AppName=r'Symantec Endpoint Protection' import os,ctypes,re,_winreg,time,platform,shutil class disable_file_system_redirection: _disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection _revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection def __enter__(self): self.old_value = ctypes.c_long() self.success = self._disable(ctypes.byref(self.old_value)) def __exit__(self, type, value, traceback): if self.success: self._revert(self.old_value) def checkapp(): import _winreg import os def DNDS(rtkey, pK, kA): ln = [] lv = [] try: oK = _winreg.OpenKey(rtkey, pK, 0, kA) i = 0 while True: try: bkey = _winreg.EnumKey(oK, i) vkey = os.path.join(pK, bkey) oK1 = _winreg.OpenKey(rtkey, vkey, 0, kA) try: tls = [] DN, bla = _winreg.QueryValueEx(oK1, 'DisplayName') DV, bla = _winreg.QueryValueEx(oK1, 'DisplayVersion') _winreg.CloseKey(oK1) ln.append(DN) lv.append(DV) except: pass i += 1 except: break _winreg.CloseKey(oK) return zip(ln, lv) except: return zip(ln, lv) rK = _winreg.HKEY_LOCAL_MACHINE sK = r'SYSTEM\CurrentControlSet\Control\Session Manager\Environment' openedKey = _winreg.OpenKey(rK, sK, 0, _winreg.KEY_READ) arch, bla = _winreg.QueryValueEx(openedKey, 'PROCESSOR_ARCHITECTURE') arch = str(arch) _winreg.CloseKey(openedKey) if arch == 'AMD64': fList = DNDS(_winreg.HKEY_LOCAL_MACHINE, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_WOW64_32KEY | _winreg.KEY_READ) fList.extend(DNDS(_winreg.HKEY_LOCAL_MACHINE, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_WOW64_64KEY | _winreg.KEY_READ)) fList.extend(DNDS(_winreg.HKEY_CURRENT_USER, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_WOW64_32KEY | _winreg.KEY_READ)) fList.extend(DNDS(_winreg.HKEY_CURRENT_USER, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_WOW64_64KEY | _winreg.KEY_READ)) else: fList = DNDS(_winreg.HKEY_LOCAL_MACHINE, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_READ) fList.extend(DNDS(_winreg.HKEY_CURRENT_USER, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_READ)) fList = set(fList) lr = [] rs = 0 for i in fList: a, b = i if AppName.lower() in a.lower(): lr.append('success: {} is installed'.format(a)) lr.append('{:<25}{:5}'.format(a, b)) rs += 1 else: rs += 0 if rs: return True return False def reg(): blacklist=AppName def collectprograms(rtkey,pK,kA): try: list=[] oK=_winreg.OpenKey(rtkey,pK,0,kA) i=0 while True: try: bkey=_winreg.EnumKey(oK,i) vkey=os.path.join(pK,bkey) oK1=_winreg.OpenKey(rtkey,vkey,0,kA) try: DN,bla=_winreg.QueryValueEx(oK1,'DisplayName') inlist=[DN.strip(), vkey, pK] list.append(inlist) except: pass i+=1 except: break except: pass return list uninstallkey_32='SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall' if 'PROGRAMFILES(X86)' in os.environ.keys(): rklist=[(_winreg.HKEY_LOCAL_MACHINE,uninstallkey_32,_winreg.KEY_WOW64_32KEY | _winreg.KEY_READ), (_winreg.HKEY_LOCAL_MACHINE,uninstallkey_32,_winreg.KEY_WOW64_64KEY | _winreg.KEY_READ), (_winreg.HKEY_CURRENT_USER,uninstallkey_32,_winreg.KEY_WOW64_32KEY | _winreg.KEY_READ), (_winreg.HKEY_CURRENT_USER,uninstallkey_32,_winreg.KEY_WOW64_64KEY | _winreg.KEY_READ)] else: rklist=[(_winreg.HKEY_LOCAL_MACHINE,uninstallkey_32,_winreg.KEY_READ), (_winreg.HKEY_CURRENT_USER,uninstallkey_32,_winreg.KEY_READ)] bet=[] for i in rklist: col=collectprograms(i[0], i[1], i[2]) for c in col: if blacklist in c: bet.append(c[1]) if not bet: print "Please blacklist Valid Installed Software" else: for i in bet: j=i.replace(" ", '" "') v='\\' path="HKEY_LOCAL_MACHINE"+v+i path1="HKEY_LOCAL_MACHINE"+v+j got=path1 return got def event(): k=os.popen('''wevtutil qe Application /rd:true /c:1 /f:text /q:"*[System[(EventID=11724) and Provider[@Name='MsiInstaller']]]" |findstr /i "Symantec"''').read().strip().split('\n') k=filter(None, k) if len(k)!=0: print "\t\t*)",' '.join(k) def event2(): k1=os.popen('''wevtutil qe Application /rd:true /c:1 /f:text /q:"*[System[(EventID=11725) and Provider[@Name='MsiInstaller']]]" |findstr /i "Symantec"''').read().strip().split('\n') k1=filter(None, k1) if len(k1)!=0: print "\t\t*)",' '.join(k1) def Uninstall_SEP(): with disable_file_system_redirection(): fin=reg() fina=fin.split('\\')[-1] guid=re.findall('{.*}',fina)[0] if guid: us='MsiExec.exe /X '+guid+' /quiet REBOOT=ReallySuppress REMOVE=ALL' out=os.popen(us).read() time.sleep(5) inst1=checkapp() if inst1: event2() else: event() else: print "GUID reporting Error" print "%s Uninsalltion Script: \n"%(AppName) inst1=checkapp() if inst1: print "\t*)%s is installed at the Endpoint\n"%(AppName) print "\t*)Uninstallation of %s Started:\n"%(AppName) Uninstall_SEP() else: print "\t*)%s is not installed at the Endpoint\n"%(AppName)