- Products
- Learn
- Local User Groups
- Partners
- More
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
- Products
- Learn
- Local User Groups
- Upcoming Events
- Americas
- EMEA
- Czech Republic and Slovakia
- Denmark
- Netherlands
- Germany
- Sweden
- United Kingdom and Ireland
- France
- Spain
- Norway
- Ukraine
- Baltics and Finland
- Greece
- Portugal
- Austria
- Kazakhstan and CIS
- Switzerland
- Romania
- Turkey
- Belarus
- Belgium & Luxembourg
- Russia
- Poland
- Georgia
- DACH - Germany, Austria and Switzerland
- Iberia
- Africa
- Adriatics Region
- Eastern Africa
- Israel
- Nordics
- Middle East and Africa
- Balkans
- Italy
- APAC
- Partners
- More
- ABOUT CHECKMATES & FAQ
- Sign In
- Leaderboard
- Events
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
Join our TechTalk: Malware 2021 to Present Day
Building a Preventative Cyber Program
Be a CloudMate!
Check out our cloud security exclusive space!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix! 
All Videos In One Space
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- CheckMates
- :
- Products
- :
- Harmony
- :
- Endpoint
- :
- Uninstall Check Point Endpoint Security without Un...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have one, create one now for free!
TechnoJock
Explorer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2021-03-30
11:45 AM
Uninstall Check Point Endpoint Security without Uninstall Password
I found a conversation very similar to my situation.
In this case - there was no registry entry for HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint\Endpoint Security and adding two entries allowed the default password to be used to uninstall this software.
I'm trying to remove the software - without knowing the uninstall password - but when I check my registry I have a bunch of entries under:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint\Endpoint Security
There are UninstPwdHash & UninstPwdSalt entries along with others.
I added the suggested UninstPwdSaltDA & UninstPwdHashDA with values of 0 but I am still receiving the error of invalid password.
I'm hoping someone can help me in that I see that I can either:
- Remove these existing values & hope the new DA values will be in effect
- Update these existing values to 0
- Remove the newly added DA entries - change the existing to add DA suffix to their name and set their value to 0
I'm afraid if I mess something up too bad then I may not be able to get back into my machine.
Any/all help is welcome.
1 Solution
Accepted Solutions
G_W_Albrecht
Legend
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2021-04-01
06:26 AM
I see the following solution possibilities, but they all require access to an EPS Server, the first two to the EPS that also deployed your agent.
- if your EPS client is connected to the Server and an E84.30 client or above, configure uninstall by Push Operation > Add > Agent Settings > Uninstall Client. This is pushed to the client and you will see the status in EPS.
- if your EPS client is connected to the Server, simply change the uninstall password in Common Client policy in the Policies tab (sk61168), client will update the registry values and uninstall is possible
- if not, deploy a new client with known uninstall password to another machine and copy the 2 UninstPwdHash & UninstPwdSalt entries from it to your registry. Now you should be able to uninstall using sk118233. This does not need the original EPS Server at all, so you could also do a eval lab deployment.
CCSE CCTE SMB Specialist
9 Replies
PhoneBoy
Admin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2021-03-30
07:47 PM
I recommend engaging with the TAC on this.
Lzm
Contributor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2021-03-31
05:17 PM
You already followed this sk right?
TechnoJock
Explorer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2021-04-01
05:03 AM
Yes - the solution assumes I have the uninstall password - which I do not. In fact, this is where I started before I added the two entries with DA suffixes. Thanks.
G_W_Albrecht
Legend
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2021-04-01
06:26 AM
I see the following solution possibilities, but they all require access to an EPS Server, the first two to the EPS that also deployed your agent.
- if your EPS client is connected to the Server and an E84.30 client or above, configure uninstall by Push Operation > Add > Agent Settings > Uninstall Client. This is pushed to the client and you will see the status in EPS.
- if your EPS client is connected to the Server, simply change the uninstall password in Common Client policy in the Policies tab (sk61168), client will update the registry values and uninstall is possible
- if not, deploy a new client with known uninstall password to another machine and copy the 2 UninstPwdHash & UninstPwdSalt entries from it to your registry. Now you should be able to uninstall using sk118233. This does not need the original EPS Server at all, so you could also do a eval lab deployment.
CCSE CCTE SMB Specialist
gfassauer
Explorer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2021-04-28
02:36 AM
Hello,
I'm in a similar situation as TechnoJock: my uninstall password does not work.
I already created a new uninstall password and pushed this out to the clients. I consider that this was successesful as I can see that the new policy is shown on the client. But even with this new password it does not work.
@G_W_Albrecht: you mentioned in your last post that there is a possibility to push out a client uninstall task. But I don't have this option available in my console. Can you maybe specify with version of the management server/console is necessary to have this option?
We are in the process of re-deploying > 100 windows clients. Due to the COVID situation these clients are spread across Europe and the removing the CheckPoint client is one of the major obstacles in this process.
Unfortunately Management decided not to continue with CheckPoint so I don't have the possibility to open a TAC case.
So any help is much apreciated.
G_W_Albrecht
Legend
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2021-05-26
02:42 AM
Better use method three (changing Win Registry values to set uninstall password) using your deployment tools - because you would have to upgrade SMS/EPSS and all clients to a version enabling push uninstall, which is rather hard to do...
CCSE CCTE SMB Specialist
Joost_CP
Explorer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2021-05-26
12:17 AM
I evaluated the endpoint security solution, changed and deployed a custom uninstall password but did not remember or write down what I changed it to. I did not have access to the harmony portal anymore because our evaluation was over. Whoops. I did not want to reinstall my laptop.
I succeeded in uninstalling my endpoint security by using your 3rd option, copying the hash and salt from client with default password.
G_W_Albrecht
Legend
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2021-05-26
02:37 AM
Yes, that is a good workaround in such a case ! I do appreciate Kudos 😎 btw.
CCSE CCTE SMB Specialist
erikc_soda
Explorer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2022-04-19
06:00 AM
Are you able to post the default keys? I have 3 clients left over that I am trying to uninstall and having the exact same issue as you. (wish I had copied key from one of my other machines, if i had only known) They are using some legacy software and will be a real PITA to try and reformat and reload.
Uninstall Check Point Endpoint Security without Uninstall Password
I found a conversation very similar to my situation.
In this case - there was no registry entry for HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint\Endpoint Security and adding two entries allowed the default password to be used to uninstall this software.
I'm trying to remove the software - without knowing the uninstall password - but when I check my registry I have a bunch of entries under:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint\Endpoint Security
There are UninstPwdHash & UninstPwdSalt entries along with others.
I added the suggested UninstPwdSaltDA & UninstPwdHashDA with values of 0 but I am still receiving the error of invalid password.
I'm hoping someone can help me in that I see that I can either:
- Remove these existing values & hope the new DA values will be in effect
- Update these existing values to 0
- Remove the newly added DA entries - change the existing to add DA suffix to their name and set their value to 0
I'm afraid if I mess something up too bad then I may not be able to get back into my machine.
Any/all help is welcome.
Labels
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
©1994-2022 Check Point Software Technologies Ltd. All rights reserved.
Copyright
Privacy Policy
Facts at a Glance
User Center