Announcement

Collapse
No announcement yet.

Uninstalling the Endpoint Protection (Comodo) remotely for Mac OS clients

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Uninstalling the Endpoint Protection (Comodo) remotely for Mac OS clients

    Greetings,

    I have a scenario where I have successfully enrolled Mac OS clients with both the Endpoint Communication client and with the Endpoint Protection (Comodo Antivirus). There are some cases where individual clients either request to not have Comodo installed or would like to use another anti-virus program. For simplicity in deployment to remote systems, I have deployed to these Mac OS clients WITHOUT MDM.

    My question is, short of having them uninstall Comodo locally, is there any feature to request the uninstall of the Protection portion after it has been deployed? I do realize that I can use policies to disable Comodo, but I would prefer to know how to simply remove it.

    In the future I may only enroll Mac OS clients, then push the protection portion later, which I have successfully tested.

    Any nudge in the right direction would be appreciated.

    Andrew

    PS. If anyone has a script to reboot Mac computers using bash or similar procedure, that would be greatly appreciated as well.

  • #2
    ilgazy I got a notification of a response, but I can't seem to find it on the portal. Could you send it again? Thank you in advance.

    Comment


    • #3
      Hi andrew.pease,

      Please run this script to uninstall Comodo Client Security in MAC OS and let us know if you have any issue
      https://scripts.itarian.com/frontend...rity-in-mac-os

      Kind Regards,
      PremJK

      Comment


      • #4
        Thank you!

        Comment


        • #5
          Hello Andrew, thank you for bringing up this question! In my case, I've had some customers that decided later they didn't want the antivirus as well.

          I was wondering if you've had the opportunity to test this script? And, if you've run into any of the following issues:
          • any prompts appear to the end user? (like macOS permissions password)
          • if a reboot is required afterward?
          • if it breaks the endpoint connection like what used to happen with Windows when uninstalling CCS?
          • if later on CCS can be reinstalled?
          I'm not asking you to test these things for me. I was just wondering if you've had success with the script. I appreciate any response if you've got the time or ability. Cheers

          Comment


          • #6
            uandit I did test it on my own system, and it was completely silent and uninstalled the Comodo Antivirus with no obvious indication to the user. I was watching for it, so I noticed when the Comodo menu item turned off, and confirmed that the uninstall was complete after that.

            What I did find was the iTarian portal took a bit longer than I expected to remove the antivirus badge from the system in device manager.

            I will be reinstalling the protection, likely tomorrow, but I don't anticipate any issues with that, as I have done an enroll only and then install of protection on another system. I imagine the reinstall might have the slight advantage of not triggering the Apple Security permissions dialog boxes, and technically the software still has permissions from the last install.

            I have also tested the script that will reboot a non-MDM enrolled mac from the device manager, and that also works as expected.

            Andrew

            Comment


            • #7
              andrew.pease Awesome! I appreciate you letting me know. I had a problem with several Macs where the user decided to upgrade to Big Sur and it screwed up Comodo Antivirus on all 3 of his macs. It showed active on device manager, but on the Macs they all showed the Comodo X in the menu bar. Unfortunately, I'm not able to physically work with his machines but I'll see what I can do with these scripts. Thanks again.

              Comment


              • #8
                andrew.pease Hi there. I tested the uninstall CCS script successfully. You mentioned using a reboot script. Can you tell me where you found that script?

                Thanks in advance.

                Comment


                • #9
                  uandit I believe I modified this script from the "Run Bash Shell Script" procedure in the procedure library. I have not extensively tested this, but it seems to work for most of the Macs I am managing. Obviously if the Mac in question doesn't have bash installed, this won't work, but most systems do..

                  Code:
                  #To define a particular parameter, replace the 'parameterName' inside itsm.getParameter('parameterName') with that parameter's name
                  import subprocess as sp
                  import os
                  import sys
                  
                  bash=r'''
                  #!/bin/sh
                  
                  reboot -n
                  '''
                  import os
                  
                  
                  path="/var/tmp/bashfile.sh"
                  with open(path,"w") as f:
                  f.write(bash)
                  
                  sp.call(['chmod', '0777', path])
                  
                  obj=sp.Popen(path,stdin=sp.PIPE,stdout=sp.PIPE,she ll=True)
                  print obj.communicate()[0]
                  
                  if os.path.exists(path):
                  try:
                  os.remove(path)
                  except:
                  pass

                  Comment


                  • #10
                    andrew.pease thanks. I used that and it worked. I also created another one using:

                    osascript -e 'tell app "System Events" to restart'

                    because I read it is considered "safer". I'm not sure, but either way they both worked. Thanks again.

                    Oh, by the way, I found another cool script to check for macOS updates from an old article (https://www.macrumors.com/how-to/upd...nal-command/):
                    softwareupdate -l

                    This rendered the following log on my test machine:
                    2021/02/18 04:43:59 PM Finished success Software Update Tool Finding available software Software Update found the following new or updated software: * Security Update 2020-006-10.13.6 Security Update 2020-006 (10.13.6), 1209290K [recommended] [restart]

                    Comment


                    • #11
                      what software deployment solution do you have? roll the uninstall into a script. cleanwipe is also an option.

                      Comment

                      Working...
                      X