CWatch EDR - Remote uninstall not working

Trying to uninstall EDR from remote computer remotely COMODO cWatch EDR Agent COMODO 1.1.262.2. On the end-user computer the are prompted are you sure you want to uninstall and then prompts for Admin password. No password is required to install the software.

Need to remotely uninstall this software from my computers without having to connect to each computer.

The software was pushed from Comodo portal, should be able to uninstall from Comodo portal. If a Special script is required then that script should be provided.

@thearcatlantic ,

You can utilize this procedure for removing EDR agent that was installed on the endpoints.

Script failed. Ran as LocalSystem User COMODO cWatch EDR Agent Uninstalled successfully reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\COMODO\EDREndpoint /va /f
Traceback (most recent call last): File “<string>”, line 53, in <module> File “C:\Program Files (x86)\COMODO\Comodo ITSM\lib\shutil.py”, line 252, in rmtree onerror(os.remove, fullname, sys.exc_info()) File “C:\Program Files (x86)\COMODO\Comodo ITSM\lib\shutil.py”, line 250, in rmtree os.remove(fullname) WindowsError: [Error 5] Access is denied: ‘C:\ProgramData\COMODO\cWatchEDRAgent\edrcleantool.exe’

Hello @thearcatlantic, we have communicated to our script developers to have your case investigated and provide you the best possible answer.
We will also create a support ticket for this and send you an update as soon as possible.

Thank you for your support.

Any update on this? I could not find or did not receive an email about the support case created.

@thearcatlantic ,

A​ support email was sent over your forum registered email by @Anna_C . This should be coming from c1-support@comodo.com. Please check your spam ur junk as it might be flagged. This report had been escalated to our Development Team and we have asked an update for resolution as soon as possible.

I have other support tickets from C1-Support that I have been working on just not from this support case.

@thearcatlantic ,

the subject line should be the topic you have raise above “Forum: CWatch EDR - Remote uninstall not working”

Ok thank you, I found it. Will wait for an update on the issue.

I did not get a chance to uninstall EDR from endpoints. Now EDR V2 has been released and causing more issues. Uninstaller script not working for the new version.

First version of scripted had this error -

I edited the script to the new DIR C:\Program Files (x86)\COMODO\EdrAgentV2

V2 script gets this error -
COMODO cWatch EDR Agent not installed at Endpoint reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\COMODO\EDREndpoint /va /f The operation completed successfully. [Error 5] Access is denied: ‘C:\Program Files (x86)\COMODO\EdrAgentV2\x64\cacert.pem’

20190905-Imported-Uninstall_EDR_v2.json (2.99 KB)

@thearcatlantic ,

We apologize to hear that this is still left unresolved. We assumed that your response dated August 23rd from the original support ticket created has resolved your first issue as confirmed by your reply. We will reopen and escalate the issue to our Script Developers to have these taken care of.

What is new with v2 EDR?

other than more headaches not sure

Hello @libretech, we have ask our development team to provide the “what’s new” with EDR v2.

We’ll update you as soon as possible. Thank you.

Any update on this?

Any update?

We apologize for the delay. We have asked our Script Developers for an update as quickly as possible. We will post their statement and recommendation soon.

We have asked a follow-up for the details you are needing. We’ll make sure to relay their update once made available.

Hello @libretech

Release notes for EDR version2 are as follows:

• Installation problems fixed
• Stability is greatly improved
• Coverage of captured event data is increased
• Full support of latest Windows 10 releases
• Improved compatibility with other applications

Kregards,