Uninstall Check Point Endpoint R86.70

guilherrme · ‎2024-01-31

Hello everyone, i'm trying to uninstall CP but it says that its not possible to uninstall FDE while encryption is active.

There's no connection to any server or console anymore.

I'm trying to find a way to disable FDE manually, maybe changing some registry key or something similar, and most importantly trying to do that without crashing the system.

In the attachments is a recent FDE log that i got using cpinfo. Can someone shed some light on what can i do to disable it so i can uninstall CP successfully?

the_rock · ‎2024-01-31

Maybe better contact TAC to solve this. I would be super careful with changing registry keys.

Best,

Andy

the_rock · ‎2024-02-01

Hey @guilherrme

Did you get this sortged out?

Best,

Andy

guilherrme · ‎2024-02-02

Hey @the_rock

Not yet unfortunately, we can't contact TAC anymore because the contract ended recently.

No console, no server. I'm trying to figure it out on my own to help the team.

The problem happens only with this version 86.70, i just need to know how the FDE works so i can try to disable it manually and uninstall.

Thanks for answering man.

the_rock · ‎2024-02-02

Let me see what I can find as far as FDE. Maybe someone else will know.

Andy

guilherrme · ‎2024-02-02

thanks @the_rock i apreciate that

the_rock · ‎2024-02-02

https://community.checkpoint.com/t5/Endpoint/Disable-FDE/td-p/99730

the_rock · ‎2024-02-02

Did that help?

Andy

guilherrme · ‎2024-02-02

Thanks, i saw that article before...it didnt help me..i've seen a lot of articles like that, many of them involve doing something on console or management server which in our case we dont have access, its just the machines with the problem, if we dont figure out how to do it we're gonna have to format the machines and we're trying to avoid that because there are so many machines with that version.

And there's another problem which is harmony extension keeping the users from downloading files.

What i would like to do is to use sysinternals to access some specific registry keys with the authotity nt\system account and change some values to disable encryption but i dont know what is the correct registry key or file.

One of our colleagues tried to uninstall checkpoint using a third party uninstaller and crashed the system (good thing it wasnt an end user machine haha), so i'm being very careful about it.

Interesting thing is that initially i thought the problem was the service fde_srv.exe that was always running. So i booted windows on safe mode but even though none of the cp services was running i got the same error.

So i think the problem is this "encryption active" that the error message says. I'm trying to figure out what that means.

the_rock · ‎2024-02-02

Honestly, your best bet is to maybe see if your local SE person can open a case to get TAC help that way...just an idea.

Best,

Andy

guilherrme · ‎2024-02-02

yeah, i'll see what i can do

thanks

DKK · ‎2024-02-07

Hi,

I had the same problem. You need to wait for the encryption to finish at 100% and after that you can uninstall the CP.

Good luck!

Are you a member of CheckMates?

Uninstall Check Point Endpoint R86.70