During the uninstallation of Symantec Cloud Workload Protection for Storage on Azure (CWP:S Azure), the event subscriptions created in the environment must be manually removed to complete cleanup.

In order to protect the storage account CWP Storage for Azure creates event subscription for monitoring the blob change event. All configured storage accounts will have an event subscription created with the prefix "eventSubcwpnrtsqueue".  Manual removal is error prone and involves multiple steps. In order to improve overall removal process a script has been created to remove all CWP:S subscriptions from the Azure deployment.

Deleting event subscription across the storage accounts which were selected to be protected can be done with the help of “RemoveEventSubscriptions.ps1” script.  This script takes the  "event subscription name" as an input and deletes all matching events from the given subscription.

To utilize the script perform the following steps:

1. Determine the "Event Name" within the Azure portal under Storage Account’s ‘Event’ section. (note:  Value starts with: eventSubcwpnrtsqueue).
2. Launch Azure cloud shell with Owner’s role into the subscription where events need to be deleted.
3. Upload and launch the “RemoveEventSubscriptions.ps1” script.
4. Provide  the "Event Name" from step one.
5. The script will automatically perform a search on all the storage accounts for the given event name and deletes them from the subscription.