How to stop Elastic Endpoint


I am testing elastic Endpoint, I have installed it in a windows server machine, and when I try to install a malware in my machine it blocks it as expected so it works perfectly, The only problem is that I am not receiving anything in my SIEM.

I would like to uninstall it or stop it to install it again with a new enroll but even as an admin I coudln't stop it.

Could you tell me please how can I do in this case ?
Thanks for your help

Hi @TheHunter1. If you change your Agent to a policy without the Endpoint Security integration, Agent should uninstall Endpoint.

If Agent is no longer running on the machine, you can uninstall the Elastic Endpoint by running the following command as an Administrator. In the future we may add the ability for administrators to make local uninstallation more difficult.

"%PROGRAMFILES%\Elastic\Endpoint\elastic-endpoint.exe" uninstall

Thanks a lot @gabriel.landau, I could uninstall it using the command that you gave me and install it again and now it's working perfectly.

Yes It would be better for example to be able to add a password to the endpoint, and can't stop it even when we are admin unless if we have the password or something like that

Thanks for your great work :slight_smile:

The only problem is that using firefox browser I can see the number of events sent by the Endpoint, and using chrome I can't see that !

As you can see in these pics:


Google Chrome

NB: I am testing the trial version of 8.0.0 (source)

Testing locally I don't see any difference between browsers. They're not doing anything odd/different from each other. They both send an aggregation that has counts for everything and returns the hits so it would be odd that one browser would skip those numbers vs. another browser. There's nothing browser specific.

I am testing the trial version of 8.0.0 (source)

What does this mean?

Also (just thought of this btw), for each browser check your data sources button as they might have changed between browsers which would show this oddness between the two:

Make sure that's the same between the two browsers.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.