Hard-Removing Elastic Endpoint

nemhods · May 26, 2021, 5:41pm

Hey,

after an upgrade to 7.13 and the auto-removal of Kibana-builtin Fleet, i'm now cleaning up in order to re-install Elastic Agents.

On Windows Hosts, I'm not able to remove Elastic Endpoint.

Unenrolling the agent from Fleet didn't work
I tried elastic-agent uninstall, which removed the Agent but left the Elastic Endpoint (even after restart)
There is no stopping the service. It always says "Access Denied". I tried as BUILTIN\Administrator, and even as NTAUTHORITY\SYSTEM. You can't even alter the service's security descriptor using sc.exe and NTAUTHORITY\System.

I mean, congratulations on the tamper protection but how do I get back control over my system now and properly remove Elastic Endpoint?

nemhods · May 26, 2021, 7:27pm

I was pointed to:

It works.

cd %TEMP%
copy "c:\Program Files\Elastic\Endpoint\elastic-endpoint.exe" elastic-endpoint.exe
.\elastic-endpoint.exe uninstall
del .\elastic-endpoint.exe

system · June 23, 2021, 7:27pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Impossible to uninstall Elastic Endpoint Elastic Agent elastic-stack-security	22	1751	June 5, 2024
Endpoint Offline forced uninstall, can't uninstall completely Endpoint Security fleet	10	992	June 28, 2023
I need clear instruction to remove endpoint as it destruc my system Endpoint Security	3	2349	January 1, 2022
Can't uninstall Elastic Endpoint on macOS Endpoint Security	10	2753	June 25, 2021
Deleting Agent Permanently from Cosnole Kibana	2	96	March 27, 2024

Hard-Removing Elastic Endpoint

Related topics