Reputation: 3470
antivirus NDIS filter removal
On our 1200 windows clients we are using KES 10 antivirus.
By error on some desktop workstation we installed the firewall component "klim6".
We need a silent uninstall. Not found within Kaspersky tools.
Which is the working and proper way ?
- RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultUninstall 132 KES10.inf
- NETCFG.EXE -v -u KLIM6
- devcon.exe remove =net *klim6*
We need also the explanation of the different behaviour of these tools.
UPDATE : info from the INF file :
; KLIM6.INF -- NDIS Usermode I/O Driver
[version]
Class = NetService
DriverPackageType=Network
[Manufacturer]
%Klft%=KLFT,NTx86,NTia64,NTamd64
Upvotes: 0
Views: 1557
Answers (2)
Reputation: 145
I also had to remove kaspersky NDIS filter (for different reasons). The proper way to do this is with netcfg.exe
You need to disabled the Kaspersky's Self-Defense mechanism and exit the product. You can then uninstall it with this command:
C:\Windows\System32\netcfg.exe /v /u kl_klim6
Unfortunatly, I couldn't find an easy way to uninstall the filter in Windows XP but one method is provided Here
Upvotes: 0
Reputation: 3026
As you've noted, there are a variety of tools to work with .INF files. The reason is that there are different flavors of .INF, used for different purposes.
I don't know if there's any official terminology, but here's the terminology that I use:
- DefaultInstall-style INFs. Use "rundll32.exe SetupApi.dll,InstallHinfSection" to work with these. You can identify this style of INF because they have "[DefaultInstall]" in them.
- PNP-style INFs. Use pnputil.exe (built-in, so more convenient) or devcon.exe (more powerful) to work with these. You can identify PNP-style INFs because they have a "[Manufacturer]" section, and they are not NetCfg-style INFs.
- NetCfg-style INFs. Use NetCfg.exe to work with these. You can identify NetCfg-style INFs by the line
Class=NETTRANSorClass=NETSERVICEorClass=NETCLIENT. Only those 3 classes are NetCfg-style INFs -- in particular,Class=NETis not a NetCfg-style INF; it is a PNP-style INF.
There are other types of INFs used for Windows Drivers, e.g., storage minifilter-style, or upper/lower-filter style INFs. And other people use INFs for things that have nothing to do with Windows Drivers... so it's a confusing area.
That being said, it's often a mistake to attempt to manually remove a driver. Usually an application's installer will install many 100's of things, only one of which is the driver. If you delete only the driver from an application, you could easily leave dangling bits that damage the system in obvious or subtle ways.
If you really want to do this anyway, you should check the INF file. If it says Class=NET, then use devcon.exe. If it says Class=NETSERVICE, you should use NetCfg.exe.
Upvotes: 2
Related Questions
- Missing packets (Windows NDIS Driver Filter)
- Loading a Windows Driver Class other than NetService to act as an NDIS Filter
- NdisFSendNetBufferLists causes BSoD when the adapter is being disabled
- ndis5.0 driver and Disable driver signature enfrcement
- Installing the filter driver programmatically?
- programmatically installing NDIS filter driver
- Why NdisFRegisterFilterDriver failed with NDIS_STATUS_FAILURE under Windows 8?
- NDIS filter driver's FilterAttach routine isn't called under Windows 8
- NDIS filter driver' FilterReceiveNetBufferLists handler isn't called
- NDIS 5/6 intermediate filter driver