Powershell script for XDR agent removal?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Powershell script for XDR agent removal?

L3 Networker

Would anyone happen to have an example of a powershell script that'll assist in removing the XDR agent? Thanks ahead of time. 

1 accepted solution

Accepted Solutions

L1 Bithead

One option would be to request the XDR Cleaner Tool from support and use:

 

REM to disable agent protect and remove agent with XDRAgentcleaner
@echo off
echo Password123|"%ProgramFiles%\Palo Alto Networks\Traps\cytool.exe" protect disable
REM use xdrcleaner note the password is in clear txt
xdragentcleaner.exe --silient --password Password123 --log c:\remove.log

PB

View solution in original post

3 REPLIES 3

L1 Bithead

One option would be to request the XDR Cleaner Tool from support and use:

 

REM to disable agent protect and remove agent with XDRAgentcleaner
@echo off
echo Password123|"%ProgramFiles%\Palo Alto Networks\Traps\cytool.exe" protect disable
REM use xdrcleaner note the password is in clear txt
xdragentcleaner.exe --silient --password Password123 --log c:\remove.log

PB

L0 Member

Most Anti virus has an anti tamper password. Call the vendor if it's not working. There's probably registry keys and possibly other system files to hook the kernel.

Hi folks,

 

Could you help me plaease to know how can i create a bat script to execute Cortex Agent cleaner with anti tampering password to remove cortex agents?

 

I have to use bat because powershell is prohibited

  • 1 accepted solution
  • 10343 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!