Anti-Virus Annulment

Spear those dead, useless registry keys and values with Reg.exe after a Norton Antivirus failure.

Bill: Occasionally, Norton Antivirus will get corrupted and we have to uninstall it. It usually fails to uninstall, so we have to spend 30-40 minutes (per computer) running through the registry searching and deleting entries, per Symantec Doc ID 2002081213583048.

Can we script this procedure somehow? If so, how hard would it be?

Mike: The Symantec document you refer to specifies the Registry keys that must be deleted to remove the Norton Antivirus entries. Armed with this detailed information, automating the changes is not too difficult.

In the Windows 2000 Support Tools is a command-line utility, Reg.exe, that simplifies adding, changing, or removing keys and values from the Registry of a local or remote machine as long as you have sufficient admin privileges. (Windows XP and Windows Server 2003 include Reg.exe in the standard OS installation.)

Get Help from Bill

Got a Windows or Exchange question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to Bill at mailto:[email protected]; the best questions get answered in this column.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message but submit the requested information for verification purposes.)

The syntax for using Reg to remove one of the keys in the Symantec document is:

reg delete hklm\System\

The /f switch forces the deletion to proceed without a yes/no prompt; all subkeys and values are deleted as well.

If you want to perform this operation across the network, all you need to do is preface the key name with the UNC name of the desktop:

reg delete \\xp-pro1\hklm\
Services\NAVENG /f

You can create a batch file with a series of Reg commands to clean out all the Registry entries in the Symantec document. Replace the computer name with a %1 placeholder in each Reg entry so you can specify the target machine on the command line of the batch file:

reg delete \\%1\hklm\System\CurrentControlSet\Services\

If you're not fortunate enough to have a document that lists the Registry entries, you can use a tool call Regmon from Sysinternal ( to identify the Registry entries added during installation and initial configuration. Using Regmon effectively takes a little practice; it gives you more information than you need unless you set the filters correctly.

About the Author

Contributing Editor Bill Boswell, MCSE, is the principal of Bill Boswell Consulting, Inc. He's the author of Inside Windows Server 2003 and Learning Exchange Server 2003 both from Addison Wesley. Bill is also Redmond magazine's "Windows Insider" columnist and a speaker at MCP Magazine's TechMentor Conferences.


  • How To Use .CSV Files with PowerShell, Part 1

    When it comes to bulk administration, few things are handier than .CSV files. In this two-part series, Brien demos his top techniques for working with .CSV files in PowerShell. First up: How to create a .CSV file.

  • SameSite Cookie Changes Rolled Back Until Summer

    The Chromium Project announced on Friday that it's delaying enforcement of SameSite cookie changes, and is temporarily rolling back those changes, because of the COVID-19 turmoil.

  • Basic Authentication Extended to 2H 2021 for Exchange Online Users

    Microsoft is now planning to disable Basic Authentication use with its Exchange Online service sometime in the "second half of 2021," according to a Friday announcement.

  • Microsoft Offers Endpoint Configuration Manager Advice for Keeping Remote Clients Patched

    Microsoft this week offered advice for organizations using Microsoft Endpoint Configuration Manager with remote Windows systems that need to get patched, and it also announced Update 2002.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.