I have a scenario where I have successfully enrolled Mac OS clients with both the Endpoint Communication client and with the Endpoint Protection (Comodo Antivirus). There are some cases where individual clients either request to not have Comodo installed or would like to use another anti-virus program. For simplicity in deployment to remote systems, I have deployed to these Mac OS clients WITHOUT MDM.
My question is, short of having them uninstall Comodo locally, is there any feature to request the uninstall of the Protection portion after it has been deployed? I do realize that I can use policies to disable Comodo, but I would prefer to know how to simply remove it.
In the future I may only enroll Mac OS clients, then push the protection portion later, which I have successfully tested.
Any nudge in the right direction would be appreciated.
Andrew
PS. If anyone has a script to reboot Mac computers using bash or similar procedure, that would be greatly appreciated as well.
Hello Andrew, thank you for bringing up this question! In my case, I’ve had some customers that decided later they didn’t want the antivirus as well.
I was wondering if you’ve had the opportunity to test this script? And, if you’ve run into any of the following issues:
any prompts appear to the end user? (like macOS permissions password)
if a reboot is required afterward?
if it breaks the endpoint connection like what used to happen with Windows when uninstalling CCS?
if later on CCS can be reinstalled?
I'm not asking you to test these things for me. I was just wondering if you've had success with the script. I appreciate any response if you've got the time or ability. Cheers
@uandit I did test it on my own system, and it was completely silent and uninstalled the Comodo Antivirus with no obvious indication to the user. I was watching for it, so I noticed when the Comodo menu item turned off, and confirmed that the uninstall was complete after that.
What I did find was the iTarian portal took a bit longer than I expected to remove the antivirus badge from the system in device manager.
I will be reinstalling the protection, likely tomorrow, but I don’t anticipate any issues with that, as I have done an enroll only and then install of protection on another system. I imagine the reinstall might have the slight advantage of not triggering the Apple Security permissions dialog boxes, and technically the software still has permissions from the last install.
I have also tested the script that will reboot a non-MDM enrolled mac from the device manager, and that also works as expected.
@andrew.pease Awesome! I appreciate you letting me know. I had a problem with several Macs where the user decided to upgrade to Big Sur and it screwed up Comodo Antivirus on all 3 of his macs. It showed active on device manager, but on the Macs they all showed the Comodo X in the menu bar. Unfortunately, I’m not able to physically work with his machines but I’ll see what I can do with these scripts. Thanks again.
@andrew.pease Hi there. I tested the uninstall CCS script successfully. You mentioned using a reboot script. Can you tell me where you found that script?
@uandit I believe I modified this script from the “Run Bash Shell Script” procedure in the procedure library. I have not extensively tested this, but it seems to work for most of the Macs I am managing. Obviously if the Mac in question doesn’t have bash installed, this won’t work, but most systems do…
#To define a particular parameter, replace the 'parameterName' inside itsm.getParameter('parameterName') with that parameter's name
import subprocess as sp
import os
import sys
bash=r'''
#!/bin/sh
reboot -n
'''
import os
path="/var/tmp/bashfile.sh"
with open(path,"w") as f:
f.write(bash)
sp.call(['chmod', '0777', path])
obj=sp.Popen(path,stdin=sp.PIPE,stdout=sp.PIPE,she ll=True)
print obj.communicate()[0]
if os.path.exists(path):
try:
os.remove(path)
except:
pass
This rendered the following log on my test machine:
2021/02/18 04:43:59 PM
Finished success
Software Update Tool Finding available software Software Update found the following new or updated software: * Security Update 2020-006-10.13.6 Security Update 2020-006 (10.13.6), 1209290K [recommended] [restart]