Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
TechnoJock
Explorer
Jump to solution

Uninstall Check Point Endpoint Security without Uninstall Password

I found a conversation very similar to my situation.

In this case - there was no registry entry for HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint\Endpoint Security and adding two entries allowed the default password to be used to uninstall this software.

I'm trying to remove the software - without knowing the uninstall password - but when I check my registry I have a bunch of entries under:

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint\Endpoint Security

There are UninstPwdHash & UninstPwdSalt entries along with others.

I added the suggested UninstPwdSaltDA & UninstPwdHashDA with values of 0 but I am still receiving the error of invalid password.

I'm hoping someone can help me in that I see that I can either:

  • Remove these existing values & hope the new DA values will be in effect
  • Update these existing values to 0
  • Remove the newly added DA entries - change the existing to add DA suffix to their name and set their value to 0

I'm afraid if I mess something up too bad then I may not be able to get back into my machine.

Any/all help is welcome.

 

1 Solution

Accepted Solutions
G_W_Albrecht
Legend
Legend

I see the following solution possibilities, but they all require access to an EPS Server, the first two to the EPS that also deployed your agent.

- if your EPS client is connected to the Server and an E84.30 client or above, configure uninstall by Push Operation > Add > Agent Settings > Uninstall Client. This is pushed to the client and you will see the status in EPS.

- if your EPS client is connected to the Server, simply change the uninstall password in Common Client policy in the Policies tab (sk61168), client will update the registry values and uninstall is possible

- if not, deploy a new client with known uninstall password to another machine and copy the 2 UninstPwdHash & UninstPwdSalt entries from it to your registry. Now you should be able to uninstall using sk118233. This does not need the original EPS Server at all, so you could also do a eval lab deployment.

CCSE CCTE CCSM SMB Specialist

View solution in original post

11 Replies
PhoneBoy
Admin
Admin

I recommend engaging with the TAC on this.

0 Kudos
(1)
Lzm
Collaborator

You already followed this sk right? 

0 Kudos
TechnoJock
Explorer

Yes - the solution assumes I have the uninstall password - which I do not. In fact, this is where I started before I added the two entries with DA suffixes. Thanks.

0 Kudos
G_W_Albrecht
Legend
Legend

I see the following solution possibilities, but they all require access to an EPS Server, the first two to the EPS that also deployed your agent.

- if your EPS client is connected to the Server and an E84.30 client or above, configure uninstall by Push Operation > Add > Agent Settings > Uninstall Client. This is pushed to the client and you will see the status in EPS.

- if your EPS client is connected to the Server, simply change the uninstall password in Common Client policy in the Policies tab (sk61168), client will update the registry values and uninstall is possible

- if not, deploy a new client with known uninstall password to another machine and copy the 2 UninstPwdHash & UninstPwdSalt entries from it to your registry. Now you should be able to uninstall using sk118233. This does not need the original EPS Server at all, so you could also do a eval lab deployment.

CCSE CCTE CCSM SMB Specialist
gfassauer
Explorer

Hello,

I'm in a similar situation as TechnoJock: my uninstall password does not work.

I already created a new uninstall password and pushed this out to the clients. I consider that this was successesful as I can see that the new policy is shown on the client. But even with this new password it does not work.

@G_W_Albrecht: you mentioned in your last post that there is a possibility to push out a client uninstall task. But I don't have this option available in my console. Can you maybe specify with version of the management server/console is necessary to have this option?

We are in the process of re-deploying > 100 windows clients. Due to the COVID situation these clients are spread across Europe and the removing the CheckPoint client is one of the major obstacles in this process.

Unfortunately Management decided not to continue with CheckPoint so I don't have the possibility to open a TAC case.

So any help is much apreciated.

0 Kudos
G_W_Albrecht
Legend
Legend

Better use method three (changing Win Registry values to set uninstall password) using your deployment tools - because you would have to upgrade SMS/EPSS and all clients to a version enabling push uninstall, which is rather hard to do...

CCSE CCTE CCSM SMB Specialist
Joost_CP
Explorer

I  evaluated the endpoint security solution, changed and deployed a custom uninstall password but did not remember or write down what I changed it to. I did not have access to the harmony portal anymore because our evaluation was over. Whoops. I did not want to reinstall my laptop.

I succeeded in uninstalling my endpoint security by using your 3rd option, copying the hash and salt from client with default password. 

0 Kudos
G_W_Albrecht
Legend
Legend

Yes, that is a good workaround in such a case ! I do appreciate Kudos 😎 btw.

CCSE CCTE CCSM SMB Specialist
erikc_soda
Explorer

Are you able to post the default keys?  I have 3 clients left over that I am trying to uninstall and having the exact same issue as you. (wish I had copied key from one of my other machines, if i had only known)  They are using some legacy software and will be a real PITA to try and reformat and reload.

0 Kudos
mmorales7456789
Explorer

Hi, do you have this values? "the hash and salt from client with default password" can you share with me this?

0 Kudos
PhoneBoy
Admin
Admin

You might try: https://support.checkpoint.com/results/sk/sk173647 
The other option is to contact the TAC, who may be able to assist here: https://help.checkpoint.com 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events