Ever tried to silently uninstall the TrendMicro AntiVirus client when it’s password protected? You probably could not find a suitable, free and total solution for your situation. It happened to me a while ago and I would like to share my experiences. I know it’s possible to manage the installed clients through the TrendMicro server management console, but at the company where I implemented this solution they chose not to because of the limited bandwidth to certain company locations.
Environment description:
- Windows 2008 R2
- Window 7
- SCCM 2007 R2
- RES Workspace Manager 2011 SR2
- App-V 4.6 SP1
- TrendMicro v10.5+
The challenge:
Before installing the new version of the TrendMicro AV client the old client needs to be uninstalled. When I tried uninstalling the client with “msiexec.exe /x{guid} /qn /norestart” I noticed that the the uninstallation failed. At that point I discovered that the uninstallation required a password. The uninstall will be a part of a SCCM 2007 “Task Sequence” which will contain multiple software updates and contains one reboot at the end.
Requirements:
- Workarround for the Password protection
- No Reboot until planned reboot
- Silent Uninstall
Solution:
Searching the internet for a solution I didn’t find any working method to bypass the password protection and/or silently uninstalling the AV client. It seemed that the only solution was to manage the clients through the TrendMicro AV Management Console. Like mentioned earlier this was not an option. I needed to look for another solution. After some searching I came across the AUTOPCC.ini file on the TrendMicro management Server: AUTOPCC.ini located in:
“X:\Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\Autopcc.cfg”
Here I found the values -991334* (no password) and -0442* (silent uninstall).
I discovered that these parameters worked in combination with “ntrmv.exe” which is located in the following location on the client side:
“C:\program Files\Trend Micro\OfficeScan Client\”
(*) I’ve recently changed these parameters for security reasons, if your not able to find these parameters on the location I mentioned. You are probably not authorized to uninstall the TrendMicro AV
By using these parameters in combination with “ntrmv.exe” the uninstall ignores the password protection and uninstalls the TrendMicro client silently without rebooting.
I created a script for the uninstall. In this script I prevented that the installation of the new client would start before the uninstall of the old client is completed. To achieve this I added a check in the script. It will check if the “ntrmv.exe” process is still running, if so it will keep on checking untill the process has stopped. Than the script will finish. Underneath the code of the vbs script I created.
' Name : UnInstall-TrendMicro.vbs
' Description : Script for silently uninstalling TrendMicro client and bypass password protection.
' Created by: Marco Nuijens - Virtualizethis.net
Set WshShell = WScript.CreateObject("WScript.Shell")
set FSO = CreateObject("Scripting.FileSystemObject")
strApp = "C:\Program Files\Trend Micro\OfficeScan Client\ntrmv.exe"
strPara1 = "-980223"
strPara2 = "-331"
Dim myExit, return
myExit = 0
currentDirectory = left(WScript.ScriptFullName,(Len(WScript.ScriptFullName))-(len(WScript.ScriptName)))
' Run UnInstall of TrendMicro
WshShell.run Chr(34) & strApp & Chr(34) & " " & Chr(34) & strPara1 & Chr(34) & " " & Chr(34) & strPara2 & Chr(34), 0, True
' Activate the loop until result is "myExit" = 1
Do Until myExit = 1
' Triggers the check on the active "ntrmv.exe" process
CheckTrendMicro
Loop
SUB CheckTrendMicro()
myExit = 1
set service = GetObject ("winmgmts:")
' Check for active ntrmv.exe process.
for each Process in Service.InstancesOf ("Win32_Process")
If Process.Name = "ntrmv.exe" then
myExit = 0
' wait for X time before checking for running process again.
Wscript.sleep(60000)
End if
NEXT
End SUB
Underneath a version which will check if it’s a x86 or x64 installation;
' Name : UnInstall-TrendMicro.vbs
' Description : Script for silently uninstalling TrendMicro client and bypass password protection.
' Created by: Marco Nuijens - Virtualizethis.net
Set WshShell = WScript.CreateObject("WScript.Shell")
set FSO = CreateObject("Scripting.FileSystemObject")
strApp = "C:\Program Files\Trend Micro\OfficeScan Client\ntrmv.exe"
strPara1 = "-980223"
strPara2 = "-331"
If OSarchitecture() Then
strApp = "C:\Program Files\Trend Micro\OfficeScan Client\ntrmv.exe"
Else
strApp = "C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrmv.exe"
End If
Dim myExit, return
myExit = 0
currentDirectory = left(WScript.ScriptFullName,(Len(WScript.ScriptFullName))-(len(WScript.ScriptName)))
' Run UnInstall of TrendMicro
WshShell.run Chr(34) & strApp & Chr(34) & " " & Chr(34) & strPara1 & Chr(34) & " " & Chr(34) & strPara2 & Chr(34), 0, True
' Activate the loop until result is "myExit" = 1
Do Until myExit = 1
' Triggers the check on the active "ntrmv.exe" process
CheckTrendMicro
Loop
SUB CheckTrendMicro()
myExit = 1
set service = GetObject ("winmgmts:")
' Check for active ntrmv.exe process.
for each Process in Service.InstancesOf ("Win32_Process")
If Process.Name = "ntrmv.exe" then
myExit = 0
' wait for X time before checking for running process again.
Wscript.sleep(60000)
End if
NEXT
End SUB
'Function to check if architecture is X86 or X64 (AMD64)
Function OSarchitecture()
Const HKLM = &H80000002
Dim strComputer, WshShell, sOSarch
strComputer = "."
Set WshShell = WScript.CreateObject("WScript.Shell")
sOSarch = WshShell.RegRead("HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\PROCESSOR_ARCHITECTURE")
If sOSarch = "x86" Then
OSarchitecture = False
End If
If sOSarch = "AMD64" Then
OSarchitecture = True
End If
Set WshShell = Nothing
End Function
After the uninstall I checked if there was anything left behind. As well as the installation folder as the TrendMicro registry-tree were completly deleted during the uninstall.
If you’ve got any comments or questions please post them below if not I hope this information was useful for you.
I don’t known why I didn’t find below directory in my computer.
X:Program Files (x86)Trend MicroOfficeScanPCCSRVAutopcc.cfg
Dear Asen,
That directory is located on the server where the TrendMicro management console is installed. And X stands for the driveletter where it’s installed. Could also be “c” or “d” or any other driveletter. You cannot find it on the client computers.
You could try it with the same parameters I used, these should work. If not, you need to find the AUTOPCC.ini file like described in the blogpost.
Greetz,
Marco Nuijens
Those command line options are the same for my installation. I’m thinking that they chose a “random” feeling number to prevent people from learning how to uninstall via commandline, without a password?
This find is impressive. Hands down one of the best odd finds I’ve seen in my 15 years of geekdom. Thanks for the post, I can’t seem to find much information about OfficeScan on the Internet.
Hi Aaron,
Glad to be of help :). I found myself wandering the same thing too, why are they using the same numeric value in every installation. But it helped me and you and probably some more people. The reason I made the post is that I was looking for a suitable solution too but could not find a reasonable one.
Again glad to be of help and thanks for your commemt 🙂 always nice to hear 🙂
When I ran the script it is still bring up a prompt to enter the password. I am running Trend 10.6 and have the same requirements as the author of the post (To silently uninstall Trend that is password protected)
Disregard…The values for SilentInstall and No Password were different on my version. After modifying the parameters the script worked like a charm! I will be bundling this script with SEPprep since we are replacing Trend with Symantec’s solution for my company. Now to get all everything Automated and I should be good. Thanks for posting this! It was so much help and very useful!
Hi Christine,
It could be that the values are not working for you. But to be honest I have changed the values a bit for security reasons of the company I worked for. So they could have been the same.
I will adjust the post so it’s more clear for future readers that they will have to get the values themselve from the Autopcc.cfg file.
Thanks you and glad to be of some help 🙂
Great job on this. Especially locating the values in the Autopcc.cfgi. Worked fantastic. Thanks for sharing.
When I ran the script I got
Line 31
Char 1
Error The system cannot find the file specified
Code 80070002
Made sure you check the install directory. For mine it was “Client Server Security Agent” instead of “Office Scan Client”
I changed this in the script and ran it again but still get the same error. Any ideas what I’m doing wrong here?
BTW This script is EXACTLY what I have been looking for. Thank you for reviving this thread and posting. You have made my life so much easier as I have about 200 clients that I need to remove from various computers at a mine site. Some are above ground, some underground so this saves me having to remote into each one. THANK YOU THANK YOU.
Hi Kellan,
Glad to be of some help. I’ve noticed that lately the code blocks in my blog posts are ignoring the (back)slashes. I suggest changing the variable strApp into “C:Program FilesTrend MicroOfficeScan Clientntrmv.exe” in your case to “C:Program FilesClient Server Security Agentntrmv.exe”
Hopefully this will correct your issue if not please let me know. Sorry for the inconvenience, I’m working on a new site which will overcome these mistakes in the script blocks.
Kind regards
Marco,
Here is my script as it stands x’s for my config numbers.
‘ Name : UnInstall-TrendMicro.vbs
‘ Description : Script for silently uninstalling TrendMicro client and bypass password protection.
Set WshShell = WScript.CreateObject(“WScript.Shell”)
set FSO = CreateObject(“Scripting.FileSystemObject”)
strApp = “C:Program FilesTrend MicroClient Server Security Agentntrmv.exe”
strPara1 = “-xxxxxx”
strPara2 = “-xxx”
Dim myExit, return
myExit = 0
currentDirectory = left(WScript.ScriptFullName,(Len(WScript.ScriptFullName))-(len(WScript.ScriptName)))
‘ Run UnInstall of TrendMicro
WshShell.run Chr(34) & strApp & Chr(34) & ” ” & Chr(34) & strPara1 & Chr(34) & ” ” & Chr(34) & strPara2 & Chr(34), 0, True
‘ Activate the loop until result is “myExit” = 1
Do Until myExit = 1
‘ Triggers the check on the active “ntrmv.exe” process
CheckTrendMicro
Loop
SUB CheckTrendMicro()
myExit = 1
set service = GetObject (“winmgmts:”)
‘ Check for active ntrmv.exe process.
for each Process in Service.InstancesOf (“Win32_Process”)
If Process.Name = “ntrmv.exe” then
myExit = 0
‘ wait for X time before checking for running process again.
Wscript.sleep(60000)
End if
NEXT
End SUB
Am I missing something?
For What the
strPara1 = “-991334”
strPara2 = “-442”
Are used ?
Hi Oussama,
These are the parameters you have to change to your parameters found in the “X:Program Files (x86)Trend MicroOfficeScanPCCSRVAutopcc.cfg” file on your management server of Trendmicro.
-991334 is the parameter for “no password” and -0442 is the parameter for “silent uninstall”. Please notice that you need to change these parameters for the values found in your “autopcc.cfg” file.
Kind regards,
Marco Nuijens
Marco, where I can find this parameters if I have only Trend Micro Security Agent 5.8.1113 without management server?
Hi there,
I am sorry but i don’t think there are parameters for that. Is your version password protected?
Greetz,
Marco
Yes, password was assigned by default.
Hi Zagir,
Have you tried using this script with the parameters provided by others? You could give it a try but since most of us are using version 10.5 and 10.6 it could be that it will not work.
In that case your best chance will be contacting Trendmicro and ask if they have a uninstaller for your version.
If not and if it’s just 1 device i suggest you redeploy/reinstall the OS.
Greetz,
Marco
Hi, sorry, you know the commands for silentInstall, i try change the value in the same file, autopcc.ini, but in the login script the window of CMD show the process , i need one command for example @echo off for no show this.. thanks
Hi Rocko,
Could you please tell me which method u are using to launch the vbs?
Kind regards,
Marco
Hi Marco,
Thanks for sharing such a post. It would be a great help if you could share how and where to run this vbs script from, and if possible also please post the latest and working script once more.
Regards,
Suman
Hi Suman,
The script as displayed in the blogpost is a working script. You just need to change the parameters 1 and 2 in the script. These can be found in “X:Program Files (x86)Trend MicroOfficeScanPCCSRVAutopcc.cfg” on the TrendMicro management server or in another location if decided to install it elsewhere.
You can run this script locally on the client (with admin privileges) or use for example SCCM to run this script on your clients.
Regards,
Marco Nuijens
Great script, worked a treat for us. The parameters for Trend 10.6 SP1 are as below if of any use to others:
strPara1 = “-980223”
strPara2 = “-331”
Thanks for sharing your good work
Glad to be of help Akachicka 🙂
Any idea what the codes would be for version 11 ?
All help would be great !
Hi Doug,
Have u tried to use this script? Don’t think there will be much differences between 10.5 and 11 so u could try it. I haven’t tested it myself on 11 tho. So if u could test it please let inform me about the results.
Many thanks in advance!
This worked for version 12.0
THANKS!
CUSTOMER IS HAPPY!!!!
Glad to be of help!
I would like to start the autoinstallation of the new product after deinstallation. The deinstallation codes works fine but i cant find a position and a way to start the new installation. Could you help me?
Hi Christian,
This is possible but I would advice to reboot the machines first before installing the new installation.
Offcourse when using SCCM 2007/2012 u could use a task seqeunce to accomplish this.
Greetings,
Marco
I dont necessarily need the parameters since I’m dont care if the uninstall is silent, and I know the PW to uninstall. The thing is, I would still like to script something so I dont have to logon to every machine to do the uninstall. Doable?
U still can use this script, it does an uninstall of the client which is what u want to achieve.
I haven’t found another way to uninstall the client even if u have the correct password. All other methods I found will prompt u for a password which isn’t the solution you are looking for since u want it to be an automated uninstall.
Great script worked like a charm for me
tested this script with ver 11 with those parameters
strPara1 = “-980223″
strPara2 = “-331″
Thank you for the confirmation Mohamed!
Glad to be of help with the script 🙂
Hello Marco,
Thank you for a very useful script, you saved my day 🙂
I would just add up few things if someone need it in the future.
I had to uninstall TrendMicro that asked for admin password, fight with UAC, and then install Kaspersky, all of those remotely, on our company domain.
So here is solution that I used:
– First, remote access, command prompt – sysinternals helped me, with following:
psexec.exe \machine -s cmd.exe
For some reason, with -n and -p for user and password, even though I am domain admin, enterprise admin, local admin, below reg things gave me a access denied answer.
– Second, two lines below, will disable UAC (first) and not ask for it if you remoted as local admin (second)
reg.exe ADD HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem /v EnableLUA /t REG_DWORD /d 0 /f
reg.exe ADD HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f
-Third, your script 🙂 Thanks again!
-Fourth, script that waits for process ntrmv.exe to end (not mine, found on net and adopted):
Function IsProcessRunning( strServer, strProcess )
Dim Process, strObject
IsProcessRunning = False
strObject = “winmgmts://” & strServer
For Each Process in GetObject( strObject ).InstancesOf( “win32_process” )
If UCase( Process.name ) = UCase( strProcess ) Then
IsProcessRunning = True
Exit Function
End If
Next
End Function
‘ Main
Dim strComputer, strProcess
strProcess = “ntrmv.exe”
strComputer = “computer”
Do
Loop until ( IsProcessRunning( strComputer, strProcess ) = False )
Then I ran Silent kaspersky install.
All in all, for whole process I didn’t need to force users to restart, all worked right after uninstall / install, I just did restart when they logged off at end of the day.
Ivan.
Hi Ivan,
Glad to be of some help and thank you for sharing your solution. I am sure this will also help alot of people. I used to run the script through SCCM so I didn’t encounter the issue with UAC. But it looks like you have tackled that problem.
Thank you again for sharing your solution.
Kind regards,
Marco
Hi All,
Is there a way to create a VB Script to on,ly silently unload the password protected Officescan agent.
Regards,
Vinay Agarwal
Hi Vinay,
I am not sure what u exactly mean. You only want to uninstall the clients which are password protected and those not installed on a system?
Kind regards,
Marco
Excellent script I can confirm this works for Trend Micro Office Scan 11.0. I just changed the file path of line 6 “strApp = “C:Program FilesTrend MicroOfficeScan Clientntrmv.exe” to strApp = “C:Program Files (x86)Trend MicroOfficeScan Clientntrmv.exe”
Thank you again.
Hi Luis,
Thank u for confirming this and glad to be of help.
Kind regards,
Marco
Hi How are you. Can you please share with me the batch file that I can use to remove trend micro 11 . I would really appreciate your support and help. Thanks and Regards
Thx a lot. this script works great four our environment with worry free Business. just changed some Parameters. have a nice Weekend!
Greetz,
Andi
Hi Andi,
Glad to be of help!
Kind regards,
Marco
Hi Marco Nuijens. Hope you are doing well. Can you please confirm if I can use the same script to remove trend micro 11.0 SP1. Your reply is highly appreciated. I will wait for your kind reply. Thanks
Dear Sulman,
Like Luis confirmed underneath it should also work with TM 11 SP1. Please note that there is a difference between a 64bit and a 32 bit application and the installation directory.
Excellent script I can confirm this works for Trend Micro Office Scan 11.0. I just changed the file path of line 6 “strApp = “C:Program FilesTrend MicroOfficeScan Clientntrmv.exe” to strApp = “C:Program Files (x86)Trend MicroOfficeScan Clientntrmv.exe”
Kind regards,
Marco
I am close and now can interact with the uninstall, but I am prompted for a password, which I know, and I can not seem to psexec it remotely. Even tried the -p password and domain and password. I keep getting system can not find file. I run the vbs and it seems to prompt me for a password. This is for version 10. I would like to have help on the prompt part and I can continue to research the remote part. The script is verbatim with the exception of program files (x86).
Dear Austin,
Could u please post the script the way u have it right now?
Kind regards,
Marco
Dear Marci. Can you please share with me the batch file that I can use to remove trend micro 11 . I would really appreciate your support and help. Thanks and Regards
Hi Macro ,
i tested your script but unfortunately it asked me for password which i do not know , I am testing this on 64 bit version 11 , would you please share any information how to bypass the password as the script is not working for that
your answers is highly appreciated ,
Hi Haytham,
Please notice that u need to use the correct parameters.
strPara1 = “-980223″
strPara2 = “-331″
U could try these which worked for Mohamed.
Kind regards,
Marco
Dear Macro,
It would be much appreciated if you could add a line for me in the script which can uninstall that anti-virus for both 32bit and 64bit machines. Like look for both the folders using If.. Else.. and execute the script once the required .exe has been found.
Thank you very much in advance 🙂
Dear Abdullah,
See underneath the script adjusted with a x86/x64 check. I can’t check if the script will work correctly because I don’t have an environment with TrendMicro installed at this moment.
Please let me know if it works for you!
Note: copy paste these lines in notepad too loose the layout and overcome errors.
Script:
Dear Macro,
Thank you very much for your effort.
There was no way I could lose the formats so I had to manually edit all the inverted commas. ( ” ” ).
But then i still get the below error:
Script: C:Usersa.fahadDesktopTrend.vbs
Line: 17
Char: 1
Error: The system cannot find the file specified.
Code: 80070002
Source: (null)
I tried to look at your old main script, this line:
WshShell.run Chr(34) & strApp & Chr(34) & ” ” & Chr(34) & strPara1 & Chr(34) & ” ” & Chr(34) & strPara2 & Chr(34), 0, True
It works fine with out any errors.
Please advice, thank you.
Hi Abdullah how are you. Can you please send me the script on sulman.mushtaq@outlook.com that is working for you? I will really appreciate. Thanks
I’ve adjusted the main post with the script which checks if it’s installed on a x86 or x64 architecture. Hopefully this one will work for you Sulman. Unfortunately I cannot test it myself so please let me know if this works for u.
Dear Marco and Sulman,
I am still getting an error at line 23:
WshShell.run Chr(34) & strApp & Chr(34) & ” ” & Chr(34) & strPara1 & Chr(34) & ” ” & Chr(34) & strPara2 & Chr(34), 0, True
picture: http://imgur.com/wtqqH36
I checked for the folders and the path, it exists.
What is wrong with the script?
Please help and thank you.
=============================================
Dear Abdullah,
Looking at the screenshot and knowing the script works I can conclude that the script is working fine. It just can’t find the file. Until now this issue only occurs in the following situations;
– The installation directory is not the directory mentioned in the script
– It cannot resolve if it’s a 64bit of 32bit installation.
Please run the following script and let me know what the outcome is (save script as vbs script and run within a command prompt ; wscript.exe.vbs )
It will show u 2 pop-ups
‘ Name : Check_Existance_ntrmv_exe.vbs
‘ Description : Script for checking existance of filename ntrmv.exe
‘ Created by: Marco Nuijens – Virtualizethis.net
strApp86 = “C:Program FilesTrend MicroOfficeScan Clientntrmv.exe”
strApp64 = “C:Program Files (x86)Trend MicroOfficeScan Clientntrmv.exe”
Dim FSO
Set FSO = CreateObject(“Scripting.FileSystemObject”)
If fso.FileExists(strApp86) Then
MsgBox “ntrmv.exe exists in location” & ” ” & strApp86
Else
MsgBox “ntrmv.exe does not exists in location” & ” ” & strApp86
End If
If fso.FileExists(strApp64) Then
MsgBox “ntrmv.exe exists in location” & ” ” & strApp64
Else
MsgBox “ntrmv.exe does not exists in location” & ” ” & strApp64
End If
Dear Macro,
Thanks for your reply.
I executed the script like you said and got 2 message box, i have snipped both and uploaded here:
http://imgur.com/Kgy8ZjN
so it is finding the path but something is wrong with the main script at line 23.
you 1st script works fine still after changing the folder path. but not the second one.
Here is the main original script, that works for me but not exactly silent, it prompts for an installation message.
http://imgur.com/6GL5rzc
But maybe that can be sorted out changing the parameters, my main concern is the 2nd script doesn’t execute at all, just gives an error.
Dear Abdullah,
Can u e-mail me the second script? I will check it for flaws and will send it back to u.
U can e-mail me at info@virtualizethis.net
Kind regards,
Marco
Dear Marco,
Have you received my email? I have sent you one on the 14th August.
Dear Abdullah,
I’m sorry for my late reaction I was enjoying a short vacation. Can you inform me how you launch the script like which method u use to launch it on a local of remote device?
Greetings,
Marco
i was having the same issues of error at line 23 i fixed it by modifying the way the script verifies if it is 32 or 64 bit
replace lines 11 – 15 with
If GetObject(“winmgmts:rootcimv2:Win32_Processor=’cpu0′”).AddressWidth _
= 32 Then
strApp = “C:Program FilesTrend MicroOfficeScan Clientntrmv.exe”
Else
strApp = “C:Program Files (x86)Trend MicroOfficeScan Clientntrmv.exe”
End If
delete lines 45-59
Thank you for your input! I will adjust the main post as soon as possible.
Dear all, I am trying to run this vbs script, but whenever I try to run it I get the error.
Line: 6
Char:10
Error: Invalid Character
Source: Microsoft VBScript compilation error
appreciate if anyone can tell me why am I getting this error and how can i fix it. Thanks
Dear Sulman,
It could be that something went wrong when copying the script. Sometimes it will happen that the ” isn’t recognised as a “. Best thing u could do in this case is to copy/paste the tekst in notepad (losing all layout settings) and than copy paste it again in your VBS file. Or re-type the ” chars in your editting program. If this is the issue you will see some differences in the font of the ” char.
Give it a try and let me know!
Earlier on u asked me for a batch command to run the vbs script. U could try these lines underneath;
1. be sure to replace “.vbs” with the name you have given to your vbs file
2. batch file and vbs file should be in the same directory when using the command line underneath
cscript.exe %~dp0.vbs
let me know if this worked for u.
Kind regards,
Marco
Firstly thanks for the reply, I tried your recommendation but still I am getting the complication error about invalid character. I would really appreciate and thankful if you can please email me the correct vbs file at ***.
Appreciate your support. Thanks
I will send u an e-mail, removed your mail address from your post so it won’t become a victim for spam.
Dear Marco I got your email but it was blocked by hotmail. I would really appreciate if you can compress the file and re-send it again as it will not be blocked if it is compressed. I really appreciate your support and kindness. Please send it again. Thanks
Dear Sulman,
I resend you the file as a compressed file and as a *.txt file.
Hopefully this will work for you. Please let me know.
Greetings,
Marco
Dear Marco, thank you for your email I got the files, really appreciate your support. However when we run the script we get the error that
Line: 17
char:1
The system cannot find the file specified.
This is the same error which Abdullah is getting. Any suggestions how we can fix this? Thanks
Dear Marco , I made few changes and now it is working as a charm for removing the agent, brilliant. I thank you for your support and help. cheers
Dear Sulman,
Thank you for the confirmation. Could you please share with us which changes you have made to the script?
Is it the difference between 32 and 64bit installation? Because if he couldn’t find the file it’s because of it’s installed in a different directory or because of the differences in the program files directory.
Kind regards,
Marco
Yes you are right , make sure you use 32 bit for 32 bit and 64 bit for 64 bit. Thanks
Dear Marco and Sulman,
I am still getting an error at line 23:
WshShell.run Chr(34) & strApp & Chr(34) & ” ” & Chr(34) & strPara1 & Chr(34) & ” ” & Chr(34) & strPara2 & Chr(34), 0, True
picture: http://imgur.com/wtqqH36
I checked for the folders and the path, it exists.
What is wrong with the script?
Please help and thank you.
Well I tested it on 3-4 machines were 64 BIT, I ran it with cscript and it worked fine . I will double check it again with 32 BIT machines to see what is the cause. Earlier I got the same error becuase I was trying to run the 32 BIT patch on 64 BiT machines so I changed it with 64 BIT file paths and it worked fine.
Just what I needed, thanks! Here’s a batch file version:
@echo off
:: —- define constants ———————
set Param1=-980223
set Param2=-331
set RemoverName=ntrmv.exe
set RemoverPath=C:\Program Files\Trend Micro\OfficeScan Client\%RemoverName%
if defined ProgramFiles(x86) set RemoverPath=C:\Program Files (x86)\Trend Micro\OfficeScan Client\%RemoverName%
:: —- Launch uninstaller ————–
if exist “%RemoverPath%” (
“%RemoverPath%” “%Param1%” “%Param2%”
) else (
echo Could not find “%RemoverPath%”
goto ExitPt
)
:: —- Spin until uninstaller exits ————
set /A Ct=0
:CheckAgain
tasklist /FI “IMAGENAME eq %RemoverName%” 2>NUL | find /I /N “%RemoverName%”>NUL
if %errorlevel% NEQ 0 goto ExitPt
set /A Ct=%CT%+1
echo %Ct% – Uninstalling, Please wait …
ping -n 2 127.0.0.1 >nul
goto CheckAgain
:: —– Exit Point —————————–
:ExitPt
exit /b 0
Seem to be having some issues with the Batch file. I’m not sure what I’m missing any assistance would be appreciated. Below I adjusted the file path but when I run nothing happens.
@echo off
:: —- define constants ———————
set Param1=-991334
set Param2=-442
set RemoverName=NTRmv.exe
set RemoverPath=C:\Program Files\Trend Micro\Client Server Security Agent\NTRmv.exe
if defined ProgramFiles (x86) set RemoverPath=”C:\Program Files (x86)\Trend Micro\Client Server Security Agent\NTRmv.exe”
:: —- Launch uninstaller ————–
if exist “C:\Program Files (x86)\Trend Micro\Client Server Security Agent\NTRmv.exe” (C:\Program Files (x86)\Trend Micro\Client Server Security Agent
\NTRmv.exe” “-991334” “-442”
) else (
echo Could not find “C:\Program Files (x86)\Trend Micro\Client Server Security Agent\NTRmv.exe”
goto ExitPt
)
:: —- Spin until uninstaller exits ————
set /A Ct=0
:CheckAgain
tasklist /FI “IMAGENAME eq NTRmv.exe” 2>NUL | find /I /N “NTRmv.exe”>NUL
if %errorlevel% NEQ 0 goto ExitPt
set /A Ct=%CT%+1
echo %Ct% – Uninstalling, Please wait …
ping -n 2 127.0.0.1 >nul
goto CheckAgain
:: —– Exit Point —————————–
:ExitPt
pause
exit /b 0
Waouw ! ! Thanks .. I was struggling for days !!
It worked great.
Glad to be of help Gael!
Thank you Marco veeeeeeeeery muuuuuch! This is perfect and it works flawlessly.
Tour welcome Jose! Glad to be of help!
Hi,
Do you know if this is still working with OfficeScan 32 bit (on 64 bit Windows 10) version 12.0.4430?
If using the -980223 parameter on NTRmv.exe i still get prompted for an uninstall password.
Thomas
Hi Thomas,
Most likely it’s using different parameters, you can find them as explained in the blog post.
If you use the correct script and paramters it should work on both 32 as 64 bit operating systems.
kind regards,
Marco
Hi again,
I have looked in the AUTOPCC.ini file and the silent and nopassword commands are the same as the one shown in your script. But it still prompts for a password 🙁
Thomas
Hi Thomas,
That is strange, have you tried to run the command line manually in a command prompt? Just to be sure the command line is working and it’s not the script which is failing?
“C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrmv.exe” -980223 -331
Or browse to the directory and:
ntrmv.exe -980223 -331
Your script worked a treat Many thanks
Alimac
I was having the same issue as “Thomas Forsmark Sørensen”, ntrmv.exe -980223 -331 doesn’t work but ntrmv.exe -980223 works (and obviously shows the GUI during uninstall)
I opened support request to Trend Micro about that, took them about two weeks until they sent me CUT Tool (https://success.trendmicro.com/solution/1116938-information-about-the-cut-tool-for-officescan-osce) which worked perfectly.
So if you have same issue with ntrmv.exe I suggest you request the CUT Tool from Trend Micro’s support.
Hi Mika,
Thank you for your response. You probably had a corrupted agent or never have used a password for your agent. Maybe Trendmicro has changed things in the newer edition? I haven’t worked with Trenmicro for a while now so I can’t test it anymore.
The CUT tool will be a great tool for short term use. For long term use you will need to update it every 90 days.
I quote “For security considerations, this tool will be expired every 90 days. You will need to request it from Trend Micro Technical Support again.”
HI,
first of all you guys are doing great tasks! lot of helpful tips here.
we are using Officescan XG version 12.0. Service pack 1. I’m trying to uninstall agent silently as this forums suggested but. i prompt me for password window. tried to run ntrvm -980223 -331 but no prompt nothing happens.but when i run ntrvm -980223 it start uninstall and prompts for password. is there any parameter change for XG or i’m missing else.?
Hi Vinod,
I do not know if the parameters are the same for Officescan XG and if the script will work if you should change these parameters. But first I would like too advice you too look for the parameters in the config file located on your management server. In the case of TrendMicro Officescan 10 this is the following location: “X:\Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\Autopcc.cfg” (where X is de driveletter where it’s installed on.) Perhaps for the XG version it’s another location so maybe you can search for the Autopcc.cfg file. If it does not exist and you cannot find the parameters I don’t think the script will help you.
You could try and contact TrendMicro for an uninstaller.
Kind regards,
Marco
HI,
officescan XG version is 12.0.5xxx
I got the location of autopcc.cfg folder where i can see .INI files. autopcc.ini file contains as
[MISC]
NoModifyAutoexec = 0
[Intl]
Language_Check = 0
sLanguage = eng
[PCC97]
path = PCC95\DISK1
pathA = PCC95\DISK1
CheckCorpFlag = 1
SilentInstall = -s -f1″setup.iss” -m”status”
SilentUninstall = /Silent
NoPrescan = -007
NoPassword = /noaskpassword
NoStopInstall = -008
NoMemChk = -z
[PCCNT]
path = PCCNT\DISK1
pathA = PCCNT\DISK1
ExecuteIoMonitor = 1
SilentInstall = -s
SilentUninstall = -331
NoPrescan = -007
NoPassword = -980223
NoStopInstall = -008
NoMemChk = -z
[Install]
Uninstall = 0
SilentInstall = 0
SilentUninstall = 0
NoPrescan = 1
SkipServer = 0
NoStopInstall = 1
NoMemChk = 1
[WaitTime]
PCC95 = 0
PCC95_UNINSTALL = 30
PCCNT = 0
PCCNT_UNINSTALL = 30
Pccntupd = 5
SelfLaunch = 0
as you mentioned NO password and silent parameters i tried with ntrmv.exe manually but silent feature work but when i i use no password feature even though it prompt for password to put manually.which uninstall parameter should i use? PCCNT?? can i see any parameter or clue at client end?
Hi Vinod,
Running “ntrvm.exe -980223 -331” should be sufficient. This will silently uninstal TrendMicro. Perhaps there is another process running in the background for example the AV is scanning, which prefends the software from uninstalling? It seems the parameters are correct.
[PCCNT]
SilentUninstall = -331
NoPassword = -980223
Still works like it suppose to do 🙂
5 Euro Jonguh ! ! !
😉
If the management server is uninstalled then,will script work ?
Hi Amila,
Yes it does not need the management server.
Kind regards,
Marco
I could hug you!
This does not seem to work any longer in Windows 10. I just tested this on OfficeScan 1905 and it either runs and closes or prompts for the password
I do not think it has something to do with Windows 10 it’s depending of the version of OfficeScan or an update of OfficeScan.
Having similar results… Does not seem to skip the uninstall password anymore…
If I exlude the -331 I can see it launch and then prompt for password…. I have the uninstall password Is there a way to pass to the NTRVM?
Hi,
Just wanted to check if you all have got a workaround the same.
I am also trying ntrmv.exe -980223 -331 but it doesn’t work.
When I run ntrmv.exe -980223, it prompts for password.
Need to uninstall officescan agent remotely from all around 1000 endpoints.
You made my Day 🙂
Thank you very much. Very good job. Works like a charm 🙂