For details on cookie usage on our site, read our Privacy Policy
Unable to remove traps agent from windows endpoint
- LIVEcommunity
- Discussions
- Cloud Delivered Security Services
- Endpoint (Traps) Discussions
- Unable to remove traps agent from windows endpoint
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Unable to remove traps agent from windows endpoint
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-24-2019 02:26 AM
Hi All,
I have come across a situation, where I am unable to remove traps agent from a windows systems, Below are the findings from this situations.
1) This perticular windows endpoint is unlicensed now meaning there is no communication between this endpoint and traps ESM server.
2) We tried removing traps using traps cleaner tool but while running this tool it says "SPROT is enabled please enter password to disabled it"
3) When we enter the password it says incorrect password (we know pssword is correct"
4)When we try to remove traps through control panel , it asks for the password and hence not accpeting the password.
5) We tried to install traps by overrighting the current installation. but during the traps setup window, The ESM server name and port number comes already hardcoded means we cant change the things which are already there.
6) This unlicensed traps is blocking a perticular pdf on the system, so evenif i whielist that pdf , those changes will not take effect untill the communication is established.
I have opened a ticket with support people, but still if anyone has any clue , Please assist.
Regards
Asif Siddiqui
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-24-2019 02:30 AM
Have you tried the default agent uninstall password? It's "Password1"
Failing that if you contact PAN support they should be able to provide you with a removal tool that will remove Traps entirely from the machine, without the need for a password.
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-27-2019 08:54 AM
Hi, @AsifSid
At the very begining: it is possbile to get rid of Traps agent without password. It needs to manual cleaning of registry (tricky part, you have to know what are you doing) and I wen thru this process with and without PANW's support.
Even if agent's services protects itself you can always boot windows in safe mode and use registry editor then just delete agent's files.
regards.
- Mark as New
- Subscribe to RSS Feed
- Permalink
05-13-2020 08:31 AM
Hi,
I have seen that in some cases, the Traps installation is not correct. In those cases, the cleaner does not work and the solution is to execute it in safe mode.
I have seen that if traps is stopped with the cytool, the you can execute the cleaner correctly. For those Endpoints that you can not access in safe mode because of different issues, you can try this.
Regards.
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-15-2022 12:08 PM
Error: "Cleaner failed to disable SPROT or the current user is not privileged"
Solution:
Open cmd.exe
cd /d C:\Program Files\Palo Alto Networks\Traps\
cytool protect disable
Go to add or remove programs and select Cortex then click "Yes" on restarting and Cortex should be removed.
- Mark as New
- Subscribe to RSS Feed
- Permalink
01-26-2023 04:57 PM
@AustinTapia thank you your steps worked for me for this error.
- Mark as New
- Subscribe to RSS Feed
- Permalink
05-24-2023 04:22 AM
Thank you. Worked for me aswell!
- Vulnerability: Microsoft Windows RPC Encrypted Data Detected Mean??? in Threat & Vulnerability Discussions
- Bulk Import Traps Endpoint Groups (feature request) in Endpoint (Traps) Discussions
- Linux Endpoints not showing up on dashboard in Endpoint (Traps) Discussions
- Traps 4.2.3 Agent install issue - anybody similar results in Endpoint (Traps) Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
