Windows Agent Uninstall Protection

When Windows Monitoring Agent is uninstalled from a device, either programmatically or by using Add/Remove Programs, the device is no longer monitored and activated features are uninstalled. For example, if there are security features activated on the device (including Managed Antivirus, Endpoint Detection & Response,  Disk Encryption Manager, Backup & Recovery, Patch Management, Web Protection, when the Agent is uninstalled that security protection is removed. Also, if you use Take Control or Remote Background to connect to the device, those are no longer available.

You can use Windows Agent Uninstall Protection to prevent unauthorized uninstalls of the Agent. If you enable Agent Uninstall Protection, an Agent uninstall code is required to uninstall the Agent.

Agent Uninstall Protection is a Dashboard-wide setting that applies to Windows devices running Monitoring Agent v10.11.0 or later.

Earlier Agents do not support Agent Uninstall Protection and will ignore the setting. Agent Uninstall Protection only applies when removing the Agent locally on the endpoint. Dashboard based device removal will continue.

Agent Uninstall Protection process

After you enable uninstall protection, the next time there is an attempt to remove Agent 10.11.0 or later directly from a device, a message is displayed to enter the Agent uninstall code to continue with the Agent uninstall

When the uninstall process begins on the device, the Windows Agent communicates back to the Dashboard to check whether uninstall protection is active. If the device is offline, the Agent cannot determine the uninstall protection status and, as a security precaution, defaults to the uninstall code requirement.

The Agent install code is emailed to designated recipients or it can be retrieved from the Dashboard. When you have the uninstall code, you can remove the Agent from the device by pasting or uploading the key into the Provide Agent uninstall code dialog on the device and continuing with the Agent uninstall.

Do not delete the device from the Dashboard until the Agent is successfully removed from the device (especially when the device cannot communicate with the Dashboard).

If you delete the device from the Dashboard, and the Agent is not uninstalled within the 12-hour time frame of the uninstall code, you cannot generate a new uninstall code because the device is no longer on the Dashboard and the Agent uninstall key is only available from the Dashboard.

Enable Agent Uninstall Protection

  1. Go to Settings > General Settings > Agent Management

  2. Scroll down to Agent Removal Alert

  3. Tick Enable agent uninstall protection.

    To email the uninstall code, enter the recipients in the Email field. The recipients receive the Agent uninstall (verification) code and Agent Removal Alert notifications.

  4. Click OK to save and apply

Retrieve the Agent uninstall code from the Dashboard

You can retrieve the Agent uninstall code from the Dashboard. This enables you to retrieve the Agent uninstall code when the device is offline.

  1. Right-click the target device in the Dashboard North pane (or from the device drop-down)

  2. Go to Delete <device-type> > Delete agent on endpoint

  3. Copy or Download the Agent uninstall code

  4. The Agent uninstall code is device specific and expires after 12 hours.