Steps required to uninstall the Symantec SCSP agent
Critical System Protection (SCSP)
You need to uninstall the CSP agent via control panel or command line
Please consult the Installation Guide located in the folder "docs" of the installation package, or in the documentation page, for more comprehensive details.
On Windows, the SCSP Agent can be uninstalled using Add/Remove Programs.
On Unix, you can uninstall the agents by using native operating system package commands. The package name for the agent is SYMCcsp.
When the uninstaller completes, it reports an uninstall status.
For Unix DCS 6.x Agents, please see the following KB on uninstall details
Manual Uninstall of DCS Unix Agents
To uninstall agents using package commands:
pkgrm SYMCcsp
rpm -e SYMCcsp
rpm -e SYMCcsp
swremove SYMCcsp
setld -d SYMCSP520
init 6
Computers running HP-UX and AIX do not need to be restarted.
**Note that the command for uninstalling from Linux has changed for DCS 6.x to:
rpm -e SYMCsdcss
Disabling and enabling Solaris agents
Temporarily disabling the Solaris IPS agent
You should temporarily disable the IPS agent, if there are serious performance issues that you suspect are being caused by the IPS agent, or if you have applied a prevention policy that is not allowing you to access the system in any way.
After you disable the agent, apply the Null prevention policy or a prevention policy in which prevention was disabled. Reboot the system.
You should perform these procedures only in emergency situations.
To temporarily disable the IPS driver, interrupt the boot cycle with a Stop-a or break sequence.
At the ok prompt, type and run the following command:
boot -as
You must include the s switch in the boot command to boot into single-user mode. If you omit the s switch, then once the system boots into multi-user mode, it will enable the Data Center Security: Server Advanced driver.
When the boot sequence asks for the location of your /etc/system file, type one of the following:
/etc/system-pre-sisips
/dev/null
Permanently disabling Solaris IPS agents
If you have performance issues with Solaris agents, you may need to permanently disable them.The following procedure disables an agent, not the driver. The driver will still be running.You should perform these procedures only in emergency situations.
To permanently disable Solaris agents, open a Terminal window and become superuser.
Type and run the following commands:
/etc/init.d/sisipsagent stop
/etc/init.d/sisidsagent stop
Type and run the following commands to rename the agent scripts, which temporarily break any symbolic links in the rc#.d startup scripts:
mv /etc/init.d/sisipsagent /etc/init.d/sisipsagentOFF
mv /etc/init.d/sisidsagent /etc/init.d/sisidsagentOFF
Open a Terminal window and become superuser.
Type and run the following commands, which rename the sisipsgent scripts:
mv /etc/init.d/sisipsagentOFF /etc/init.d/sisipsagent
mv /etc/init.d/sisidsagentOFF /etc/init.d/sisidsagent
Type and run the following command to restart the computer:
init 6
Disabling and enabling Linux agents
Temporarily disabling the Linux IPS agent
You should disable the Linux IPS agent, only if there are serious performance issues that you suspect are being caused by the IPS agent, or if you have applied a prevention policy that is not allowing you to access the system in any way.
After you disable the agent, apply the Null prevention policy or a prevention policy in which prevention was disabled. Reboot the system.
You should perform these procedures only in emergency situations.
To temporarily disable the IPS driver, during the boot cycle, add the string SISIPSNULL to the boot options. The agent and kernel mode driver do not load, and the policy is not enforced.
Permanently disabling Linux agents
If you have performance issues with Linux agents, you may need to permanently disable them.The following procedure disables an agent, not the driver. The driver will still be running.You should perform these procedures only in emergency situations.
To permanently disable Linux agents, open a Terminal window and become superuser.
Type and run the following commands:
/etc/init.d/sisipsagent stop
/etc/init.d/sisidsagent stop
Type and run the following commands to rename the agent scripts, which temporarily break any symbolic links in the rc#.d startup scripts:
mv /etc/init.d/sisipsagent /etc/init.d/sisipsagentOFF
mv /etc/init.d/sisidsagent /etc/init.d/sisidsagentOFF
Open a Terminal window and become superuser.
Type and run the following commands, which rename the sisipsgent scripts:
mv /etc/init.d/sisipsagentOFF /etc/init.d/sisipsagent
mv /etc/init.d/sisidsagentOFF /etc/init.d/sisidsagent
Type and run the following command to restart the computer:
init 6