Views:
 
You may want to print this solution before continuing because it requires a restart of the computer.
  1. On the computer when the MSA is installed, stop the following services:
    • Trend Micro Messaging Security Agent EUQ Monitor
    • Trend Micro Messaging Security Agent Master Service
    • Trend Micro Messaging Security Agent Remote Configuration Server
    • Trend Micro Messaging Security Agent System Watcher
  2. Remove the ScanMail transport agent from Exchange 2010/2007:
    1. Click Start > All Programs > Microsoft Exchange Server 2010/2007 > Exchange Management Shell.
    2. Type the following commands:

      Uninstall-TransportAgent -Identity "ScanMail SMTP Receive Agent"
      Uninstall-TransportAgent -Identity "ScanMail Routing Agent"

    3. Type "Y". 

    4. Execute this command to make sure that the ScanMail transport agent has been removed:

      get-transportagent

  3. Run the following commands to unregister the COM DLLs from command prompt:

    regsvr32 -u "C:\Program Files\Trend Micro\Messaging Security Agent\hookSMTP.dll"
    regsvr32 -u "C:\Program Files\Trend Micro\Messaging Security Agent\perfSmexPerfMonMgr.dll"

  4. Delete the following registry keys:

    Product installer keys:

    1. Under HKEY_CLASSES_ROOT\Installer\Products, look for Trend Micro Messaging Security Agent” under HKEY_CLASSES_ROOT\Installer\Products.
    2. If there was an instance, note down the product GUID value in HKEY_CLASSES_ROOT\Installer\Products\Product_GUID

      For example:
      If the key value is HKEY_CLASSES_ROOT\Installer\Products\F70EF35BF7A593C43BB129845842F61C
      then the product GUID is F70EF35BF7A593C43BB129845842F61C.

    3. Remove the registry key entry in HKEY_CLASSES_ROOT\Installer\Products\Product_GUID that you found in Step 2.
    4. Search entire registry key for the product GUID (e.g. F70EF35BF7A593C43BB129845842F61C) and remove all of them.

      Product registry keys:
      For 32 bit: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ScanMail for Exchange
      For 64 bit: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Trend Micro\ScanMail for Exchange

      Service registry keys:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ScanMail_Master
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ScanMail_RemoteConfig
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ScanMail_SystemWatcher
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RIFRemoteInstallAgent (This key only exists if installation stopped unexpectedly.)

      Exchange hook registry keys:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\VirusScan
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MSExchangeIS\VirusScan
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSExchangeIS\VirusScan

      Exchange mailbox registry hook keys:
      HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Services\MSExchangeIS\
      <Computer_Name or VS_Name>\<Store_Name>\VirusScanBackgroundScanning
      HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Services\MSExchangeIS\
      <Computer_Name or VS_Name>\<Store_Name>\VirusScanEnabled
      HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Services\MSExchangeIS\
      <Computer_Name or VS_Name>\<Store_Name>\VirusScanProactiveScanning

      Uninstall Entry key
      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\
      SMEX_{PRODUCT_ID} registry key.

  5. Delete the Web Server Configurations:
    1. Launch the Internet Information Services (IIS) Manager console.
    2. Expand Web Sites and then right-click SMEX Web Site.
    3. Select Delete.
  6. For WFBS 9.0, run the following commands to delete the EAS hook from IIS:
    1. For Exchange 2007, execute the command:

      C:\Windows\System32\inetsrv\appcmd.exe list module /module.name:SMSEXActiveSyncHook /app.name:"Default Web Site/Microsoft-Server-ActiveSync"

    2. For Exchange 2010 and 2013, execute the command:

      C:\Windows\System32\inetsrv\appcmd.exe list module /module.name:SMSEXActiveSyncHook /app.name:"Exchange Back End/Microsoft-Server-ActiveSync"

  7. Delete the Trend Micro Messaging Security Agent shortcut from the Start > Programs > Menu.
  8. Go to C:\Program Files\Trend Micro\Messaging Security Agent\ and delete MSA product directory and its components
  9. Remove the MSA from the Security Server:
    1. Open the WFBS Advanced console on the Security Server.
    2. Click the Security Settings tab and then choose the offline Messaging Security Agent from the client management tree.
    3. Click Remove and then choose the Remove the selected inactive agent(s) option.
    4. Click Apply.
  10. Restart the computer.

    During the MSA installation, the Active Directory (AD) security group "SMEX Admin Group" and the user account "SMX_<Server_Name>" are created in the Global Catalog in the server. If you want to remove these, do the following:

     
    If you want to remove the SMEX Admin Group, make sure that it has no other account members.
    1. Click Start > Programs > Administrative Tools > Active Directory Users and Computers.
    2. Right-click SMEX Admin Group and then click Delete.
    3. Right-click SMX_<Server_Name> and then click Delete.

    When the user account is deleted, manually remove the user profile from the server:

    1. On your desktop, right-click the My Computer icon then click Properties.
    2. On the System Properties window, go to the Advanced tab.
    3. Under the User Profiles section, click Settings.
    4. Select SMX_<Server_Name> from the list.
    5. Click Delete.

    For 64-bit OS: If you want to uninstall the SQL Server, click Start > Settings > Control Panel > Add/Remove Programs.

If you need technical assistance, contact Trend Micro Technical Support.

Keywords: uninstall MSA,manual uninstallation messaging security client,manual removal messaging security agent,manual uninstall messaging security agent,msa installation fails,msa upgrade failed,cannot uninstall msa,remove msa components