Skip to main content

Unable to uninstall with tamper protection password

Updated: 

Issue

This guide provides step-by-step troubleshooting for issues where you cannot uninstall the ThreatDown endpoint agent because of an invalid or non-functional tamper protection password. Tamper protection is a security feature that requires a password to modify or remove the software, preventing unauthorized changes.

Before starting, ensure you have administrative access to the affected machine and the ThreatDown console. If the issue persists after following these steps, collect diagnostic logs and contact Support.

Symptoms

  • Tamper protection password is not being accepted after it was recently changed.
  • Previous tamper protection password is forgotten or does not work.

Resolution

Work through the following tasks in order until the issue is resolved.

Task 1: Verify online status and delete endpoint from console

If the machine is online and visible in the ThreatDown console:

  1. Log in to the console and navigate to the Endpoints page.
  2. Locate the affected endpoint and attempt to delete it directly from the console. This action bypasses local uninstall issues by removing the agent remotely.
  3. After deletion, check if the agent is successfully uninstalled on the machine. If not, proceed to the next step.

Task 2: Confirm assigned policy and password match

  1. In the ThreatDown console, click on the endpoint on the Endpoints page.
  2. Locate the policy assigned to the affected device.
  3. Go to Configure > Policies and click on that endpoint's policy.
  4. Go to the Tamper protection tab and click the show password button.
  5. Proceed to the next step to uninstall the software with the correct tamper protection password.

Task 3: Attempt uninstallation via Control Panel

  1. On the affected machine, open the Control Panel.
  2. Navigate to Programs > Programs and Features.
  3. Locate the ThreatDown Endpoint Agent in the list of installed programs.
  4. Click Uninstall.
  5. When prompted, enter the tamper protection password.
  6. If the uninstallation fails, note any error messages and proceed.

Task 4: Handle offline or corrupted machines with password changes

If the machine is offline, corrupted, or the tamper protection password was recently changed in the policy and may not have synced with the endpoint:

  1. Try using the previous tamper protection password that was in effect before the change.
  2. If the previous password is unknown or forgotten:
    1. On the affected machine, collect diagnostic logs.
    2. Contact Support for further assistance.

Still have questions?

Support is available via chat, phone or by creating a ticket. You can also use our virtual assistant for guided assistance.

Learn more