- Products
- Learn
- Local User Groups
- Partners
- More
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
Join our TechTalk: Malware 2021 to Present Day
Building a Preventative Cyber Program
Be a CloudMate!
Check out our cloud security exclusive space!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
I found a conversation very similar to my situation.
In this case - there was no registry entry for HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint\Endpoint Security and adding two entries allowed the default password to be used to uninstall this software.
I'm trying to remove the software - without knowing the uninstall password - but when I check my registry I have a bunch of entries under:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint\Endpoint Security
There are UninstPwdHash & UninstPwdSalt entries along with others.
I added the suggested UninstPwdSaltDA & UninstPwdHashDA with values of 0 but I am still receiving the error of invalid password.
I'm hoping someone can help me in that I see that I can either:
I'm afraid if I mess something up too bad then I may not be able to get back into my machine.
Any/all help is welcome.
I see the following solution possibilities, but they all require access to an EPS Server, the first two to the EPS that also deployed your agent.
- if your EPS client is connected to the Server and an E84.30 client or above, configure uninstall by Push Operation > Add > Agent Settings > Uninstall Client. This is pushed to the client and you will see the status in EPS.
- if your EPS client is connected to the Server, simply change the uninstall password in Common Client policy in the Policies tab (sk61168), client will update the registry values and uninstall is possible
- if not, deploy a new client with known uninstall password to another machine and copy the 2 UninstPwdHash & UninstPwdSalt entries from it to your registry. Now you should be able to uninstall using sk118233. This does not need the original EPS Server at all, so you could also do a eval lab deployment.
I recommend engaging with the TAC on this.
You already followed this sk right?
Yes - the solution assumes I have the uninstall password - which I do not. In fact, this is where I started before I added the two entries with DA suffixes. Thanks.
I see the following solution possibilities, but they all require access to an EPS Server, the first two to the EPS that also deployed your agent.
- if your EPS client is connected to the Server and an E84.30 client or above, configure uninstall by Push Operation > Add > Agent Settings > Uninstall Client. This is pushed to the client and you will see the status in EPS.
- if your EPS client is connected to the Server, simply change the uninstall password in Common Client policy in the Policies tab (sk61168), client will update the registry values and uninstall is possible
- if not, deploy a new client with known uninstall password to another machine and copy the 2 UninstPwdHash & UninstPwdSalt entries from it to your registry. Now you should be able to uninstall using sk118233. This does not need the original EPS Server at all, so you could also do a eval lab deployment.
Hello,
I'm in a similar situation as TechnoJock: my uninstall password does not work.
I already created a new uninstall password and pushed this out to the clients. I consider that this was successesful as I can see that the new policy is shown on the client. But even with this new password it does not work.
@G_W_Albrecht: you mentioned in your last post that there is a possibility to push out a client uninstall task. But I don't have this option available in my console. Can you maybe specify with version of the management server/console is necessary to have this option?
We are in the process of re-deploying > 100 windows clients. Due to the COVID situation these clients are spread across Europe and the removing the CheckPoint client is one of the major obstacles in this process.
Unfortunately Management decided not to continue with CheckPoint so I don't have the possibility to open a TAC case.
So any help is much apreciated.
Better use method three (changing Win Registry values to set uninstall password) using your deployment tools - because you would have to upgrade SMS/EPSS and all clients to a version enabling push uninstall, which is rather hard to do...
I evaluated the endpoint security solution, changed and deployed a custom uninstall password but did not remember or write down what I changed it to. I did not have access to the harmony portal anymore because our evaluation was over. Whoops. I did not want to reinstall my laptop.
I succeeded in uninstalling my endpoint security by using your 3rd option, copying the hash and salt from client with default password.
Yes, that is a good workaround in such a case ! I do appreciate Kudos 😎 btw.
Are you able to post the default keys? I have 3 clients left over that I am trying to uninstall and having the exact same issue as you. (wish I had copied key from one of my other machines, if i had only known) They are using some legacy software and will be a real PITA to try and reformat and reload.
I found a conversation very similar to my situation.
In this case - there was no registry entry for HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint\Endpoint Security and adding two entries allowed the default password to be used to uninstall this software.
I'm trying to remove the software - without knowing the uninstall password - but when I check my registry I have a bunch of entries under:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint\Endpoint Security
There are UninstPwdHash & UninstPwdSalt entries along with others.
I added the suggested UninstPwdSaltDA & UninstPwdHashDA with values of 0 but I am still receiving the error of invalid password.
I'm hoping someone can help me in that I see that I can either:
I'm afraid if I mess something up too bad then I may not be able to get back into my machine.
Any/all help is welcome.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY