How to manually uninstall an Enforce server


Article ID: 159563


Updated On:


Data Loss Prevention Enforce


You need to manually uninstall the DLP software on an Enforce server because the normal uninstallation failed.



  • At an Administrator command prompt, stop the Vontu services with the following sequence of commands:
  • sc stop vontuupdate
  • sc stop vontuincidentpersister
  • sc stop vontumanager
  • sc stop vontumonitorcontroller
  • sc stop vontunotifier
  • [Single Tier installations only]: sc stop vontumonitor
  • Rename the Vontu directory (this allows custom configuration files such as the encryption keystore to be easily restored).
  • If they exist (primarily on a Single Tier server), delete the following folders from the root of the drive where the Vontu folder was located:
    • \drop
    • \drop_discover
    • \drop_ep
    • \drop_epl
    • \drop_pcap
    • \drop_ttd
    • \classification_spool
    • \icap_spool
    • \packet_spool
  • Delete the local users "protect" and "protect_update".
  • From the Administrator command prompt, delete the Vontu services with the following commands:
  • sc delete vontuupdate
  • sc delete vontuincidentpersister
  • sc delete vontumanager
  • sc delete vontumonitorcontroller
  • sc delete vontunotifier
  • [Single Tier installations only]: sc delete vontumonitor
  • Run the Registry Editor (regedit), and delete the following keys and everything under them:

    • HKEY_LOCAL_MACHINE\SOFTWARE\ej-technologies
    • HKEY_CURRENT_USER\SOFTWARE\ej-technologies

  • Run the DLP uninstaller from Control Panel > Add/Remove Programs (or Programs and Features); select Yes when prompted to delete it from the list.


  • Log on as root and stop the Vontu services with the following commands:
  • service VontuUpdate stop
  • service VontuIncidentPersister stop
  • service VontuManager stop
  • service VontuMonitorController stop
  • service VontuNotifier stop
  • [Single Tier installations only]: service VontuMonitor stop
  • Rename the Vontu directories "/opt/Vontu", "/var/Vontu", and "/var/log/Vontu".
  • Delete the local users with the command "userdel protect && userdel protect_extract".
  • Delete the local groups with the command "groupdel protect && groupdel protect_extract" (these are usually deleted in the previous step).
  • Delete the Vontu services with the following commands:
  • rm -f /etc/rc.d/init.d/VontuUpdate
  • rm -f /etc/rc.d/init.d/VontuIncidentPersister
  • rm -f /etc/rc.d/init.d/VontuManager
  • rm -f /etc/rc.d/init.d/VontuMonitorController
  • rm -f /etc/rc.d/init.d/VontuNotifier
  • [Single Tier installations only]: rm -f /etc/rc.d/init.d/VontuMonitor

For Linux with 15.1 and above 

  1. stop the symantec services 
    1. service stop SymantecDLPManager
    2. service stop SymantecDLPNotifier
    3. service stop SymantecDLPIncidentPersister
    4. service stop SymantecDLPDetectionServerController
  2. create a list of rpms with the following commang "rpm -qa | grep symantec"                                                            
  3. From the above list you can use yum remove or rpm -e to uninstall each package for example see below
    1. "rpm -ev symantec-dlp-server-jre-1-8-0-162-" or
    2. "yum remove "symantec-dlp-server-jre-1-8-0-162-"
  4. Remove any directories left on the filesystem in /opt/Symantec/
  5. Remove the startup scripts if they exist after removing RPMs
    1. rm -f /etc/init.d/SymantecDLPDetectionServerController
    2. rm -f /etc/init.d/SymantecDLPIncidentPersister
    3. rm -f /etc/init.d/SymantecDLPManager
    4. rm -f /etc/init.d/SymantecDLPNotifier


Note - above instructions will also apply to Detection servers, with obvious exceptions for services that are unavailable for removal.