This is going to be a long post. it is to fix issues with Windows 10 1803 getting notification that Symantec must be manually uninstalled.
First you have to be at SEP Client 14.0.3 for Windows 10 1803 update of this to work. My version is 14.0.3929.1200.105 on server and most of my clients.
Script is saved as .txt and attached (I think) on this post,
Bottom of post has the text of the powershell script.
Some suggested fixes that did not work:
Cleanwipe will not resolve this issue, I tried that.
Re-installing windows also will not work unless you delete everything on the drive or format the drive during install.
Causes:
Essentially, what happened is that Symantec install is sent by a zipped package that has the executables in it.
Once you unzip the package, the executables that Windows update looks for is found in the install folder.
Windows 1803 update does not look everywhere, but will look anywhere that the system can access.
So if you are deploying with SCCM, there is an install package in ccmcache from the last install.
If you contacted support on a previous version and they sent you a 7zip exe to extract, then the exe's are somewhere else.
If you deployed using SCCM then the exe's will be in a subdirectory under the c:\windows\ccmcache directory.
If you deployed using a single exe, then it extracted somewhere and you may have the exe's there.
I called support for a script to fix this. Got nowhere. That is anothe story, best left out.
My Solution
I made a powershell script to find and rename the 2 executables if they are outside of Program Files or Program Files (x86)
For SCCM to be able to use this, the .ps1 probably needs to be signed.
Attached is a sample of the script.
<#
This Script is to look for any Symantec Endpoint Protection files that prevent Windows 10 Update to 1803
If a computer has any install folder for an older version these files will exist in the install folder. Windows update checks the version.
ccsvchst.exe Version 13.3.1.14
smc.exe Version 14.0.3929.1200
Windows Update to 1803 gives error that 2 Symantecs must be uninstalled, 1 for each file.
To find the offending file names look in this folder (after the update has failed or they will not be listed.)
C:\$WINDOWS.~BT\Sources\Panther\setupact.log
Search for 'Manual uninstall required' (no tick marks.)
References:
https://www.symantec.com/connect/forums/solved-windows-10-1709-cant-update-and-clean-wipe-cant-full-remove-endpoint-protection
Point of contact, Brian VanTassel
Agency for Persons with Disabilities, Florida.
Notes: This has to be signed to run through SCCM
Built for deployment through SCCM Task Sequence.
#>
Script renames either ccsvchst.exe Version 13.3.1.14 or smc.exe Version 14.0.3929.1200 if version is less than what is shown
In this script, change 'SomeServerName' in the line to your share path. Create the folders for the path. The script writes results to the file. The results are attempted. Depending on system rights, it may not be the case. This indicates the steps ran, but you should test it.
$outfile="\\SomeServerName\DeployLogs\Symantec\Win10-1803RenameFix\Win10-FilesRenam_Status-Apps.txt"
This is where the accumulated log is written to. Domain users and Domain Computers will need read and write to this share.
You will also need a share for deploy files. This will need to be read for domain users and domain computers.
Sign the script using a code signing certificate (another story there.)
Example of results shows Computer name, path to file, version information and what was attempted:
ComputerName-10;;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3929.1200.105\Bin\ccSvcHst.exe;13.3.1.14;Not Modified
ComputerName-10;;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3929.1200.105\Bin\Smc.exe;14.0.3929.1200;Not Modified
ComputerName-10;;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe;14.0.3929.1200;Not Modified
ComputerName-10;;C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.3929.1200.105\Data\Cached Installs\Program Files\Symantec\Name\Version\Bin\ccSvcHst.exe;13.3.1.14;Not Modified
ComputerName-10;;C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.3929.1200.105\Data\Cached Installs\Program Files\Symantec\Name\Version\Bin\Smc.exe;14.0.3929.1200;Not Modified
ComputerName-10;;C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Cached Installs\Program Files\Symantec\Name\Version\Bin\ccSvcHst.exe;13.3.1.14;Not Modified
ComputerName-10;;C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Cached Installs\Program Files\Symantec\Name\Version\Bin\Smc.exe;14.0.3929.1200;Not Modified
ComputerName-10;;C:\Users\All Users\Symantec\Symantec Endpoint Protection\14.0.3929.1200.105\Data\Cached Installs\Program Files\Symantec\Name\Version\Bin\ccSvcHst.exe;13.3.1.14;Not Modified
ComputerName-10;;C:\Users\All Users\Symantec\Symantec Endpoint Protection\14.0.3929.1200.105\Data\Cached Installs\Program Files\Symantec\Name\Version\Bin\Smc.exe;14.0.3929.1200;Not Modified
ComputerName-10;;C:\Users\All Users\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Cached Installs\Program Files\Symantec\Name\Version\Bin\ccSvcHst.exe;13.3.1.14;Not Modified
ComputerName-10;;C:\Users\All Users\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Cached Installs\Program Files\Symantec\Name\Version\Bin\Smc.exe;14.0.3929.1200;Not Modified
To deploy the script in SCCM I used a Task Sequence, with 2 run command steps.
it will probably work with one step, but I copy the script to a folder I use on the computers for local install logs.
Most of my Task Sequences create this folder if it does not exist: "C:\ProgramData\CM_Install_logs"
Copy Command line:
cmd.exe /c copy /y "\\ServerName\Deploy File Share\Scripts\Win101803SymFileRenamFix.ps1""C:\ProgramData\CM_Install_logs"
Run powershell cmd:
cmd.exe /c PowerShell.exe -executionpolicy unrestricted -file "C:\ProgramData\CM_Install_logs\Win101803SymFileRenamFix.ps1"
Powershell Script (was named Win101803SymFileRenamFix.ps1) Start below this line
<#
This Script is to look for any Symantec Endpoint Protection files that prevent Windows 10 Update to 1803
If a computer has any install folder for an older version these files will exist in the install folder. Windows update checks the version.
ccsvchst.exe Version 13.3.1.14
smc.exe Version 14.0.3929.1200
Windows Update to 1803 gives error that 2 Symantecs must be uninstalled, 1 for each file.
To find the offending file names look in this folder (after the update has failed or they will not be listed.)
C:\$WINDOWS.~BT\Sources\Panther\setupact.log
Search for 'Manual uninstall required' (no tick marks.)
References:
https://www.symantec.com/connect/forums/solved-windows-10-1709-cant-update-and-clean-wipe-cant-full-remove-endpoint-protection
Point of contact, Brian VanTassel
Agency for Persons with Disabilities, Florida.
Notes: This has to be signed to run through SCCM
Built for deployment through SCCM Task Sequence.
#>
$outfile="\\SomeServerName\DeployLogs\Symantec\Win10-1803RenameFix\Win10-FilesRenam_Status-Apps.txt"
#$env:COMPUTERNAME
#Get-Childitem –Path C:\ -Include ccsvchst.exe,smc.exe -File -Recurse –force -ErrorAction SilentlyContinue | Select *
#$Paths2Files = Get-Childitem –Path "C:\" -Include ccsvchst.exe,smc.exe -File -Recurse –force -ErrorAction SilentlyContinue | Select name,Fullname
$Paths2Files = Get-Childitem –Path "C:\" -Include ccsvchst.exe,smc.exe -File -Recurse -ErrorAction SilentlyContinue | Select name,Fullname
foreach ($file in $Paths2Files){
$VersionInfo = (Get-Item $file.fullname).VersionInfo
$FileVersion = ("{0}.{1}.{2}.{3}" -f $VersionInfo.FileMajorPart,
$VersionInfo.FileMinorPart,
$VersionInfo.FileBuildPart,
$VersionInfo.FilePrivatePart)
#Write-Host $file.fullname $fileversion
If ($file.fullname -like "*Program Files*\Symantec\Symantec Endpoint Protection*") {$action="ProgramFiles Not Modified"}
ElseIf ($file.name -eq "ccsvchst.exe") {
If ($FileVersion -lt "13.3.1.14") {$action="renamed"
Rename-Item -Path $file.fullname -NewName "ccsvchst.ex_"}
ElseIf ($FileVersion -eq "13.3.1.14") {$action="Not Modified"}
}
ElseIf ($file.name -eq "smc.exe") {
If ($FileVersion -lt "14.0.3929.1200") {$action="renamed"
Rename-Item -Path $file.fullname -NewName "smc.ex_"}
ElseIf ($FileVersion -eq "14.0.3929.1200") {$action="Not Modified"}
}
Write-Host $file.fullname $fileversion $action
$out2file=$env:COMPUTERNAME+";"+$date+";"+$file.fullname+";"+$fileversion+";"+$action
$out2file | out-file -filepath $outfile -append
}
# SIGNATURE BLOCK WAS HERE
# End signature block WAS HERE
End of script above this line
