i am trying to uninstall Nessus Agent from multiple machines and task is running fine and i can see it deletes the reg and the agent itself but status of the task stuck on running . here is the line i am using.
waithidden msiexec.exe /X { name of keys whose( (exists values “DisplayName” whose(it as string as lowercase starts with “Nessus Agent (x64)” as lowercase) of it) AND (exists values whose(it as string as lowercase starts with “msiexec”) of it) ) of keys “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of ( x64 registries; x32 registries ) } /qn
If you are 100% sure the command itself works (tried it manually via cmd on a box that is having a problem through BigFix and it completes fine without any additional prompts or anything) then you need to check off different things but you need to make sure it does first - I’ve seen certain software require passwords to uninstall or other parameters. Once you are sure of the command itself you need to go down the list - for example, are you accounting for the syswow32 redirection? By default, the above is running the 32bit version of msiexec.exe (C:\Windows\SysWOW64\msiexec.exe) not the x64 version (C:\Windows\System32\msiexec.exe) but your relevance is trying pointing to both x64 and x32 registries/software. Another issue I’ve seen is certain commands actually in the background interact with the login session and use some user variables where through BigFix it most-likely is running as SYSTEM and those do not exist - it’s a bit harder to verify that but there are certain ways to test manual executions of commands to be ran as SYSTEM (google it, you’d fine examples). I doubt it’s the latter since it’s msiexec but worth a try if you’ve ruled the others already.
It seems like that is the issue . a pop up window coming and asking if i want to delete all related files on this sytem …
So how can i make scripts to go ahead and click yes ? do i have to create a batch file for this or can BF action script can d that ?
I saw this guide too but the problem is we disabled power shell in machines and I have to uninstall Nessus from
Large amount of machines . So this is not an option . Do you know if there is any way to force pop up to cont via bf action script ? I have tried “/qn” even locally thru command window and still Pop up coming .
The problem is that Nessus has an action in their MSI that does not suppress the message on silent uninstall…you’ll need to check with them on whether there is a custom MSI property you can set on the command line to suppress the message.
It may be crucial, in that link from @FatScottishGuy, to remove the agent from the Nessus server first?
Having looked at our uninstall fixlet, it seems I found this troublesome:
// unlink agent
if {exists file "nessuscli.exe" of folder "Nessus Agent" of folder "Tenable" of (program files x64 folder; program files x32 folder) }
wait "{pathname of file "nessuscli.exe" of folder "Nessus Agent" of folder "Tenable" of (program files x64 folder; program files x32 folder)}" agent unlink
endif
// stop service
if {exists running service whose(display name of it as lowercase contains "tenable nessus agent") }
wait sc stop "{service name of service whose(display name of it as lowercase contains "tenable nessus agent")}"
pause while {exists running service whose(display name of it as lowercase contains "tenable nessus agent") }
endif
// delete service
if {exists service whose(display name of it as lowercase contains "tenable nessus agent") }
wait sc delete "{service name of service whose(display name of it as lowercase contains "tenable nessus agent")}"
pause while {exists service whose(display name of it as lowercase contains "tenable nessus agent") }
endif
// uninstall msi
if {exist keys whose( (exists values "DisplayName" whose(it as string as lowercase starts with "Nessus Agent" as lowercase) of it) AND (exists values whose(it as string as lowercase starts with "msiexec") of it) ) of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of ( x64 registries; x32 registries ) }
parameter "theDisplayName" = "Nessus Agent"
waithidden msiexec.exe /X { name of keys whose( (exists values "DisplayName" whose(it as string as lowercase starts with (parameter "theDisplayName") as lowercase) of it) AND (exists values whose(it as string as lowercase starts with "msiexec") of it) ) of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of ( x64 registries; x32 registries ) } /qn /norestart
endif
SO we ended up creating our own uninstaller for Nessus and pulling apart the entire reg. so i am running to an issue to delete a reg folder and its subfolders. i am fairly nw to bf action scripts but i have this so far . apparently i need to create a del.reg to do this . action completes but it is not deleting Tenable key and subfolders.
trying to delete Tenable and its subfolders.
HKEY_LOCAL_MACHINE\SOFTWARE\Tenable