Skip to content

Uninstall an ActZero endpoint agent

ActZero uses CrowdStrike software as part of their endpoint protection. The agents might employ Tamper Protection to prevent their unauthorized removal from an endpoint. To uninstall tamper-protected agents, contact the ActZero support team for an endpoint-specific maintenance token.

If an endpoint agent does not employ Tamper Protection, or you have received your maintenance token, you can use the following instructions to uninstall the CrowdStrike Falcon sensor and verify that it is removed.

Uninstall for Windows

Control Panel

  1. From the Windows start menu, open the Windows Control Panel.
  2. Click Uninstall a Program.
  3. Select CrowdStrike Windows Sensor, then follow the prompts to uninstall it, providing the maintenance token if requested.

Command Line

  1. Download the uninstaller from https://agent.actzero.ai/crowdstrike-uninstaller.exe.

  2. Run the following command:

    C:\> crowdstrike-uninstaller.exe /quiet

    or if you require a maintenance token

    C:\> crowdstrike-uninstaller.exe MAINTENANCE_TOKEN=<token> /quiet

  3. Delete the crowdstrike-uninstaller.exe file.

Safe Mode

Sometimes the need to remove from Safe Mode arises. In those cases extra steps are required to enable the Windows Installer Service as it is disabled while in Safe Mode or Safe Mode with Networking.

  1. Start the computer in Safe Mode or Safe Mode with Networking.
  2. Once booted into safe mode open an Administrator Command Prompt

  3. Enable the Windows Installer Service by adding the following registry key:

    REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer" /VE /T REG_SZ /F /D "Service"

    Note: If the "Network" command does not work, substitute "Network" with "Minimal":

    REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer" /VE /T REG_SZ /F /D "Service"

  4. Start the Windows Installer Service by running net start msiserver

  5. The Windows Installer Service should now be started and you can uninstall from Control Panel or by using the crowdstrike-uninstaller.exe

Uninstall for MacOS

Command Line

  1. From the command-line interface, run the following command:

    $ sudo /Applications/Falcon.app/Contents/Resources/falconctl uninstall

    or if you require a maintenance token

    $ sudo /Applications/Falcon.app/Contents/Resources/falconctl uninstall --maintenance-token

  2. Enter your administrator password when prompted.

  3. The machine uninstalls the endpoint.

Uninstall for Linux

Command Line

Uninstalling the sensor requires sudo privileges. Run these commands to uninstall the Falcon sensor from your host.

  • Ubuntu: sudo apt-get purge falcon-sensor
  • RHEL, CentOS, Amazon Linux: sudo yum remove falcon-sensor
  • SLES: sudo zypper remove falcon-sensor

Validating Uninstallation

Windows Validation

When the sensor has been uninstalled:

  • The sensor does not appear in your programs list
  • The directory C:\Windows\System32\drivers\CrowdStrike is not present
  • The registry key HKLM\System\Crowdstrike does not appear in the registry

MacOS Validation

When the sensor has been uninstalled:

  • The sensor does not appear in your Applications list
  • The /Applications/Falcon.app folder is not present

Go further



Was this documentation helpful? Please send us your feedback!