I am having this problem.
I tried to uninstall Elastic Defend from a computer, but I can't...
These are the things I tried:
uninstall the agent: the agent is uninstalled successfully but the "Elastic Endpoint" service remains active
move the computer to a policy without Elastic Defend, but nothing changes
tried to kill the process as administrator and as system32, but Elastic Endpoint is not uninstalled
I want to completely uninstall Elastic Agent and Elastic Endpoint from my computer. Elastic Agent is uninstalled successfully but there is no way to uninstall Elastic Endpoint.
So... I also tried to reinstall the agent with Elastic Defend policy and I got the error in the image.
I have no idea if this is a solution that will work for everyone.
Status: I tried uninstalling the Elastic Agent with Elastic Defend integration. Elastic Agent was installed but Elastic Endpoint was not.
Update: I re-installed the policy and then did uninstall via powershell. And it worked.
I no longer have Elastic Agent and Elastic Endpoint on my computer
hi @NickFritts yes, I have tamper protection enabled.
Maybe I know what you mean: I know that to uninstall Elastic Endpoint you need the token.
The main problem is that initially I didn't want to uninstall it, I just wanted to disable it by putting the agent in a policy without Elastic Defend. But when I moved the agent to this new policy, the Elastic Endpoint service continued to run.
So I tried to uninstall it, but without success.
So I move again the agent to the old policy, and then I uninstalled everything via powershell with the token.
I hope I was clear, if you want more information I'm at your disposal.
@ArgoAdvisory please note that the Endpoint service also has command line interface, therefore you could just uninstall such stray Endpoint with the uninstall token.
As for the situation, one of the two should hold:
Agent should not allow you to move to policy without Endpoint (Defend) if Tamper Protection is enabled
Agent should remove Endpoint when moving to policy without Endpoint (whether Tamper Protection is enabled or not)
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
