Solved: Uninstall Check Point Endpoint Security without Un...

TechnoJock · ‎2021-03-30

I found a conversation very similar to my situation.

In this case - there was no registry entry for HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint\Endpoint Security and adding two entries allowed the default password to be used to uninstall this software.

I'm trying to remove the software - without knowing the uninstall password - but when I check my registry I have a bunch of entries under:

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint\Endpoint Security

There are UninstPwdHash & UninstPwdSalt entries along with others.

I added the suggested UninstPwdSaltDA & UninstPwdHashDA with values of 0 but I am still receiving the error of invalid password.

I'm hoping someone can help me in that I see that I can either:

Remove these existing values & hope the new DA values will be in effect
Update these existing values to 0
Remove the newly added DA entries - change the existing to add DA suffix to their name and set their value to 0

I'm afraid if I mess something up too bad then I may not be able to get back into my machine.

Any/all help is welcome.

G_W_Albrecht · ‎2021-04-01

I see the following solution possibilities, but they all require access to an EPS Server, the first two to the EPS that also deployed your agent.

- if your EPS client is connected to the Server and an E84.30 client or above, configure uninstall by Push Operation > Add > Agent Settings > Uninstall Client. This is pushed to the client and you will see the status in EPS.

- if your EPS client is connected to the Server, simply change the uninstall password in Common Client policy in the Policies tab (sk61168), client will update the registry values and uninstall is possible

- if not, deploy a new client with known uninstall password to another machine and copy the 2 UninstPwdHash & UninstPwdSalt entries from it to your registry. Now you should be able to uninstall using sk118233. This does not need the original EPS Server at all, so you could also do a eval lab deployment.

CCSE CCTE CCSM SMB Specialist

View solution in original post

PhoneBoy · ‎2021-03-30

I recommend engaging with the TAC on this.

Lzm · ‎2021-03-31

You already followed this sk right?

TechnoJock · ‎2021-04-01

Yes - the solution assumes I have the uninstall password - which I do not. In fact, this is where I started before I added the two entries with DA suffixes. Thanks.

G_W_Albrecht · ‎2021-04-01

I see the following solution possibilities, but they all require access to an EPS Server, the first two to the EPS that also deployed your agent.

- if your EPS client is connected to the Server and an E84.30 client or above, configure uninstall by Push Operation > Add > Agent Settings > Uninstall Client. This is pushed to the client and you will see the status in EPS.

- if your EPS client is connected to the Server, simply change the uninstall password in Common Client policy in the Policies tab (sk61168), client will update the registry values and uninstall is possible

- if not, deploy a new client with known uninstall password to another machine and copy the 2 UninstPwdHash & UninstPwdSalt entries from it to your registry. Now you should be able to uninstall using sk118233. This does not need the original EPS Server at all, so you could also do a eval lab deployment.

CCSE CCTE CCSM SMB Specialist

gfassauer · ‎2021-04-28

Hello,

I'm in a similar situation as TechnoJock: my uninstall password does not work.

I already created a new uninstall password and pushed this out to the clients. I consider that this was successesful as I can see that the new policy is shown on the client. But even with this new password it does not work.

@G_W_Albrecht: you mentioned in your last post that there is a possibility to push out a client uninstall task. But I don't have this option available in my console. Can you maybe specify with version of the management server/console is necessary to have this option?

We are in the process of re-deploying > 100 windows clients. Due to the COVID situation these clients are spread across Europe and the removing the CheckPoint client is one of the major obstacles in this process.

Unfortunately Management decided not to continue with CheckPoint so I don't have the possibility to open a TAC case.

So any help is much apreciated.

G_W_Albrecht · ‎2021-05-26

Better use method three (changing Win Registry values to set uninstall password) using your deployment tools - because you would have to upgrade SMS/EPSS and all clients to a version enabling push uninstall, which is rather hard to do...

CCSE CCTE CCSM SMB Specialist

Joost_CP · ‎2021-05-26

I evaluated the endpoint security solution, changed and deployed a custom uninstall password but did not remember or write down what I changed it to. I did not have access to the harmony portal anymore because our evaluation was over. Whoops. I did not want to reinstall my laptop.

I succeeded in uninstalling my endpoint security by using your 3rd option, copying the hash and salt from client with default password.

G_W_Albrecht · ‎2021-05-26

Yes, that is a good workaround in such a case ! I do appreciate Kudos 😎 btw.

CCSE CCTE CCSM SMB Specialist

erikc_soda · ‎2022-04-19

Are you able to post the default keys? I have 3 clients left over that I am trying to uninstall and having the exact same issue as you. (wish I had copied key from one of my other machines, if i had only known) They are using some legacy software and will be a real PITA to try and reformat and reload.

mmorales7456789 · ‎2023-05-19

Hi, do you have this values? "the hash and salt from client with default password" can you share with me this?

PhoneBoy · ‎2023-05-19

You might try: https://support.checkpoint.com/results/sk/sk173647
The other option is to contact the TAC, who may be able to assist here: https://help.checkpoint.com

Uninstall Check Point Endpoint Security without Uninstall Password

Uninstall Check Point Endpoint Security without Uninstall Password

Are you a member of CheckMates?

Uninstall Check Point Endpoint Security without Uninstall Password

Uninstall Check Point Endpoint Security without Uninstall Password