I wonder if I can rebuild these actions into a script to use it to uninstall this antivirus, to run it on every machine remotely. Lately, I was learning some reverse-engineering tools, and I found some handy tools that will help me with various tasks, so I decided to use some of them in this scenario.įirst, I used "Procmon" to capture the uninstallation process of this software, then I exported the logs and loaded them into "ProcDOT" which is a great tool to read Procmon log files, and visualize any process you select into a beautiful graph, to track all the actions that have been done for that process (Which in this scenario will be the uninstall.exe file). I'm working remotely with a big company, which has "360 Total Security" installed on 100+ devices, and I'm supporting them remotely to install an alternative that suits their business, but the problem is that "360 Total Security" doesn't have a silent uninstallation string and the registry value for UninstallString is "C:\Program Files (x86)\360\Total Security\Uninstall.exe". I have a scenario that is quite interesting for every sysadmin/security engineer.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |