This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
guilherrme
Participant
‎2024-01-31 03:27 PM

Uninstall Check Point Endpoint R86.70

Hello everyone, i'm trying to uninstall CP but it says that its not possible to uninstall FDE while encryption is active.

There's no connection to any server or console anymore.

I'm trying to find a way to disable FDE manually, maybe changing some registry key or something similar, and most importantly trying to do that without crashing the system.

In the attachments is a recent FDE log that i got using cpinfo. Can someone shed some light on what can i do to disable it so i can uninstall CP successfully?

Labels
Preview file
62 KB
Preview file
33 KB
Preview file
187 KB
0 Kudos
11 Replies
the_rock
Legend
Legend
‎2024-01-31 05:36 PM

Maybe better contact TAC to solve this. I would be super careful with changing registry keys.

Best,

Andy

the_rock
Legend
Legend
‎2024-02-01 10:00 AM

Hey @guilherrme 

Did you get this sortged out?

Best,

Andy

guilherrme
Participant
‎2024-02-02 08:56 AM
In response to the_rock

Hey @the_rock 

Not yet unfortunately, we can't contact TAC anymore because the contract ended recently.

No console, no server. I'm trying to figure it out on my own to help the team.

The problem happens only with this version 86.70, i just need to know how the FDE works so i can try to disable it manually and uninstall.

 

Thanks for answering man.

0 Kudos
the_rock
Legend
Legend
‎2024-02-02 09:31 AM
In response to guilherrme

Let me see what I can find as far as FDE. Maybe someone else will know.

Andy

(1)
guilherrme
Participant
‎2024-02-02 11:02 AM
In response to the_rock

thanks @the_rock i apreciate that

0 Kudos
the_rock
Legend
Legend
‎2024-02-02 09:32 AM
In response to guilherrme

https://community.checkpoint.com/t5/Endpoint/Disable-FDE/td-p/99730

(1)
the_rock
Legend
Legend
‎2024-02-02 11:08 AM
In response to the_rock

Did that help?

Andy

0 Kudos
guilherrme
Participant
‎2024-02-02 11:37 AM
In response to the_rock

Thanks, i saw that article before...it didnt help me..i've seen a lot of articles like that, many of them involve doing something on console or management server which in our case we dont have access, its just the machines with the problem, if we dont figure out how to do it we're gonna have to format the machines and we're trying to avoid that because there are so many machines with that version.

And there's another problem which is harmony extension keeping the users from downloading files.

What i would like to do is to use sysinternals to access some specific registry keys with the authotity nt\system account and change some values to disable encryption but i dont know what is the correct registry key or file.

One of our colleagues tried to uninstall checkpoint using a third party uninstaller and crashed the system (good thing it wasnt an end user machine haha), so i'm being very careful about it.

 

Interesting thing is that initially i thought the problem was the service fde_srv.exe that was always running. So i booted windows on safe mode but even though none of the cp services was running i got the same error.

 So i think the problem is this "encryption active" that the error message says. I'm trying to figure out what that means.

0 Kudos
the_rock
Legend
Legend
‎2024-02-02 12:38 PM
In response to guilherrme

Honestly, your best bet is to maybe see if your local SE person can open a case to get TAC help that way...just an idea.

Best,

Andy

guilherrme
Participant
‎2024-02-02 01:23 PM
In response to the_rock

yeah, i'll see what i can do

 

thanks

0 Kudos
DKK
Explorer
‎2024-02-07 01:55 AM

Hi,

I had the same problem. You need to wait for the encryption to finish at 100% and after that you can uninstall the CP.

Good luck!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events