#########################Configuration#Section########################################################################## # This option will install Comodo Client Security if is not present on the endpoint # InstallCCS = "yes" # This option will start a Full Scann on the endpoint after Comodo Client Security is installed # This option will work only if you have a Full Scan scheduled in your profile scan = "yes" ####################################### # Third Party Antivirus Section # # This option will uninstall CrowdStrike RemoveCrowdStrike = "no" # This option will uninstall Sophos RemoveSophos = "no" # This option will uninstall Vipre RemoveVipre = "no" # This option will uninstall AVG Business Security V20.4.3125 RemoveAVG = "no" # This option will uninstall Bitdefender Endpoint Security Tools RemoveBitdefenderEndpointSecurityTools = "no" # This option will uninstall Symantec Cloud RemoveSymantecCloud = "no" # This option will uninstall Symantec Endpoint Protection RemoveSymantecEndpointProtection = "no" # This option will uninstall ESET Endpoint Antivirus and ESET Remote Administrator Agent RemoveESET = "no" # This option will uninstall Webroot SecureAnywhere RemoveWebroot = "no" ####################################### # If you want to enforce the CCS version, choose enforceCCS = "yes" # This option will uninstall any other CCS version and install the specified version # enforceCCS = "no" CCSVersion = "12.3.0.8177" ####################################### # This option will uninstall the Legacy Product # RemoveESM = "no" ######################################################################################################################## import os import ctypes import re import time import socket try: import winreg as _winreg except ImportError: try: import _winreg except ImportError: pass import shutil import ssl try: import urllib.request as urllib2 except ImportError: try: import urllib2 except ImportError: pass import getpass import sys import datetime i=0 j=0 allowtorun=0 min = '5' datenow = datetime.datetime.now() datestamp = datenow + datetime.timedelta(minutes = int(min) -1) def GetWindowsEdition(Key_name): val = "" try: reg = _winreg.ConnectRegistry(None, _winreg.HKEY_LOCAL_MACHINE) ok = _winreg.OpenKey(reg, Key_name, 0, _winreg.KEY_WOW64_32KEY | _winreg.KEY_READ) val = _winreg.QueryValueEx(ok, "ProductName")[0] _winreg.CloseKey(ok) return val except Exception as exception: val = "Windows Registry Exception: " + str(exception) return val WindowsVersion = GetWindowsEdition('SOFTWARE\Microsoft\Windows NT\CurrentVersion') class disable_file_system_redirection: if not ("XP" in WindowsVersion or "2008" in WindowsVersion): try: _disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection _revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection def __enter__(self): self.old_value = ctypes.c_long() self.success = self._disable(ctypes.byref(self.old_value)) def __exit__(self, type, value, traceback): if self.success: self._revert(self.old_value) except: pass # Create 'TimeStampStatus' file and write current time def WriteTimeStampToTheTimeStampFile(datetowrite): Path_for_time_stamp_file = r"" Os_Path = r"{0}\Program Files (x86)".format(os.environ['systemdrive']) if os.path.exists(Os_Path): Path_for_time_stamp_file = r"{0}\Program Files (x86)\ITarian\Endpoint Manager\rmmlogs\TimeStampStatus.txt".format(os.environ['systemdrive']) else: Path_for_time_stamp_file = r"{0}\Program Files\ITarian\Endpoint Manager\rmmlogs\TimeStampStatus.txt".format(os.environ['systemdrive']) open(Path_for_time_stamp_file, "w+").write(str(datetowrite.strftime("%y-%m-%d %H:%M:%S"))) # read 'TimeStampStatus' file def readTimeStampStatus(): Path_for_time_stamp_file = r"" Os_Path = r"{0}\Program Files (x86)".format(os.environ['systemdrive']) if os.path.exists(Os_Path): Path_for_time_stamp_file = r"{0}\Program Files (x86)\ITarian\Endpoint Manager\rmmlogs\TimeStampStatus.txt".format(os.environ['systemdrive']) else: Path_for_time_stamp_file = r"{0}\Program Files\ITarian\Endpoint Manager\rmmlogs\TimeStampStatus.txt".format(os.environ['systemdrive']) vartime = open(Path_for_time_stamp_file, "r") time = vartime.read() return time def verifyfileexist(): Path_for_time_stamp_file = "" Os_Path = r"{0}\Program Files (x86)".format(os.environ['systemdrive']) if os.path.exists(Os_Path): Path_for_time_stamp_file = r"{0}\Program Files (x86)\ITarian\Endpoint Manager\rmmlogs\TimeStampStatus.txt".format(os.environ['systemdrive']) else: Path_for_time_stamp_file = r"{0}\Program Files\ITarian\Endpoint Manager\rmmlogs\TimeStampStatus.txt".format(os.environ['systemdrive']) return Path_for_time_stamp_file # read CCS version def readCCSVersion(): Path_for_CCS_Version = r"" getccsvar = "" Os_Path = r"{0}\Program Files\COMODO\COMODO Internet Security".format(os.environ['systemdrive']) if os.path.exists(Os_Path): Path_for_CCS_Version = r"{0}\Program Files\COMODO\COMODO Internet Security\cfpver.dat".format(os.environ['systemdrive']) ccsvar = open(Path_for_CCS_Version, "r") getccsvar = ccsvar.read() getccsvar = getccsvar.strip('\r\n') return getccsvar def alert(arg): sys.stderr.write("%d%d%d" % (arg, arg, arg)) def AVDB(): EnvTemp = os.environ['PROGRAMDATA'] Dest_Path = os.path.join(EnvTemp, r'Comodo') FullScanReview = os.path.join(Dest_Path, "fullscan.txt") if os.path.exists(FullScanReview): return True return False def checkCCS(): if os.path.exists(os.environ['systemdrive'] + '\Program Files\COMODO\COMODO Internet Security\cmdagent.exe'): return True return False def checkESMAgent(): if os.path.exists(os.environ['systemdrive'] + '\Program Files\COMODO\CesmAgent\AgnService.exe'): return True return False ## detect all installed software through registry key def DNDS(rtkey, pK, kA): ln = [] lv = [] try: oK = _winreg.OpenKey(rtkey, pK, 0, kA) i = 0 while True: try: bkey = _winreg.EnumKey(oK, i) vkey = os.path.join(pK, bkey) oK1 = _winreg.OpenKey(rtkey, vkey, 0, kA) try: tls = [] DN, bla = _winreg.QueryValueEx(oK1, 'DisplayName') DV, bla = _winreg.QueryValueEx(oK1, 'UninstallString') _winreg.CloseKey(oK1) ln.append(DN) lv.append(DV) except: pass i += 1 except: break _winreg.CloseKey(oK) return zip(ln, lv) except: return zip(ln, lv) def GetSoftwareUsingRegistry(): ## detect whether the computer is 32 bit or 64 bit rK = _winreg.HKEY_LOCAL_MACHINE sK = r'SYSTEM\CurrentControlSet\Control\Session Manager\Environment' openedKey = _winreg.OpenKey(rK, sK, 0, _winreg.KEY_READ) arch, bla = _winreg.QueryValueEx(openedKey, 'PROCESSOR_ARCHITECTURE') arch = str(arch) _winreg.CloseKey(openedKey) ## sorting all collected data from all the way, filtered duplicates and listed the final result! if arch == 'AMD64': fList = DNDS(_winreg.HKEY_LOCAL_MACHINE, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_WOW64_32KEY | _winreg.KEY_READ) fList.extend(DNDS(_winreg.HKEY_LOCAL_MACHINE, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_WOW64_64KEY | _winreg.KEY_READ)) fList.extend(DNDS(_winreg.HKEY_CURRENT_USER, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_WOW64_32KEY | _winreg.KEY_READ)) fList.extend(DNDS(_winreg.HKEY_CURRENT_USER, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_WOW64_64KEY | _winreg.KEY_READ)) else: fList = DNDS(_winreg.HKEY_LOCAL_MACHINE, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_READ) fList.extend(DNDS(_winreg.HKEY_CURRENT_USER, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_READ)) fList = set(fList) j = 1 FinalResultAVG = "" for i in sorted(fList): a, b = i try: resultavg = '{:<100}'.format(a.encode('utf-8')) FinalResultAVG = FinalResultAVG + '\n' + resultavg except: FinalResultAVG = FinalResultAVG + '\n' + a j += 1 return FinalResultAVG GetSoftwareUsingRegistryResult = "" if RemoveSophos is "yes" or RemoveVipre is "yes" or RemoveAVG is "yes" or RemoveBitdefenderEndpointSecurityTools is "yes" or RemoveSymantecEndpointProtection is "yes" or RemoveESET is "yes": GetSoftwareUsingRegistryResult = GetSoftwareUsingRegistry() if not os.path.exists(verifyfileexist()): if RemoveWebroot is "yes": path1 = os.environ['systemdrive'] + '\Program Files\Webroot\WRSA.exe' path2 = os.environ['systemdrive'] + '\Program Files (x86)\Webroot\WRSA.exe' if os.path.exists(path1): allowtorun=1 i=1 print ('Webroot SecureAnywhere is present') if os.path.exists(path2): allowtorun=1 i=1 print ('Webroot SecureAnywhere is present') if RemoveESET is "yes": if "ESET Remote" in GetSoftwareUsingRegistryResult or "ESET Endpoint" in GetSoftwareUsingRegistryResult: allowtorun=1 i=1 print ('ESET is present') if RemoveSymantecCloud is "yes": if os.path.isfile(os.environ['systemdrive'] + "\\Program Files\\Symantec.cloud\\PlatformAgent\\Uninstall.exe"): allowtorun=1 i=1 print ('Symantec Cloud is present') if RemoveSymantecEndpointProtection is "yes": if "Symantec Endpoint Protection" in GetSoftwareUsingRegistryResult: allowtorun=1 i=1 print ('Symantec Endpoint Protection is present') if RemoveBitdefenderEndpointSecurityTools is "yes": if "Bitdefender Endpoint Security Tools" in GetSoftwareUsingRegistryResult: allowtorun=1 i=1 print ('Bitdefender Endpoint Security Tools is present') if RemoveAVG is "yes": if "AVG" in GetSoftwareUsingRegistryResult: allowtorun=1 i=1 print ('AVG is present') if RemoveCrowdStrike is "yes": path1 = os.environ['systemdrive'] + '\Program Files\CrowdStrike' path2 = os.environ['systemdrive'] + '\Program Files (x86)\CrowdStrike' if os.path.exists(path1): allowtorun=1 i=1 print ('CrowdStrike is present') if os.path.exists(path2): allowtorun=1 i=1 print ('CrowdStrike is present') if RemoveSophos is "yes": if "Sophos" in GetSoftwareUsingRegistryResult: allowtorun=1 i=1 print ('Sophos is present') if RemoveVipre is "yes": if "VIPRE" in GetSoftwareUsingRegistryResult: allowtorun=1 i=1 print ('Vipre is present') if allowtorun==0: if RemoveESM is "yes": inst2=checkCCS() inst3=checkESMAgent() if inst3: print("ESM is present on the machine, starting uninstall process...") allowtorun=1 i=1 elif inst2: ESMtestccsversion = readCCSVersion() ESMtestccsversion = ESMtestccsversion.replace(".", "") intESMtestccsversion = int(ESMtestccsversion) if intESMtestccsversion < 10406695 : print("ESM is present on the machine, starting uninstall process...") print(ESMtestccsversion) allowtorun=1 i=1 if allowtorun==0: inst2=AVDB() if inst2: print ("\tAntivirus Full Scan cmmmand will run on this endpoint\n") i=1 if allowtorun==0: if InstallCCS is "yes": inst1=checkCCS() if inst1: print ("Comodo Client - Security is installed on the Endpoint\n") if enforceCCS is "yes": if not ("7" in WindowsVersion or "2008 R2" in WindowsVersion or "XP" in WindowsVersion or "2008" in WindowsVersion or "Embedded" in WindowsVersion): testccsversion = readCCSVersion() if testccsversion == CCSVersion: print ("\tComodo Client - Security Enforced Version = " + testccsversion + "\n") else: print ("\tComodo Client - Security Enforced Version is NOT " + CCSVersion + "\n") print ("\tComodo Client - Security Version " + testccsversion + " will be uninstalled\n") i=1 else: print ("Comodo Client - Security is not installed on the Endpoint\n") i=1 if i==1: WriteTimeStampToTheTimeStampFile(datestamp) alert(1) else: alert(0) else: statusdate = datetime.datetime.strptime(readTimeStampStatus(), '%y-%m-%d %H:%M:%S') if datenow < statusdate: alert(0) else: if RemoveWebroot is "yes": path1 = os.environ['systemdrive'] + '\Program Files\Webroot\WRSA.exe' path2 = os.environ['systemdrive'] + '\Program Files (x86)\Webroot\WRSA.exe' if os.path.exists(path1): allowtorun=1 i=1 print ('Webroot SecureAnywhere is present') if os.path.exists(path2): allowtorun=1 i=1 print ('Webroot SecureAnywhere is present') if RemoveESET is "yes": if "ESET Remote" in GetSoftwareUsingRegistryResult or "ESET Endpoint" in GetSoftwareUsingRegistryResult: allowtorun=1 i=1 print ('ESET is present') if RemoveSymantecCloud is "yes": if os.path.isfile(os.environ['systemdrive'] + "\\Program Files\\Symantec.cloud\\PlatformAgent\\Uninstall.exe"): allowtorun=1 i=1 print ('Symantec Cloud is present') if RemoveSymantecEndpointProtection is "yes": if "Symantec Endpoint Protection" in GetSoftwareUsingRegistryResult: allowtorun=1 i=1 print ('Symantec Endpoint Protection is present') if RemoveBitdefenderEndpointSecurityTools is "yes": if "Bitdefender Endpoint Security Tools" in GetSoftwareUsingRegistryResult: allowtorun=1 i=1 print ('Bitdefender Endpoint Security Tools is present') if RemoveAVG is "yes": if "AVG" in GetSoftwareUsingRegistryResult: allowtorun=1 i=1 print ('AVG is present') if RemoveCrowdStrike is "yes": path1 = os.environ['systemdrive'] + '\Program Files\CrowdStrike' path2 = os.environ['systemdrive'] + '\Program Files (x86)\CrowdStrike' if os.path.exists(path1): allowtorun=1 i=1 print ('CrowdStrike is present') if os.path.exists(path2): allowtorun=1 i=1 print ('CrowdStrike is present') if RemoveSophos is "yes": if "Sophos" in GetSoftwareUsingRegistryResult: allowtorun=1 i=1 print ('Sophos is present') if RemoveVipre is "yes": if "VIPRE" in GetSoftwareUsingRegistryResult: allowtorun=1 i=1 print ('Vipre is present') if allowtorun==0: if RemoveESM is "yes": inst2=checkCCS() inst3=checkESMAgent() if inst3: print("ESM is present on the machine, starting uninstall process...") allowtorun=1 i=1 elif inst2: ESMtestccsversion = readCCSVersion() ESMtestccsversion = ESMtestccsversion.replace(".", "") intESMtestccsversion = int(ESMtestccsversion) if intESMtestccsversion < 10406695 : print("ESM is present on the machine, starting uninstall process...") print(ESMtestccsversion) allowtorun=1 i=1 if allowtorun==0: inst2=AVDB() if inst2: print ("\tAntivirus Full Scan cmmmand will run on this endpoint\n") i=1 if allowtorun==0: if InstallCCS is "yes": inst1=checkCCS() if inst1: print ("Comodo Client - Security is installed on the Endpoint\n") if enforceCCS is "yes": if not ("7" in WindowsVersion or "2008 R2" in WindowsVersion or "XP" in WindowsVersion or "2008" in WindowsVersion or "Embedded" in WindowsVersion): testccsversion = readCCSVersion() if testccsversion == CCSVersion: print ("\tComodo Client - Security Enforced Version = " + testccsversion + "\n") else: print ("\tComodo Client - Security Enforced Version is NOT " + CCSVersion + "\n") print ("\tComodo Client - Security Version " + testccsversion + " will be uninstalled\n") i=1 else: print ("Comodo Client - Security is not installed on the Endpoint\n") i=1 if i==1: WriteTimeStampToTheTimeStampFile(datestamp) alert(1) else: alert(0)