I need to uninstall all my EDR agents and re-install them for the new C1 integration, so I would like an Uninstall script for the EDR agent; Alphan mentioned in another thread it does not cleanly uninstall at this time so that should be kept in mind for the script (not just a simple MSI remove with wmic or whatever). Thanks!
we will analyze your request re: EDR® will get back you soon with the better solution.
Here is the script to Remove the Cwatch EDR Agent. I was originally linked to a different one from Alphan, so the application name may vary depending on when you set up the agent, this worked for me:
if ‘PROGRAMW6432’ in os.environ.keys():
path=r"C:\Program Files (x86)\COMODO\cWatchEDRAgent"
_disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
_revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
self.old_value = ctypes.c_long()
self.success = self._disable(ctypes.byref(self.old_value))
def exit(self, type, value, traceback):
guid=os.popen(r"wmic product get name,identifyingnumber").read();
for i in k:
EDR=re.findall(“COMODO cWatch EDR Agent”,guid);
uninst=os.popen(r"wmic product where name=‘COMODO cWatch EDR Agent’ call uninstall").read()
print “COMODO cWatch EDR Agent Uninstalled successfully”
print “COMODO cWatch EDR Agent not Uninstalled successfully”
print(‘COMODO cWatch EDR Agent not installed at Endpoint’);
We also have an alternate solution for this cWatch EDR Security . We have used uninstall string to remove the cWatch EDR Agent.
Please refer the following link from the script library.
Please provide us your valuable feedback,
The only problem seems to be, if you were using EDR before the C1 integration and you want to remove and then re-add the endpoints, you will need to get support to clear out the old endpoint IDs in the DBs, I’m finding when I try to re-install the EDR endpoint it simply doesn’t work (because the endpoint ID is still in the comodo database tied to your old account; but at the same time it doesn’t “re-activate” on the old account either.
We have updated the script as per your request, Please refer the script in the below provided link.