07-24-2019 02:26 AM
I have come across a situation, where I am unable to remove traps agent from a windows systems, Below are the findings from this situations.
1) This perticular windows endpoint is unlicensed now meaning there is no communication between this endpoint and traps ESM server.
2) We tried removing traps using traps cleaner tool but while running this tool it says "SPROT is enabled please enter password to disabled it"
3) When we enter the password it says incorrect password (we know pssword is correct"
4)When we try to remove traps through control panel , it asks for the password and hence not accpeting the password.
5) We tried to install traps by overrighting the current installation. but during the traps setup window, The ESM server name and port number comes already hardcoded means we cant change the things which are already there.
6) This unlicensed traps is blocking a perticular pdf on the system, so evenif i whielist that pdf , those changes will not take effect untill the communication is established.
I have opened a ticket with support people, but still if anyone has any clue , Please assist.
07-24-2019 02:30 AM
Have you tried the default agent uninstall password? It's "Password1"
Failing that if you contact PAN support they should be able to provide you with a removal tool that will remove Traps entirely from the machine, without the need for a password.
07-27-2019 08:54 AM
At the very begining: it is possbile to get rid of Traps agent without password. It needs to manual cleaning of registry (tricky part, you have to know what are you doing) and I wen thru this process with and without PANW's support.
Even if agent's services protects itself you can always boot windows in safe mode and use registry editor then just delete agent's files.
05-13-2020 08:31 AM
I have seen that in some cases, the Traps installation is not correct. In those cases, the cleaner does not work and the solution is to execute it in safe mode.
I have seen that if traps is stopped with the cytool, the you can execute the cleaner correctly. For those Endpoints that you can not access in safe mode because of different issues, you can try this.
08-15-2022 12:08 PM
Error: "Cleaner failed to disable SPROT or the current user is not privileged"
cd /d C:\Program Files\Palo Alto Networks\Traps\
cytool protect disable
Go to add or remove programs and select Cortex then click "Yes" on restarting and Cortex should be removed.
01-26-2023 04:57 PM
05-24-2023 04:22 AM
Thank you. Worked for me aswell!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!