I spend a lot of time automating installation and uninstallation of software that. If it's possible to be done for this software, this will help also to uninstall any software that doesn't have a silent uninstall string in the future. I wonder if I can rebuild these actions into a script to use it to uninstall this antivirus, to run it on every machine remotely.
Lately, I was learning some reverse-engineering tools, and I found some handy tools that will help me with various tasks, so I decided to use some of them in this scenario.įirst, I used 'Procmon' to capture the uninstallation process of this software, then I exported the logs and loaded them into 'ProcDOT' which is a great tool to read Procmon log files, and visualize any process you select into a beautiful graph, to track all the actions that have been done for that process (Which in this scenario will be the uninstall.exe file).
I'm working remotely with a big company, which has '360 Total Security' installed on 100+ devices, and I'm supporting them remotely to install an alternative that suits their business, but the problem is that '360 Total Security' doesn't have a silent uninstallation string and the registry value for UninstallString is 'C:\Program Files (x86)\360\Total Security\Uninstall.exe'. I have a scenario that is quite interesting for every sysadmin/security engineer.
