These directions will create a printer in Windows that will receive print jobs and then automatically delete them. This is probably only going to be useful for one in a million situations but I thought it was an interesting exercise none the less. If anyone does find this useful, I'd be interested to hear about it.

The reason I did this was because a program was hard coded that when you press the print icon, it would print. Then it would ask you if you wanted to print and select a which printer to print to. It would cause pages to be printed twice, and no matter where you wanted to print, they would go to your default. So I changed the default to just dump them using the Windows NUL function which works the same as /dev/null in Linux.

1. Open up your printers and go to "Add Printer"
2. Add it as a local printer and uncheck "Automatically Detect"
3. Click on "Create a new port:"
4. Choose "Local Port"
5. The port name is "nul" (yes one "l")
6. Name the printer Printer of Death (or whatever you want)

Test it by printing something out. A better test to believe that "nul" works is to run this from command line:

echo this is a test > nul

Normally this would print out to a file named "nul" if the concept of nul didn't work

Standard story, I had a user today with Symantec Endpoint Protection and it was causing her CPU to redline. SEP said everything was fine so I thought I'd just save some time and uninstall and re-install like a good Sys-admin would do. Most people know that with Symantec's more corporate products they require that you put in a password in order to uninstall the application. This is a simple protection from an attacker manually removing the antivirus. I didn't realize until today just how simple that was.

I did some looking for the password and asked a few people and I tried to look up what the default password was because knowing this client, that's what it would be. No luck. Then I discovered something, I was watching the processes in the task manager and saw that when I went to uninstall SEP, msiexec ran as I expected but right as the password prompt came up, another instance of msiexec appeared. What are the odds that I just end that process and I'm allowed to get through? Very good.

So then I looked online about this and of course I'm not the first person to find this out. If you can end the process msiexec.exe that is being run as the current user (not system), then the password prompt will disapper and uninstallation will continue. There is a protection built into SEP and other Symantec products that blocks access to the task manager while the password prompt is showing. That's why my favorite windows tool Process Explorer comes in handy. So here's the steps:

1. Download Process Explorer from Microsoft or Sysinternals
2. Uninstall the symantec product of your choice
3. wait for the password prompt to appear
4. run Process Explorer and find msiexec.exe that is being run as the current user (not the system)
5. end that process and continue with the uninstallation

I know this really isn't a revelation to most people but I had never done it before and it goes right along with some of my anti-anti-virus research I'm doing.

External Links

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx - Process Explorer download
https://forums.symantec.com/syment/board/message?board.id=endpoint_protection11&message.id=4852 – link to a forum that has other suggestion to resetting the password like “calling support”