Phone Lines icon GFI Support Home Start a conversation Sign in
Start a conversation
  1. GFI EndPointSecurity
  2. GFI EndPointSecurity - EndPointSecurity :: Agent
  3. Articles

Uninstalling the Agent Manually

Overview

You may face the issue where the GFI EndPointSecurity agent cannot be removed from a remote machine when attempting to deploy a removal from the GFI EndPointSecurity console or you may no longer have access to the console and you're looking for a manual way to uninstall the agent.

Solution

  • The GFI EndPointSecurity agent should be uninstalled by using the GFI EndPointSecurity Console.
  • This procedure should only be given as a last resort when the agent cannot be removed from the machine.
  • Before carrying out the steps, read the procedure carefully in order to verify what you need to do depending on the operating system and version of the EndPointSecurity agent installed.
  • If you are not sure which agent version you have installed, check the registry keys and files listed in the steps to verify.
  • If you are still not sure, do not carry out the procedure and ask for assistance from EndPointSecurity support.
  • The procedure documented in this document applies to versions 4, 4.1, 4.2, 4.3, 2012, and 2013 only, and may not work with previous or newer versions.
  • Manually removing the GFI EndPointSecurity Agent requires deleting registry keys manually. It is advised to take a backup of these keys before deleting them.
  • If you have a large number of computers, this process will take a long time and there isn't currently a way you can initiate it on all computers at the same time. Therefore, consider reactivating the console to uninstall agents on many machines

Microsoft Troubleshooter

  • This tool from Microsoft will remove the agent in some cases and is easier than the other methods below.
  • To download the tool, click on the following link:

Steps

  1. Click on Download Troubleshooter on the site linked above
  2. A file named MicrosoftProgram_Install_and_Uninstall.meta.diagcab is installed. Open the file.
    mceclip0.png
  3. Click Next.
    mceclip2.png

  4. Select Uninstalling
    mceclip3.png

  5. Select EndPointSecurity Agent from the programs listed and click Next
    mceclip4.png
  6. Select Yes, try to uninstall
  7. You will receive a message saying that the problem has been fixed.
    mceclip5.png
  8. Click  Close 
  9. Once this is complete, EndPointSecurity Agent should have been removed from the system.


Windows XP / Server 2003

  1. Boot from Windows CD
  2. Choose REPAIR (R) and select the installation to be repaired
  3. Type the password for the local Administrator
  4. Enter the command depending on the agent version:
    • version 2013: DEL C:\WINDOWS\system32\drivers\esecdrv60.sys
    • version 4.2 / 2012: DEL C:\WINDOWS\system32\drivers\esecdrv42.sys
  5. Enter the command: exit
  6. Start Windows normally
  7. Delete the following registry keys:
    • HKLM\SYSTEM\CurrentControlSet\Services\EsecAgentSvc
    • HKLM\SYSTEM\CurrentControlSet\Services\esecdrv
    • HKLM\SYSTEM\CurrentControlSet\Services\esecdrv42
    • HKLM\SYSTEM\CurrentControlSet\Services\esecdrv60
    • HKLM\SOFTWARE\GFI\EndPointSecurity 4 / 5 / 6
    • HKLM\SOFTWARE\Wow6432Node\GFI\EndPointSecurity4 / 5 / 6
  8. Restart the computer
  9. Delete the folder C:\Program Files\GFI\EndPointSecurity Agent
  10. Depending on the version of the agent, delete the registry keys as specified in Appendix A
  11. From the GFI EndPointSecurity Console, remove the agent by selecting the option ‘Delete computer(s) without uninstall’

Note 1: In step 4, if the agent installed is version 4 or 4.1, the driver is called esecdrv.sys
Note 2: In step 12, on x64 operating systems the GFI\EndPointSecurity registry key is located under HKLM\SOFTWARE\Wow6432Node\GFI

Windows 7 / Server 2008

  1. Boot from Windows CD
  2. Choose the Language / Time & Currency formats, and click ‘Next’
  3. Choose the ‘Repair your computer’ option
  4. Select ‘Use Recovery Tools that can help fix problems…’
  5. Choose the installation to be repaired and click ‘Next’
  6. Choose the Command Prompt option
  7. Enter the command: D:
  8. Enter the command depending on the agent version:
    • version 2013: DEL C:\WINDOWS\system32\drivers\esecdrv60.sys
    • version 4.2 / 2012: DEL C:\WINDOWS\system32\drivers\esecdrv42.sys
  9. Enter the command: exit
  10. Choose the option to restart the machine
  11. Start Windows normally
  12. Delete the following registry keys:
    • HKLM\SYSTEM\CurrentControlSet\Services\EsecAgentSvc
    • HKLM\SYSTEM\CurrentControlSet\Services\esecdrv
    • HKLM\SYSTEM\CurrentControlSet\Services\esecdrv42
    • HKLM\SYSTEM\CurrentControlSet\Services\esecdrv60
    • HKLM\SOFTWARE\GFI\EndPointSecurity4 / 5 / 6
  13. Restart the computer
  14. Delete the folder C:\Program Files (x86)\GFI\EndPointSecurity Agent
  15. Depending on the version of the agent, delete the registry keys as specified in Appendix A
  16. From the GFI EndPointSecurity Console, remove the agent by selecting the option ‘Delete computer(s) without uninstall’

Note 1: In steps 7 and 8, on Windows 7 the drive specified is that of the CD/DVD, on Windows 2008 the drive specified is that of the operating system
Note 2: In step 8, if the agent installed is version 4 or 4.1, the driver is called esecdrv.sys
Note 3: In step 12, on x64 operating systems the GFI\EndPointSecurity registry key is located under HKLM\SOFTWARE\Wow6432Node\GFI

Appendix A

GFI EndPointSecurity 2013

Keys:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\57DC5777E98C02540B69CD2C61BE3CD7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7775CD75-C89E-4520-B096-DCC216EBC37D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7775CD75-C89E-4520-B096-DCC216EBC37D}

GFI EndPointSecurity 2012 

Keys:

  • HKLM\SOFTWARE\Classes\Installer\Products\5AA82EF304184E740A3D79F442385165 and
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3FE28AA5-8140-47E4-A0D3-974F24831556}
  • HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3FE28AA5-8140-47E4-A0D3-974F24831556}

GFI EndPointSecurity 4.2 and 4.3

Builds: 20100625, 20100428, 20091109, 20091014
Keys:

  • HKLM\SOFTWARE\Classes\Installer\Products\505AD1BC44D34744B81ED6B0071A1E23 and
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB1DA505-3D44-4474-8BE1-6D0B70A1E132}
  • HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CB1DA505-3D44-4474-8BE1-6D0B70A1E132}

GFI EndPointSecurity 4 and 4.1

Builds: 20090508, 20090217, 20080215
Keys:

  • HKLM\SOFTWARE\Classes\Installer\Products\09F8D729D7CAB5946B6907B2AD8DDEC7 and
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{927D8F90-AC7D-495B-B696-702BDAD8ED7C}
  • HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{927D8F90-AC7D-495B-B696-702BDAD8ED7C}

Note: On x64 operating systems, the Uninstall\{<GUID>} registry key is located under HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted

Comments