Goline Logo

FAQ

News

  • In the supply and logistics sectors, email communication is pivotal. However, organizations face threats like email fraud and phishing. GOLINE SA's clients struggled with configuring email authentication protocols manually. To address this challenge, GOLINE SA became an MSP Partner of PowerDMARC, collaborating to streamline implementation and management. PowerDMARC's cloud-based platform automated DMARC, SPF, and DKIM protocols for GOLINE SA's clients. This streamlined the transition to DMARC enforcement policies, bolstering domain protection without compromising email deliverability. The intuitive platform facilitated easy navigation and provided detailed reporting for proactive issue resolution. GOLINE SA's clients experienced tangible benefits: Enhanced Email Security: Automated protocols...
  • Route RPKI validation April 1st, 2022
    RPKI is a security framework by which network owners can validate and secure the critical route updates or Border Gateway Protocol (BGP) announcements between public Internet networks. BGP is essentially the central nervous system of the Internet and one of its fundamental building blocks. The main function of BGP is to facilitate efficient routing between Autonomous Systems (AS), by building and maintaining the Internet routing table. The Internet routing table is effectively the navigation system of the Internet and without it, traffic would be unable to flow between its constituent networks. Unfortunately, routing equipment alone cannot distinguish between legitimate and malicious routing announcements,...

ESET Agent: unable to install Agent

Davide Gandini Security 29 June 2022

Seguire questa guida:

Manually uninstall ERA components

  1. Open an Administrative Command Prompt. Click Start → All Programs → Accessories, right-click Command Prompt and then click Run as administrator. If prompted, click Yes in the User Account Control window.

    Type the following commands in to the command prompt to delete the services:

    • For the ERA Agent: sc delete EraAgentSvc
    • For the ERA Server: sc delete EraServerSvc
    • For the ERA Proxy: sc delete EraProxySvc
  2. Erase the following directories and all of the files inside the folders (these addresses are default and may be different on your system). Adjust the address according to the component you are uninstalling (Agent / Server / Proxy).

  • C:Program FilesESETRemoteAdministratorAgent

  • C:ProgramDataESETRemoteAdministratorAgent
If you changed the Destination Folder during the installation

You could have changed this address during the installation. You can retrieve this information from the Registry Editor.

  1. Run regedit and navigate to the registry key of the ERA component you want to uninstall:

    • Agent: HKEY_LOCAL_MACHINESOFTWAREESETRemoteAdministratorAgentCurrentVersionInfo
    • Server: HKEY_LOCAL_MACHINESOFTWAREESETRemoteAdministratorServerCurrentVersionInfo
    • Proxy: HKEY_LOCAL_MACHINESOFTWAREESETRemoteAdministratorProxyCurrentVersionInfo
  2. The paths are in values (on the right side of the window) AddDataDir and InstallDir

The directory ProgramData is hidden by default, you may need to enable Show hidden files under Control Panel → Folder Options → View.

  1. Open regedit (press the Windows key + R, type regedit and click OK), navigate to HKEY_LOCAL_MACHINESOFTWAREESETRemoteAdministrator and delete the appropriate registry key of the component you want to uninstall.

Use caution when editing the registry

Make only the edits specified below to the system registry. Unnecessary changes to the registry can negatively affect system performance.

Determine your UUID using wmic (recommended)

  1. Open the Command Prompt (CMD).

  2. Run the code below in the Commnad Prompt. Substitute the string Agent for Proxy or Server if you are unisntalling that component.

    WMIC Product WHERE 'Name LIKE “ESET%Agent”' GET Name, IdentifyingNumber

  3. Save the IdentifyingNumber from the response for next steps, where you use it as UUID. Continue with Remove matching registry entries.

Determine your UUID manually (alternative)

  1. Determine your installation UUID using the following method. In regedit look for string according to the product you want to uninstall (first click on the "Computer" icon in the Registry Editor window and then press Ctrl + F, as seen on the Figure 1)

  • Agent – 786A20824144DB1449FA500C3A98D88D
  • Proxy – F9CA8E30D2213F845B3D8CD400830207
  • Server – 6BBB27714D4D80B49B1A3516C272C035


Figure 1
Click the image to view larger in new window

  1. After finding the registry key (the left side of the window, as seen in Figure 2) with the searched code, look on the right side of the window and there should be a value with your UUID. The format of UUID is like 0C152732BE4C9304C928EF074263969D.


Figure 2
Click the image to view larger in new window

  1. Now transform this UUID into the Product Code. The transformation process is as following:

Reverse first 8 characters 0C152732237251C0

Reverse next 4 characters BE4CC4EB

Reverse next 4 characters 93044039

Reverse next 2 characters C99C

Reverse next 2 characters 2882

Reverse next 2 characters EFFE

Reverse next 2 characters 0770

Reverse next 2 characters 4224

Reverse next 2 characters 6336

Reverse next 2 characters 9669

Reverse next 2 characters 9DD9

In the end, add the dashes so the value looks like: 237251C0-C4EB-4039-9C82-FE70243669D9
This is your Product Code. Keep both the UUID and your Product Code in a text file so it can be used in next steps.

Remove matching registry entries

  1. Look up all entries that contain the UUID. Delete registry keys (the left side of the window, as shown in Figure 3) that contain the UUID or their name is the UUID. That there can be over 50 registry keys to delete. Be cautious, in this step do NOT delete anything inside these keys:
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInstallerFolders
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUFHARP
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall
  • HKEY_LOCAL_MACHINESOFTWAREClassesInstallerProducts


Figure 3
Click the image to view larger in new window

  1. In this step, we will use your Product Code.
    Use caution when editing the registry
    • Following registry keys must NOT be deleted!
      • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInstallerFolders
      • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUFHARP
    • Never delete keys with many sub-keys inside

In the two registry keys mentioned above, you have to look for your Product Code. Inside, delete only the value with Product Code (the right side of the Registry Editor, right-click on the value and click Delete, as seen in Figure 4). Never delete these keys.


Figure 4
Click the image to view larger in new window

  1. In the registry key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall

Find the sub-key with your Product Code and delete that subkey, as seen in Figure 5.


Figure 5

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x