-2580454656-430099928-1115\Products\1CCD6B22A40736744A571AE34B990DE8" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2535107696-3196376973-1651308919-1001\Products\1CCD6B22A40736744A571AE34B990DE8" /f
reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{22B6DCC1-704A-4763-A475-A13EB499D08E}" /f
reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DB3C5DC4-A7A0-4890-B31C-3220B43B25EC}" /f
reg delete "HKLM\SYSTEM\ControlSet001\Services\WebProtectionDriver1.2" /f
reg delete "HKLM\SYSTEM\ControlSet002\Services\WebProtectionDriver1.2" /f
reg delete "HKLM\SYSTEM\Setup\FirstBoot\Services\Advanced Monitoring Agent" /f
reg delete "HKLM\SYSTEM\Setup\FirstBoot\Services\ManagedAntivirus" /f
reg delete "HKLM\SYSTEM\Setup\FirstBoot\Services\NetworkManagement" /f
reg delete "HKLM\SYSTEM\Setup\FirstBoot\Services\UpdateService" /f
Remove-Item -Recurse -Force "C:\Program Files\Managed Antivirus"
Remove-Item -Recurse -Force "C:\ProgramData\ManagedAntivirus"

# Bitdefender
reg delete "HKLM\SOFTWARE\Bitdefender" /f
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\epag" /f
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EPIntegrationService" /f
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EPProtectedService" /f
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EPRedline" /f
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EPRedlineFiles" /f
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EPSecurityService" /f
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EPUpdateService" /f
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Ignis" /f
Remove-Item -Force "C:\ProgramData\*.bdinstall.*"
Remove-Item -Force "C:\ProgramData\Syncro\bin\setupdownloader_[*"
Remove-Item -Recurse -Force "C:\Program Files\Bitdefender"
Remove-Item -Recurse -Force "C:\Program Files (x86)\Bitdefender"
Remove-Item -Recurse -Force "C:\ProgramData\bdkitinstaller"
Remove-Item -Recurse -Force "C:\ProgramData\bdlogging"
Remove-Item -Recurse -Force "C:\ProgramData\bduninstalltool"
Remove-Item -Recurse -Force "C:\ProgramData\Bitdefender"

shutdown /r /f

If that doesn’t help, you can try to make GravityZone ignore existing/remnants of previous security products:

• Access GravityZone and navigate to Packages. Select the appropriate install package.
• Click on Download and select the Windows Kit (32/64bit)
• Extract the files of the epskit_x64.zip file (or epskit_x32.zip)
• Using 7Zip or a similar utility extract the epskit_x64.exe (or epskit_x32.exe) file
• Navigate to the KitFiles folder and open it
• Delete the file called detection.xml
• Close the utility and exit the editing of the kit
• Run the epskit_x64.exe (or epskit_x32.exe) to initialize the installation

2 Likes

Am I correct in assuming that if we do NOT want a certain application to be removed we can just comment ### out that section?

You would need to put a # before each line or wrap the section you don’t want in <# and #> tags.