I need to uninstall all my EDR agents and re-install them for the new C1 integration, so I would like an Uninstall script for the EDR agent; Alphan mentioned in another thread it does not cleanly uninstall at this time so that should be kept in mind for the script (not just a simple MSI remove with wmic or whatever). Thanks!
Hi @indieserve
we will analyze your request re: EDR® will get back you soon with the better solution.
Thanks
Here is the script to Remove the Cwatch EDR Agent. I was originally linked to a different one from Alphan, so the application name may vary depending on when you set up the agent, this worked for me:
import os
import ctypes
import re
import shutil
if ‘PROGRAMW6432’ in os.environ.keys():
path=r"C:\Program Files (x86)\COMODO\cWatchEDRAgent"
else:
path=r"C:\Program Files\COMODO\cWatchEDRAgent"
path1=r"C:\ProgramData\COMODO\cWatchEDRAgent"
class disable_file_system_redirection:
_disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
_revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
def enter(self):
self.old_value = ctypes.c_long()
self.success = self._disable(ctypes.byref(self.old_value))
def exit(self, type, value, traceback):
if self.success:
self._revert(self.old_value)
k=[];
with disable_file_system_redirection():
guid=os.popen(r"wmic product get name,identifyingnumber").read();
k.append(re.findall("{.*",guid));
j=[];
for i in k[0]:
j.append(i);
EDR=re.findall(“COMODO cWatch EDR Agent”,guid);
if EDR:
with disable_file_system_redirection():
uninst=os.popen(r"wmic product where name=‘COMODO cWatch EDR Agent’ call uninstall").read()
if uninst:
print “COMODO cWatch EDR Agent Uninstalled successfully”
else:
print “COMODO cWatch EDR Agent not Uninstalled successfully”
else:
print(‘COMODO cWatch EDR Agent not installed at Endpoint’);
if os.path.exists(path):
shutil.rmtree(path)
else:
pass
if os.path.exists(path1):
shutil.rmtree(path1)
else:
pass
Hi @indieserve
We also have an alternate solution for this cWatch EDR Security . We have used uninstall string to remove the cWatch EDR Agent.
Please refer the following link from the script library.
link: https://scripts.comodo.com/frontend/web/topic/remove-comodo-edr-using-uninstall-string
Please provide us your valuable feedback,
Thank you.
The only problem seems to be, if you were using EDR before the C1 integration and you want to remove and then re-add the endpoints, you will need to get support to clear out the old endpoint IDs in the DBs, I’m finding when I try to re-install the EDR endpoint it simply doesn’t work (because the endpoint ID is still in the comodo database tied to your old account; but at the same time it doesn’t “re-activate” on the old account either.
Hi @indieserve
We have updated the script as per your request, Please refer the script in the below provided link.
https://scripts.comodo.com/frontend/…from-endpoints
Thank you