Skip to main content

Uninstalling the Huntress Agent

Alan Bishop
  • Updated

Team: Huntress EDR
Product: Agent Management Portal, Command Line
Environment: Windows, macOS
Summary: The process to uninstall the Huntress Agent can be performed many ways: manually, remotely, in bulk, silently, via GUI, via command line using a management or RMM tool. 

 

For any  hosts that have been wiped/decommissioned, you’ll want to "uninstall" the agent from the Huntress Dashboard using one of the Remote Uninstallation directions. That will automatically close any incidents associated with the agent and remove the agent from your account to ensure you aren’t billed for it.

 

In this article

* Remote Uninstallation (all) 

* Bulk Remote Uninstallation(all)

Manual Uninstallation macOS GUI/Terminal

Manual Uninstallation Windows GUI

Command Line Uninstallation for Management Tools and RMM Windows

*-recommended

 

 

Remote Uninstallation

The Huntress Agent has a remote uninstall feature available in the Huntress Web Interface. When you navigate to the desired agent's page, you'll notice the "Uninstall" button on the left-hand side of the agent details window.

  1. Simply click the "Uninstall" button.
  2. Within the Uninstall Agent pop-up, confirm your intent to remove the agent by clicking the "Uninstall" button.
  3. Voila! That agent was immediately removed from your Huntress Account and its associated Organization. The very next time the agent checks-in, we'll deliver it an uninstallation task. This generally occurs within a couple seconds but could take longer in scenarios where the computer was offline (for example, powered down over night or stored away in a closet). Either way, once it's off your dashboard it no longer counts towards your agent totals.

Bulk Remote Uninstallation

Within the Huntress Web Interface, we've added several ways to uninstall large quantities of agents. These features include entire organization uninstallation, unresponsive agent uninstallation, and host-by-host selection.

Entire Organizations

  1. From the Account Dashboard, navigate to the Organization Management view.
  2. Click the trashcan icon beside the desired Organization to remove it all Agents within.

  3. Within the Delete Organization pop-up, confirm your intent to remove the Organization and uninstall all agents by clicking the "Delete" button.

Unresponsive Agents

  1. From an Account or Organization Dashboard, select the Unresponsive Agent counter. Agents are marks as "unresponsive" when they have not called back in 45 days.

  2. Click the uppermost checkbox to select all unresponsive agents (alternatively, you can select the agents you desire).

  3. Click the "Uninstall" button.

  4. Within the Uninstall Agents pop-up, confirm your intent to remove the agent by clicking the "Uninstall" button.

Host-by-host Selection

  1. From the Account or Organization Dashboard, select the Agent Management view.

  2. Select the checkboxes next to each agent you want to uninstall.
  3. Click the "Uninstall" button.

  4. Within the Uninstall Agents pop-up, confirm your intent to remove the agent by clicking the "Uninstall" button.

Manual Uninstallation macOS GUI/Terminal

Open up Terminal and paste in the following:

 sudo bash /Applications/Huntress.app/Contents/MacOS/Uninstall

 

If you drag the Huntress app to the trash can it will not uninstall properly and can get hung up when you try to reinstall! In cases like that you'll need to delete /Library/Application Support/Huntress/HuntressAgent/AgentConfig.plist before reinstalling.

 

Manual Uninstallation Windows GUI

If attended uninstallation is an option, you can leverage Windows' Programs and Features wizard:

  1. Click on the Start button in the left bottom corner of your screen and type "Programs and Features" into the Search box.
  2. Click on the "Programs and Features" icon.
  3. Within the Programs and Features window, scroll to "Huntress Agent".
  4. Right-click on "Huntress Agent" and select the "Uninstall".
  5. Within the Huntress Agent Uninstall pop-up, click the "Yes" button.
  6. Once uninstalled, you'll receive a pop-up notification confirming the successful uninstallation.

Command Line Uninstallation for use with Configuration Management Tools and RMM solutions Windows

The command line uninstallation is suitable for silent/unattended removal using a configuration management tool or RMM solution. The uninstaller supports the following flags:

  • /S - perform a silent installation (optional)

Example:

"C:\Program Files\Huntress\Uninstall.exe" /S

If for some reason the "uninstall.exe" executable is missing from the Huntress directory, run the following commands:

"C:\Program Files\Huntress\HuntressAgent.exe" uninstall
"C:\Program Files\Huntress\HuntressUpdater.exe" uninstall
rmdir "c:\Program Files\Huntress" /q /s
echo "Please wait 10 seconds and press any key"
pause
reg delete "HKLM\SOFTWARE\Huntress Labs" /f

Comments

0 comments

Please sign in to leave a comment.

Related articles