This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Dan_Roddy
Collaborator
‎2018-06-14 10:36 AM

Upgrading Endpoint clients using SCCM

I need to upgrade our endpoint clients from E80.70 to E80.82 using SCCM and we are having problems with the uninstall of the old version.  

Here is the syntax from the SCCM Install Behavior..Specify the command to uninstall this application:

msiexec /x {D4DE00A5-606C-414A-B712-8B85682C0E40} /qn UNINST_PASSWORD=********

Here is the command to install:

msiexec /i "EPS.msi" /q

Product code is: {D4DE00A5-606C-414A-B712-8B85682C0E40}

Note: We have no problems installing any version using the above install command via SCCM..

Thanks for any ideas!

Dan

9 Replies
Steve_Lander
Collaborator
‎2018-06-14 01:31 PM

I have seen problems with certain endpoints not being able to uninstall, and we have worked with TAC to resolved but did not get anywhere.  For us, if I encountered where if I uninstalled the endpoint, decrypted it, and did the final uninstallation, it would give me one of two errors; either the password was incorrect or it gave me an uninstallation error.  In this case, we would have to rebuild the computers.  

I am not sure if you can upgrade straight from E80.70 to E80.82 but its worth a try, though the ones that have problems upgrading will have the problem I just described.

0 Kudos
Dan_Roddy
Collaborator
‎2018-06-14 01:49 PM

Sorry, I should have identified the blades we have deployed.  We have only 3: Anti-Bot, Forensics and Ransomware, Threat Emulation and Anti-Exploit.

So we don't have the encryption blade and I know for certain the password is good.  

Thanks for your input Steve!

0 Kudos
Dan_Roddy
Collaborator
‎2018-06-14 02:39 PM
In response to Dan_Roddy

Does the uninstall string need quotes around the password, maybe?

msiexec /x {D4DE00A5-606C-414A-B712-8B85682C0E40} /qn UNINST_PASSWORD="********"

0 Kudos
Steve_Lander
Collaborator
‎2018-06-15 05:09 AM
In response to Dan_Roddy

We are pretty much using all the blades except capsule docs and VPN.  

This is what I got from TAC when trying to uninstall.

For best results use the MSI that is stored in C:\ProgramData\CheckPoint\Endpoint Security
msiexec /x EPS.msi /l*v uninst.log UNINST_PASSWORD=<uninstall pass> 

Dan_Roddy
Collaborator
‎2018-06-20 09:58 AM
In response to Steve_Lander

Thanks Steve, I'll give this a try.

0 Kudos
Dan_Roddy
Collaborator
‎2018-07-30 11:53 AM
In response to Steve_Lander

Hi Steve,  Is  your endpoint environment Win10?

0 Kudos
Steve_Lander
Collaborator
‎2018-07-31 05:01 AM
In response to Dan_Roddy

We are on a mix of Windows 10 1703 and 1803.  Things seem to work much better on 1803 though.

Martijn_Tigchel
Explorer
‎2018-08-30 12:45 PM

Couple of questions for you:

1) Considering that you are using SCCM, I assume you are running the processes with SYSTEM credentials on the PCs. Can you confirm?

2) What happens when you manually run the uninstall process with SYSTEM credentials on one of your systems? You can do this by using "psexec" from the SysInternals suite:

- open a command prompt using "Run as administrator"

- execute "psexec -s -d -i cmd.exe" to open a command prompt with SYSTEM credentials

- execute "whoami" to verify success

- execute "msiexec /x {D4DE00A5-606C-414A-B712-8B85682C0E40} /l*v uninstall.log"

You will have to manually type in the uninstall password for this session. The file "uninstall.log" will contain details of what is going on with the uninstall process. You will want to carefully examine the "uninstall.log" file. Especially the sections that start with "ISSetAllUsers" and "BlockWrongContext".

With regards to the INSTALL process you should also test this using the following command line, executed under SYSTEM credentials like SCCM would be doing (see above):

- execute "msiexec /i eps.msi /l*v install.log"

You will want to carefully review the file install.log. I will not be surprised for you to find out that the installer reverts to using a previous version of the "eps.msi" installer than the one you *think* it is using. This is because the UNINSTALL process is not always properly removing all registry keys of the previous installation and as a result the installer may revert to using the previous "install source" - which could be the version of "eps.msi" somehwere in your SCCM cache folders located in c:\Windows\ccmcache\xxx...

The installers are buggy. You need to double-check that the system is doing what you think it is doing...

Dan_Roddy
Collaborator
‎2018-09-26 01:53 PM
In response to Martijn_Tigchel

Martijn,

Thanks for your feedback, I just found it now.  I will verify and get back to you.

Best,

Dan

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events