I’m trying to use BigFix to deploy Sophos (Anti-Virus) to our users to replace TrendMicro.
The Sophos installer is smart enough to uninstall Trend for us, but requires user interaction (you cannot force that part to run silently).
Unfortunately, when you push it with BigFix, they are never prompted. From playing around, I’ve discovered that if you set it to run as the current user, instead of as system, AND you disable UAC on the computer you’re deploying to, it works great. If you dont disable UAC, they never get prompted (not even the UAC priv escalation prompt), and if its run as system they never get prompted.
Obviously this is not a solution. We cant go disabling UAC on everyone’s computer (especially since it requires a reboot to disable).
Anyone know a workaround for this? This is really high priority for us.
Windows doesn’t allow services to interact with the desktop anymore (because it could lead to escalation or privileges like the “shatter attack”). So you can run the uninstall as SYSTEM, but no user can see any dialogs.
Windows UAC is designed to specifically to prevent situations exactly like what you are trying to do (make admin changes in the background). I am not sure the exact reason why it is not prompting you, but UAC causes lots of problems like this.
I don’t know much about uninstalling Trend (other than the version that we install ourselves)… Is there any tool or script you can run to uninstall TM?
I actually really like that solution - the only issue being we have trend setup so that you cant kill the services without unloading trend first (which takes a password).
You also need to remove the Firewall component which is attached to the network settings. If you don’t remove this before removing all the other parts the PC becomes unable to access the network.
I’m doing the same atm (Removing Trend and installing Sophos) and I’ve removed our Trend uninstall password for now. My only issue is the PCs with broken Trend installations.