How do you manually remove a GEHD / SEE-FD / GERS / SEE-RS client that fails to uninstall properly?
Any error message preventing you from successfully uninstalling the client from Control Panel -> Add/Remove Programs (or Programs and Features)
***** PLEASE ENSURE THE DISK IS FULLY DECRYPTED BEFORE FOLLOWING THIS PROCEDURE. OTHERWISE YOU WILL BE LOOKING AT A RECOVERY SCENARIO USING THE RECOVER / ACCESSUTILITY CD/DVD'S *****
***** PLEASE NOTE THAT SOME OF THE FOLLOWING REGISTRY KEYS / FILES MAY NOT BE PRESENT IN YOUR SCENARIO, DEPENDING ON WHAT PRODUCTS ARE INSTALLED AND HOW FAR THE ORIGINAL UNINSTALL WENT BEFORE STOPPING *****
***** THIS SOLUTION WILL NOT WORK WELL ON A WINDOWS 7 ENDPOINT; THIS IS BECAUSE ICESWORD DOES NOT WORK ON A WINDOWS 7 MACHINE *****
***** REQUIRES LOCAL ADMINISTRATOR PRIVILEGE ON THE ENDPOINT *****
- Delete the HKLM\Software\Encryption Anywhere Registry key (use IceSword if you have problems, even after trying to reset permissions on that regkey and propagating to all child objects)
- From the HKLM\System\CurrentControlSet\Service regkey, delete the following values:
- From the HKLM\Software\Microsoft\Windows\CurrentVersion\Run, delete the following value if it exists:
- From HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, delete the following value if it exists:
- From HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, modify the data content of the following value if it exists:
to reflect the following:
MSGINA (instead of EAFRCliGina)
- If you run into the issue where Explorer behaves strangely when you right click a folder or choose anything from the 'Edit' menu, then perform the following step:
Unregister DLLs ( RSShellExCachedFileOverlayIcon.dll, RSShellExEncryptedFileOverlayIcon.dll, RSShellExExePackager.dll) using the 'regsvr32.exe <dll-name> /u' command. Some of the DLLs may/may-not succeed, but that's okay.
- Delete the \Program Files\Symantec\Symantec Endpoint Encryption folder. (Use IceSword 'delete' or 'force delete' if you need to)
- Use the Microsoft Windows Installer Cleanup Utility to wipe out the 'Add/Remove Programs' entries for GuardianEdge Framework and RS client applications.
This procedure will work for the following clients on a NON-WINDOWS 7 endpoint:
- EAHD / EARS clients ( Encryption Anywhere Hard Disk / Encryption Anywhere Removable Storage )
- GEHD / GERS clients ( GuardianEdge Hard Disk / GuardianEdge Removable Storage )
- SEE-FD / SEE-RS clients ( Symantec Endpoint Encryption Full Disk / Symantec Endpoint Encryption Removable Storage )
***** The IceSword freeware utility listed below does not work on Windows 7 as yet. *****
- Unzip into a folder
- Does not require installation.
- Run the IceSword.exe executable
- On the left hand side (toward the bottom), pick either 'Registry' or 'File' depending on what entries you're looking to delete
- If its a file, once you right-click on the file, try either/or 'Delete' as well as 'Force Delete'. Keep an eye on the Windows Explorer folder to see if the file is really gone; because sometimes IceSword will give you an error even when it is SUCCESSFUL deleting an entry
- Keep an eye on the actual Windows Explorer Folder or Regedit Key/Value (use Refresh to ensure the contents are really gone)
- Sometimes, I've had to close and reopen IceSword when deleting entries to make it work ..... but I have not once run into a scenario where IceSword has NOT worked, using the above techniques
- ***** DOES NOT WORK ON WINDOWS 7 CURRENTLY *****
Windows Installer Cleanup Utility (msicuu2.zip) usage:
- Unzip contents and install by running StartMsi.vbs
- Run the utility from Start -> Programs -> Windows Instal Clean Up
- Pick the item from the list and click 'Remove' to get rid of the entry
Imported Document ID: TECH166355
IceSword is a freeware antirootkit tool (doesn't require install; standalone executable file) that helps delete registry keys and files/folders that are locked by processes. DOES NOT work on Windows 7.