Windows Agent Uninstall Protection

The unauthorized uninstall of the Windows Monitoring Agent on the device, either programmatically or by a user through “Add/Remove Programs”, not only removes the computer from monitoring but also triggers the uninstall of any activated features. If the feature is from our security suite (including Managed Antivirus, Endpoint Detection & Response,  Disk Encryption Manager, Backup & Recovery, Patch Management, Web Protection), this will remove that protection. Where you use Take Control or Remote Background to connect to the device, they will no longer be available.

To prevent unauthorized removals, and ensure the device's continued protection, we have introduced uninstall protection for Windows devices. This security enhancement locks down local Agent uninstalls by requiring an uninstall code to authorize removal. The code is available on the Dashboard and can also be emailed to designated recipients, so only qualified technicians can perform the uninstall. This step not only ensures device monitoring and protection continuity but also reduces the overhead of Agent reinstalls and configuration.

Uninstall protection for Windows devices is a Dashboard wide setting that applies to devices running Monitoring Agent v10.11.10 or later, earlier Agents do not support this functionality and will ignore the setting. Uninstall protection only applies when removing the Agent locally on the endpoint, Dashboard based device removal will continue to.

When the uninstall process begins on the device, the Windows Agent communicates back to the Dashboard to check whether uninstall protection is active. Where the device is offline, the Agent cannot determine the uninstall protection status and as a security precaution will default to the uninstall code requirement.

Activate Windows Agent Uninstall Protection

  1. Go to Settings > General Settings > Agent Management

  2. Scroll down to Agent Removal Alert

  3. Tick Enable agent uninstall protection.

    To send the uninstall code vie email, enter the recipients in the Email field. The recipients will receive both the uninstall (verification) code and "Agent Removal Alert" notifications.

  4. Click OK to save and apply

Retrieve the Agent uninstall code from the Dashboard

The Agent uninstall key is available from the Dashboard. This allows the technician to retrieve the uninstall key to remove the Agent even when the device is offline.

  1. Right click on the target device in the Dashboard north pane (or from the device drop-down)

  2. Go to Delete <device-type> > Delete agent on endpoint

  3. Choose to Copy or Download the verification code to uninstall the Agent from the Device

The uninstall code is device specific and expires after 12 hours.

Agent uninstall process

After activating uninstall protection, the next time there is an attempt to remove Agent 10.11.0 or later directly on the device a "Provide agent uninstall code" message is displayed prompting the user to enter a verification code to continue with the Agent uninstall.

Once the technician has acquired the uninstall code, they can proceed to remove the Agent from the device by pasting or uploading the key into the "Provide Agent uninstall code" dialog on the device and continuing with the Agent uninstall.