Announcement

Collapse
No announcement yet.

Uninstall Comodo-one client communication(CCC) and comodo one client security(CCS)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Uninstall Comodo-one client communication(CCC) and comodo one client security(CCS)

    You can use below script to uninstall CCC and CCC agents,


    Note: In procedure logs script status will be 'Started' and it will not get 'success' status since we are removing communication client too.



    Code:
    import os;
    import re;
    import ctypes
    
    class disable_file_system_redirection:
        _disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
        _revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
        def __enter__(self):
            self.old_value = ctypes.c_long()
            self.success = self._disable(ctypes.byref(self.old_value))
        def __exit__(self, type, value, traceback):
            if self.success:
                self._revert(self.old_value)
    
    
    k=[];
    
    with disable_file_system_redirection():
        guid=os.popen('powershell.exe "get-wmiobject Win32_Product | Format-Table Name,IdentifyingNumber" |  findstr /i /c:"Comodo One Client - Communication" /c:"COMODO Client - Security" | sort').read();
    print (guid);
    
    k.append(re.findall("{.*",guid));
    j=[];
    for i in k[0]:
       j.append(i);
    
    print j;
    
    ccs=re.findall("COMODO Client - Security",guid); 
    ccc=re.findall("Comodo One Client - Communication",guid);
    
    if (ccs and ccc):
    
        command=r"reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CmdAgent\Mode /v ModeEsm /t REG_DWORD  /d  1  /f";
        with disable_file_system_redirection():
            reg_process=os.popen(command).read();
            print(reg_process);
            ccs_out=os.popen('msiexec.exe /x '+j[0]+' /quiet REBOOT=ReallySuppress REMOVE=ALL CESMCONTEXT=1').read();
            print(ccs_out)
            process=os.popen('msiexec.exe /x '+j[1]+' /q').read();
            print (process); 
       
    elif ccc: 
        with disable_file_system_redirection():
            process=os.popen('msiexec.exe /x '+j[0]+' /q').read();
            print (process);
    
    else:
       print('No installation found');

    Last edited by mkannan; 11-01-2016, 11:50 AM. Reason: Issue fixed

  • #2
    This one doesn't seem to work for me.

    I also tweaked a line to include for other names:

    guid=os.popen('C:\\Windows\\System32\\WindowsPower Shell\\v1.0\\powershell.exe "get-wmiobject Win32_Product | Format-Table Name,IdentifyingNumber" | findstr /i /c:"Comodo One Client - Communication" /c:"COMODO Client - Security" /c:"Comodo Security Solutions" /c:"Comodo One Patch Management Agent" /c:"RMM Administration Console" /c:"RMM Agent Service" /c:"Rmm Agent" | sort').read();

    Comment


    • #3
      mediamoon

      Hello,

      Does the script work for you in the original form?

      Comment


      • #4
        Nah... It only seems to disconnect Comodo ONE Client - Communication and remove the selected computer from ITSM. It doesn't seem to actually remove anything from the client. The applications (Comodo ONE Client - Communication, Comodo One Client - Security) don't seem to get removed from the client computers (Windows).

        Comment


        • #5
          mediamoon

          In ITSM please go to Devices > Device List > select the specific device > go to the Procedure Logs > click on Details. From there please provide us the reason why the procedure did not work.
          In addition, a Service Desk ticket is created that contains additional information to the one that you see in ITSM. We should be able to figure out what happened from the ticket details.

          Looking forward to your reply.

          Comment


          • #6
            Excellent! I'll take a look.

            Comment


            • #7
              I just tried to check the procedure log after running the procedure "Uninstall Comodo Clients (Warning!)", but unfortunately I get a 404 error when trying to access the device's procedure log. This is probably because the device has been removed from ITSM.

              Although the device is removed from ITSM, I still see the Comodo clients (Comodo One Client - Communication, Comodo One Patch Management Agent, COMODO Client - Security, RMM Agent Service) installed on the device that were (in theory) supposed to have been removed. Also, when the procedure was run, I did notice that the "Comodo One Client - Communication" icon in the Systray disappeared.

              I also checked for corresponding tickets for the procedure run in Service Desk, but I couldn't find any.

              Hopefully this helps a wee bit.

              Comment


              • #8
                Hello mediamoon ,

                I have forwarded the information you provided to the appropriate staff for further investigation. We will reach back to you with updates as soon as possible.

                Comment


                • #9
                  Great! Thank you!

                  Comment


                  • #10
                    Hello mediamoon ,

                    Please run the below script and let us know if it worked (please keep in mind that the script must run as system user and not as logged in user(s)). Please let us know if the script works.

                    HTML Code:
                    import os;
                    import re;
                    import ctypes
                    
                    class disable_file_system_redirection:
                        _disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
                        _revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
                        def __enter__(self):
                            self.old_value = ctypes.c_long()
                            self.success = self._disable(ctypes.byref(self.old_value))
                        def __exit__(self, type, value, traceback):
                            if self.success:
                                self._revert(self.old_value)
                    
                    
                    k=[];
                    
                    with disable_file_system_redirection():
                        guid=os.popen('powershell.exe "get-wmiobject Win32_Product | Format-Table Name,IdentifyingNumber" |  findstr /i /c:"Comodo One Client - Communication" /c:"COMODO Client - Security" | sort').read();
                    print (guid);
                    
                    k.append(re.findall("{.*",guid));
                    j=[];
                    for i in k[0]:
                       j.append(i);
                    
                    print j;
                    
                    ccc=re.findall("COMODO Client - Security",guid); 
                    
                    if ccc: 
                        command=r"reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CmdAgent\Mode /v ModeEsm /t REG_DWORD  /d  1  /f";
                        with disable_file_system_redirection():
                            process=os.popen(command).read();
                            print(process);
                        
                    
                    with disable_file_system_redirection():
                        for i in reversed(j):
                            process=os.popen('msiexec.exe /x '+i+' /quiet REBOOT=ReallySuppress REMOVE=ALL').read();
                            print (process);

                    Comment


                    • #11
                      Thank you for the assistance! Does the endpoint have to be rebooted in order for the change to take place?

                      I tried running the procedure (imported it and all), but it doesn't seem to do anything. I do see the little circle in the center of the "Comodo ONE Client - Communication" logo in the systray disappear for a bit, which seems like it's processing the command. However, everything is still as it was before: CCC and CCS are still installed and running. Also, the endpoint is still listed in ITSM.

                      That being said, I did check the procedure log details for the procedure run and this is what it showed:
                      2016/10/26 12:42:19 PM FINISHED_SUCCESS COMODO Client - Security

                      Thank you again in advance for your assistance!

                      Comment


                      • #12
                        Hello mediamoon ,

                        CCS will require a reboot in order for the program to be completely removed. We will continue our investigation on this and provide you a better script.

                        We appreciate your patience and understanding in this matter.

                        Comment


                        • #13
                          Thank you again for your assistance, Nick! I'll keep an eye out for it.

                          Comment


                          • #14
                            Hello all,

                            Please use below updated script to uninstall COCC and CCS.

                            Code:
                            import os;
                            import re;
                            import ctypes
                            
                            class disable_file_system_redirection:
                                _disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
                                _revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
                                def __enter__(self):
                                    self.old_value = ctypes.c_long()
                                    self.success = self._disable(ctypes.byref(self.old_value))
                                def __exit__(self, type, value, traceback):
                                    if self.success:
                                        self._revert(self.old_value)
                            
                            
                            k=[];
                            
                            with disable_file_system_redirection():
                                guid=os.popen('powershell.exe "get-wmiobject Win32_Product | Format-Table Name,IdentifyingNumber" |  findstr /i /c:"Comodo One Client - Communication" /c:"COMODO Client - Security" | sort').read();
                            print (guid);
                            
                            k.append(re.findall("{.*",guid));
                            j=[];
                            for i in k[0]:
                               j.append(i);
                            
                            print j;
                            
                            ccs=re.findall("COMODO Client - Security",guid); 
                            ccc=re.findall("Comodo One Client - Communication",guid);
                            
                            if (ccs and ccc):
                            
                                command=r"reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CmdAgent\Mode /v ModeEsm /t REG_DWORD  /d  1  /f";
                                with disable_file_system_redirection():
                                    reg_process=os.popen(command).read();
                                    print(reg_process);
                                    ccs_out=os.popen('msiexec.exe /x '+j[0]+' /quiet REBOOT=ReallySuppress REMOVE=ALL CESMCONTEXT=1').read();
                                    print(ccs_out)
                                    process=os.popen('msiexec.exe /x '+j[1]+' /q').read();
                                    print (process); 
                               
                            elif ccc: 
                                with disable_file_system_redirection():
                                    process=os.popen('msiexec.exe /x '+j[0]+' /q').read();
                                    print (process);
                            
                            else:
                               print('No installation found');





                            Attached Files

                            Comment


                            • #15
                              Hmmmm... Unfortunately, this last one doesn't appear to be working either. I just tried running it as the System user and then rebooted the endpoint afterward. CCC is still installed and connected to ITSM (the endpoint is also still showing in ITSM).

                              Comment

                              Working...
                              X