Methods To Uninstall The App Control Agent
search cancel

Methods To Uninstall The App Control Agent

book

Article ID: 286794

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Methods to uninstall the App Control Agent

Environment

  • App Control Agent: All Supported Versions
  • Microsoft Windows: All Supported Versions
  • macOS: All Supported Versions
  • Linux: All Supported Versions

Resolution

  • Windows

    Method 1: Uninstall Via Disabled Mode / Add Remove Programs

    1. Log in to the Console > Assets > Computers: locate the Agent and move it to a Policy with the Control Mode set to Disabled.
    2. On the endpoint use Programs and Features (Add/Remove Programs) to uninstall the Carbon Black App Control Agent.
    3. Once uninstalled, in the Console > Assets > Computers: check the box next to the Agent > Action > Delete Computer.

    Method 2: Uninstall via CMD or Script

    1. Determine the product GUID
    2. Issue the commands manually via an administrative command prompt or via script:
      cd "C:\Program Files (x86)\Bit9\Parity Agent"
      dascli password InsertCLIPasswordHere
      dascli tamperprotect 0
      dascli allowuninstall 1
      msiexec.exe /x {EnterGUIDHere} FORCE=1 /L*v "%userprofile%\Desktop\AgentUninstall.log"

    Method 3: Uninstall Via Safe Mode

    1. Boot the machine into Safe Mode.
    2. Open an administrative command prompt and issue the following commands:
      sc config parity start= disabled
      sc config paritydriver start= disabled
      
      Note: These commands must be issued exactly as shown.
    3. Reboot to Normal Mode.
    4. Determine the product GUID
    5. Open an administrative command prompt and issue the command:
      msiexec.exe /x {EnterGUIDHere} /qn FORCE=1 /L*v "%userprofile%\Desktop\AgentUninstall.log"

    Method 4: Uninstall Using the Agent Uninstall Utility

    Note:

    • The Agent Uninstall Tool should be considered a "Last resort" tool when all other methods have failed.
    • The latest Agent Uninstall Tool version is 1.0.0.33. Do not use any other version of the tool.
    1. Open a Support case and provide info and/or logs from any failed Agent uninstall attempt to confirm the utility is needed.
    2. Save the utility to a directory outside the Agent directory (e.g. C:\Temp)
    3. Open an administrative command prompt and issue the command:
      AgentUninstallUtility -password InsertCLIPasswordHere -logfile "%userprofile%\Desktop\Uninstall.log" -uninstall
    4. System reboot is not needed unless there were errors removing the agent's files and registry keys (check the uninstall log)
    5. If there were errors and some of the agent's files or keys were not removed during the first run, reboot the System and run the tool again
    • To run the Agent Uninstall Tool in Test Mode (without actual uninstall), remove the "-uninstall" option from the command
    • The "-uninstall" flag is case sensitive, if there is a typo the tool will run in test mode
    • To identify the tool is running in test mode the keyword :"TEST" will be included at the beginning of every line in the log generated
    • The Global password is not required for test mode

    macOS

    Method 1: Uninstall Via Disabled Mode / Terminal

    1. Login to the Console and navigate to Assets > Computers to move the Agent into a Policy that has the Control Mode set to Disabled.
    2. Login to the endpoint with an administrator account that can run sudo and from a Terminal Window issue the command:
    sudo /Applications/Bit9/uninstall.sh
    1. From the Console, delete the Computer from the Assets > Computers page.

    Method 2: Uninstall Via CLI Password / Terminal

    1. Open terminal and issue the commands:
      cd /Applications/Bit9/tools
      ./b9cli --password InsertCLIPasswordHere
      ./b9cli --tamperprotect 0
      ./b9cli --shutdown
      sudo /Applications/Bit9/uninstall.sh

    Method 3: Uninstall Via Safe Mode

    1. Boot the endpoint into Safe Mode.
    2. Login to the endpoint with an administrator account that can run sudo and from a Terminal Window issue the command:
      sudo /Applications/Bit9/uninstall.sh
    3. Reboot the endpoint and verify the Agent has been successfully removed.

    Method 4: Uninstall Via Recovery Mode (If Kernel Panic)

    1. Boot into Recovery Mode
    2. Open Disk Utility, and mount the Macintosh HD
    3. Close Disk Utility and in the top bar select Utilities > Terminal
    4. Run commands:
      cd /Volumes/Macintosh HD/Library/Extensions 
      rm -rf b9kernel.kext
      
    5. Reboot and login normally
    6. Follow the steps in Method 2 above.

    Linux

    Method 1: Uninstall Via Disabled Mode /Terminal 

    1. Login to the Console and navigate to Assets > Computers to move the Agent into a Policy that has the Control Mode set to Disabled.
    2. Login to the endpoint with an administrator account that can run sudo and from a Terminal Window issue the command:
      cd /opt/bit9/bin
      sudo sh ./b9uninstall.sh

    Method 2: Uninstall Via CLI Password / Terminal

    1. Open terminal and issue the commands:
      cd /opt/bit9/bin
      ./b9cli --password InsertCLIPasswordHere
      ./b9cli --tamperprotect 0
      ./b9cli --allowuninstall 1
      sudo sh ./b9uninstall

    Method 3: Uninstall Via Rescue Mode

    1. Boot machine into Rescue Mode
    2. Navigate to directory: /opt/bit9/bin
    3. Open terminal and issue the command:
      sudo sh ./b9uninstall.sh

    Method 4: Uninstall When Install is Corrupt / b9uninstall.sh Is Missing

    1. Login with an admin account
    2. Open terminal and issue the command:
      yum --setopt=tsflags=noscripts remove b9agent 
      yum --setopt=tsflags=noscripts remove b9notifier

    All Platforms:

    Uninstall Via the App Control Console

    Warning:

    • Improper configuration could create a situation that would require all Agents in the environment to be reinstalled.
    • Linux and macOS Agents do not support per-Policy Agent Configs.
    • Do not create this Agent Config for macOS or Linux Agents unless full, immediate, automatic removal of those Platforms is desired.
    • Proceed with extreme caution.
    1. Log in to the Console and navigate to Rules > Policies.
    2. Click Add Policy and use the following details:
      • Name: Automatic Uninstall (or something memorable)
      • Description: Automatically, and immediately, uninstalls any Agents added to this Policy.
      • Mode: Control
      • Automatic Policy Assignment: Unchecked
    3. Click Save & Exit.
    4. Navigate to https://ServerAddress/agent_config.php
    5. Click Add Agent Config and use the following details:
      • REMINDER! Limit this Agent Config to a single, specific, Policy on the Windows Platform
      • Name: Immediate Agent Uninstall (or something memorable)
      • Host ID: 0
      • Value: allow_uninstall=2
      • Platform: Windows
      • Status: Enabled
      • Create For: Selected policies > Policy created in Step 2 (Automatic Uninstall)
    6. Click Save & Exit.
    7. When a connected Agent is successfully moved to the new Policy (Automatic Uninstall) from Assets > Computers it will now be automatically, immediately, uninstalled.

Additional Information