Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11562
Views
5
Helpful
3
Replies

FireAMP agent removal

Go to solution
Jose Cisneros
Level 1
Level 1

‎10-02-2014 11:02 AM - edited ‎02-20-2020 08:59 PM

Sourcefire newbie here...I have to remove FireAMP agents from computers, but I would like to do this from the FireAMP management console.  I know that if you navigate to Management>Computers and you highlight the computer in question you have the option to "Delete" from actions window on the right.  After executing the deletion, the computer will re-appear since the actual agent was never removed from the client side.  How can this process be done from within Sourcefire FireAMP console without actually "touching" the actual computer?

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
miculp
Cisco Employee
Cisco Employee

‎12-18-2014 08:34 AM

Currently there is no method to uninstall the connector from the amp console. This requires touching the computer or some other mechanism.

View solution in original post

3 Replies 3

Go to solution
miculp
Cisco Employee
Cisco Employee

‎12-18-2014 08:34 AM

Currently there is no method to uninstall the connector from the amp console. This requires touching the computer or some other mechanism.

Go to solution
David Janulik
Cisco Employee
Cisco Employee
In response to miculp

‎06-14-2017 01:37 AM

Hello,

let me highlight some facts about uninstalling connector. Uninstalling SW has been always in hands of Administrators. Windows powershell is one of the way to utilize the process, even using remote execution of the scripts. Each Enterprise has its security policies standards. The cli command goes as: "installer-en-us-64-tcp.exe /remove 1 /S /uninstallpassword ConnectorPassword". Which will delete all associated files/registry entries of AMP product. The switch for "/uninstallpassword" is optional in case the connector service is protected.  To uninstall the connector on the remote connector, powershell can supply with command

enter-pssession –ComputerName hostname

To answer why connectors show up even after deleted from console, is that AMP service sends registration attempt. This re-registers connectors back to the cloud, which is by design.

David

Cyber security escalation engineer
0 Helpful

Go to solution
Not applicable

‎06-13-2017 11:51 AM

Have same issue, company split but Cisco has no solution to reclaim our connectors or even simply redirect their assets to their console. Year later and still no solution. deleted from console and just checks back in.

0 Helpful
Customers Also Viewed These Support Documents