Solved

Uninstall by end user?

  • 26 June 2013
  • 4 replies
  • 652 views

Userlevel 3
Badge +8
Ok, fiddling a bit with a few installs on the way to rollouts of Webroot Endpoint. What I would like to know is how do I prevent an end user from uninstalling webroot?
 
I just got off an end users machine who uninstalled the other AV bloatware because it slowed his machine down too much. Not an uncommon sentiment, but then I installed webroot on one of my machines and I was able to uninstall it from add/remove programs without a password (the type the above letters verification code was tricky though 🙂 ), and even if I remove the Webroot item from add/remove programs the end user can still go and delete the webroot executable from the program files(x86)webroot directory.
Many of my end users are local admins on their machines, so I need an uninstall password on the app.
 
Is this built in somewhere and I am missing it? Some other way to avoid users doing this? If the executable is deleted does the web console push it back out?
Am I missing something?
 
Thanks,
Wayne 
icon

Best answer by AngelaH 1 July 2013, 08:29

View original

4 replies

Userlevel 5
Nothing beats Local Admin, so if you don't want people to uninstall it then you'll need to remove those Local Admin privileges from them or indicate to them that it should not be removed.
 
Having Users as Local Admins is bad enough as it is, as they are far more vulnerable then when not having those privileges.
 
I know the Web Security Service install has an 'uninstallable' variant, but even that is still uninstallable if you know the right command.
 
In the end there is very little that even the Webroot developers can really do in this scenario. It's like you want to make a bunker out of your house, but you give people the key to the front door.
Userlevel 3
Badge +8
Hi Johan, I completely get the local admin thing, and believe me if I could remove it from them I would in a heartbeat. We are facing 2 issues relate to that - corporate culture - as a small company that is now grown to the point of being a mid sized company nobody really dealt with these types of issues, everyone needed to do what they had to for business, no calling IT support and secondly, many of the end users are using their own machines for work, this stems from many of them previously being contractors. So we need to overcome these 2, the first with education and management buy in, the second with replacing hardware, a cost the company is aware of but can't do right now.
I'm shooting for a second regular user on the machine and an admin user as well. But getting them to log in with regular user when an admin user exists is not a really good solution.
 
Our current AV solution prompts for a password for uninstall that is controlled in the admin console, and even logged in as a domain admin I get prompted for it when uninstalling the AV from the server.
 
Surely this is something that can be added?
 
Wayne
Userlevel 5
We started out with that as well, where all users were local admins, but it at a point it turned into a trouble spot where we'd almost constantly were dealing with issues which people had created themselves, that we just had to put our foot down and pull all local admins. I can see the difficulties with people bringing their own devices. This is the same procedural difficulties that people are running into with BYOD.
 
Unfortunately that's something that each company would have to find out for themselves on how it affects them and how you can guide that into a workable situation.
Userlevel 2
Badge +1
Hi Wayne,
 
You can restrict uninstallation via the methods below:
 
EXE Option:
If you install using the executable and assign the hostname to a 'managed policy' this should prevent the user from uninstalling Webroot SecureAnywhere from the machine even if they are a local administrator. 
 
MSI Option:
If you are using the MSI, you need to include APPNOREMOVE 1 to prevent uninstallation by the user.
 
In ORCA - Add a row to the bottom of the PROPERTY TABLE named ARPNOREMOVE and set the VALUE to “1”.
Commandline - Msiexec /I WSA.msi ARPNOREMOVE=1
 



 
 
 
Hope this helps :)

Thanks,
Angela
 
 

Reply