Uninstall cylance protect

Uninstall cylance protect DEFAULT

Cyberforce Security


To uninstall the CylancePROTECT Agent on a Windows-based system, use the Add/Remove Programs feature or use the Command Line (CMD).

Note: If Device Control has been enabled at any point prior to uninstalling the Agent, Windows Installer will prompt for a reboot when the Agent is uninstalled using Add/Remove Programs and force a reboot when the Agent is uninstalled using the Command Line (CMD) quiet, hidden or passive commands. It is recommended to include the norestart command if the quiet, hidden, or passive commands are being used.

Note: The Agent uses Windows Installer (msiexec) to uninstall. There may be events, unrelated to the Agent, that require Windows Installer to reboot the system. If one of these events happens during a session when the Agent is uninstalled, then the system must be rebooted.

Uninstalling the Agent on the device does not remove the device from the Console. You must manually remove the device from the Device tab in the Console.


Add / Remove Programs



  1. Select Start > Control Panel.

  2. Click Uninstall a Program. If you have Icons selected, instead of Categories, then click Programs and Features.

  3. Select CylancePROTECT, then click Uninstall.


Command Line



  1. Select Start, then type cmd in the Search field.

  2. Right-click cmd.exe, then select Run as administrator.

  3. Use the following commands, based on the installation package used to install the Agent.


CylancePROTECT_x64.msi




  • Standard uninstall: msiexec /uninstall CylancePROTECT_x64.msi


  • Windows Installer: msiexec /x CylancePROTECT_x64.msi


CylancePROTECT_x86.msi




  • Standard uninstall: msiexec /uninstall CylancePROTECT_x86.msi


  • Windows Installer: msiexec /x CylancePROTECT_x86.msi


Product ID GUID




  • Standard uninstall: msiexec /uninstall {2E64FC5C-9286-4A31-916B-0D8AE4B22954}


  • Windows Installer: msiexec /x {2E64FC5C-9286-4A31-916B-0D8AE4B22954}


The following commands are optional:




  • For quiet uninstall: /quiet


  • For quiet and hidden: /qn


  • For displaying a progress bar with no interactive prompts: /passive


  • For preventing a restart after uninstalling: /norestart



Note: If Device Control has been enabled at any point prior to uninstalling the Agent, Windows Installer will force a reboot when the Agent is uninstalled using the Command Line (CMD) quiet, hidden or passive commands. It is recommended to include the norestart command if the quiet, hidden, or passive commands are being used.




  • For password protected uninstall: UNINSTALLKEY=<password>


  • For uninstall log file: /Lxv* <path>
    This creates a log file at the designated <path>, include the filename. Example: c:\Temp\CyUninstall.log


CylancePROTECTSetup.exe



  • CylancePROTECTSetup.exe /uninstall


The following commands are optional:




  • For quiet uninstall: /quiet


  • For password protected uninstall: UNINSTALLKEY=<password>


  • For uninstall log file: /l <path>
    This creates a log file at the designated <path>, include the filename. Example: C:\Temp\CyUninstall.log.
    This creates an additional log file at the designated path named <filename>_000_CylanceProtectSetup_Release_x<version>.msi.txt. Example: Uninstall_000_CylanceProtectSetup_Release_x64.msi.txt


  • For deletion of quarantine directory: QUARANTINEDISPOSETYPE=<value>

    • 0: deletes all files and removes the q directory (default)

    • 1: restores all files




Example:
CylancePROTECTSetup.exe /quiet /l C:\Temp\CyUninstall.log QUARANTINEDISPOSETYPE=1 UNINSTALLKEY=<password> /uninstall

More information about Windows uninstall:


http://windows.microsoft.com/en-us/windows/uninstall-change-program#uninstall-change-program=windows-7




To uninstall the CylancePROTECT Agent on a MacOS-based system, use the Applications > Cylance > Uninstall CylancePROTECT.app program or the command line (Terminal).



Command Line, Without Password


sudo /Applications/Cylance/Uninstall\ CylancePROTECT.app/Contents/MacOS/Uninstall\ CylancePROTECT



Command Line, With Password


sudo /Applications/Cylance/Uninstall\ CylancePROTECT.app/Contents/MacOS/Uninstall\ CylancePROTECT --password=thisismypassword



Command Line, Forgotten Password


1. Stop the service


sudo launchctl unload /Library/LaunchDaemons/com.cylance.agent_service.plist


2. Delete the values.xml file


sudo rm /Library/Application\ Support/Cylance/Desktop/registry/LocalMachine/Software/Cylance/Desktop/values.xml


3. Re-run uninstaller
sudo /Applications/Cylance/Uninstall\ CylancePROTECT.app/Contents/MacOS/Uninstall\ CylancePROTECT



Command Line, Silent Uninstall


sudo /Applications/Cylance/Uninstall\ CylancePROTECT.app/Contents/MacOS/Uninstall\ CylancePROTECT --noui



To uninstall the CylancePROTECT Agent on RHEL / CentOS based systems, use the command line (Terminal).


rpm -e CylancePROTECT CylancePROTECTUI

  or


rpm -e $(rpm -qa | grep -i cylance)


To uninstall the CylancePROTECT Agent on Ubuntu / Xubuntu based systems, use the command line (Terminal).


dpkg -P cylance-protect cylance-protect-ui

About Require Password to Uninstall Agent


Organizations can set a password to uninstall the Agent from a device. This prevents uninstalling the Agent unless the password is provided during the uninstall process. Password protecting the Agent uninstall is set in the Console (Settings > Application > Require Password to Uninstall Agent).

Note: If you installed the Windows Agent using the EXE and the Agent uninstall is password protected, then you must use the Command Line to uninstall the Agent. Include the password in the command using UNINSTALLKEY=<password>.


About Prevent Service Shutdown from Device


Organizations can enable Prevent service shutdown from the device in a policy that protects the Cylance Service from being shut down either manually or from another process. (Settings > Device Policy > [select a policy] > Protection Settings)

Note: If Prevent service shutdown from device is enabled, the Agent cannot be uninstalled.

Sours: https://cyberforcesecurityhelp.freshdesk.com/support/solutions/articles/44001409183-faq-how-to-uninstall-cylance

Uninstall

BlackBerry Protect Desktop

and

BlackBerry Optics

  • If

    Require Password to Uninstall Agent

    (Settings > Application) is enabled, you will need to uninstall using the command line. Make sure you have the password to uninstall and if the password contains an "&" character, the password must be the final parameter or errors may occur (for example: CylanceUnifiedSetup_x64.msi /uninstall /quiet UNINSTALLKEY=asdf&).
  • If

    Prevent Service Shutdown from Device

    (Settings > Device Policy > Protection Settings) is enabled, either disable it in the policy or apply a different policy to the devices from which you want to uninstall the agent. Another method is to delete the device from the console and then restart the device (Application Control must be disabled).This should unregister the device and allow you to uninstall the agent.
Sours: https://docs.blackberry.com/en/unified-endpoint-security/blackberry-protect-desktop/latest/blackberry-protect-desktop-installation-guide/Unified_Windows_Installer/Unified_Agent_Uninstall
  1. Xbox rechargeable batteries
  2. 24 inch wooden bowl
  3. 2003 dodge durango
  4. Diy sulky for mower
  5. G35 horsepower coupe

Cyberforce Security

This article presents instructions for removing CylancePROTECT from Windows in a worst-case-scenario. This includes situations in which access to the console is no longer possible. It works even if the policy was previously set to not allow service shutdown and an unknown uninstall password was set. In the case where automation is required for mass uninstall, the information here should be adapted and customized for the environment. The solution provided here is based on a solution originally provided by Cylance which has been modified by Cyberforce.

Disclaimer:

Use at your own risk. This solution does not provide any guarantee.

Tested on:

Microsoft Windows 10 Enterprise

Agent 2.1.1560

Prerequisites:
Administrator account
https://download.sysinternals.com/files/PSTools.zip (optional)
CylanceCleanupTool-v0.1.0.5.zip

Steps:

1. Stop the Cylance Service

Option A (uses psexec for SYSTEM privileges)

i) Unzip pstools

ii) Open command prompt as administrator

iii) Navigate to the pstools directory

iv) Run this command: psexec -accepteula -h -s sc config cylancesvc start= disabled

v) Reboot

Option B (without psexec)

i) Open regedit and right click on the HKEY_LOCAL_MACHINE\SOFTWARE\Cylance\Desktop folder
ii) Select Permissions>Advanced>Owner
iii) Change the Current Owner from System to an Administrator
iv) Select "Replace owner on subcontainers and objects", click Apply, then click OK
v) In the Security Tab, Click on Administrators
vi) Enable Full Control for Administrators, click Apply, then click OK.
vii) Delete the registry key called "LastStateRestorePoint"
viii) Add a DWORD32 bit value key called "SelfProtectionLevel" and set the value to 1
ix) Reboot
x) You should now be able to stop the Cylance service: sc stop cylancesvc

2. Run CylanceCleanupTool

a) Unzip CylanceCleanupTool-v0.1.0.5.zip and change to the resulting directory

b) Right click customized-CylanceCleanupTool.bat and run as administrator. (Be sure to use the customized version)

3. Check the following to verify the uninstall was successful:

  • CylancePROTECT should not show up under Programs and Features
  • CylancePROTECT should not show up on the taskbar
  • C:\Program Files\Cylance should no longer exist
  • C:\programdata\Cylance should no longer exist
  • C:\Windows\System32\drivers\CyProtectDrv64.sys should no longer exist

Files Attached Here:

  • customized-CylanceCleanupTool-v0.1.0.5.zip - Contains the files shown below
    • CylanceCleanupTool.txt - Documentation from Cylance
    • customized-CylanceCleanupTool.bat - Custom version of CylanceCleanupTool.bat modified by Cyberforce which ultimately calls CyCleanupSvc.exe
    • CylanceCleanupTool.bat - Old version of script from Cylance
    • CyCleanupSvc.exe - Cylance's cleanup tool
    • CyCleanupSvc.exe.config - Dependency

References:

(These links require login credentials)

https://support.cylance.com/s/article/Modifying-the-Self-Protection-on-CylancePROTECT46

https://support.cylance.com/s/article/Unified-Driver-Cylance-Cleanup-Tool

https://support.cylance.com/s/article/ka0440000000rLx/Unable-to-Stop-or-Start-the-CylancePROTECT-service91

https://support.cylance.com/s/article/Identifying-the-proper-GUID-string-to-use-for-Windows-uninstallsExample:

Sours: https://cyberforcesecurityhelp.freshdesk.com/support/solutions/articles/44002036687-manual-removal-of-cylanceprotect

adamalbers/Install-SentinelOne.ps1

$siteToken="aaaaabbbbbcccccddddd"$url="https://path/to/sentinel/installer.exe"$installerPath="$Env:Temp\sentinelInstaller.exe"# Attempt to uninstall any existing Cylanceif ((Get-Service CylanceSvc -ErrorAction Silently Continue)) {$cylanceGUID=Get-WmiObject-Class win32_Product |Where-Object {$_.Name-match"Cylance PROTECT"} |Select-Object-ExpandProperty IdentifyingNumberStart-Process-FilePath "$Env:systemroot\system32\msiexec.exe"-ArgumentList "/x $cylanceGUID /qn /norestart /L*v $Env:Temp\cylance-uninstall.log"-Wait}Invoke-WebRequest-Uri $url-OutFile $installerPathif (!(Get-Service SentinelAgent -ErrorAction SilentlyContinue)) {Start-Process-FilePath $installerPath-ArgumentList "/SITE_TOKEN=$siteToken /SILENT"}Exit0
Sours: https://gist.github.com/adamalbers/ce5cde33397dccc952e0d0c446ef3868

Protect uninstall cylance

To uninstall Cylance Smart Antivirus on a Windows 7 system:

  1. Select Start > Control Panel.
  2. Click Uninstall a Program. If you have Icons selected instead of Categories, click Programs and Features to see Uninstall a Program.
  3. Select Cylance Smart Antivirus.
  4. Then click Uninstall.
  5. For Modify Setup, click Uninstall.

Click to see full answer


Keeping this in consideration, how do I disable Cylance protection?

To turn off Cylance notifications, click on the Cylance Protect icon in the taskbar (located top left of screen), and uncheck the “Show Notifications” button.

Subsequently, question is, what is Cylance protect? Cylance Inc. is a software firm that develops antivirus programs and other kinds of computer software that prevent, rather than reactively detect, viruses and malware. The company's mission is to block computer viruses or malware before they have an effect on a user's computer.

Similarly, how do I remove CylancePROTECT without password?

Uninstall Cylance AV without a password

  1. Open Regedit.
  2. Go to ComputerHKEY_LOCAL_MACHINESoftwareCylanceDesktop.
  3. Take ownership of “Desktop”
  4. Delete “LastStateRestorePoint”
  5. New DWORD : SelfProtectionLevel, set to 1.
  6. Do NOT reboot the machine, it'll reset the registry.
  7. Uninstall Cylance.

Why is Cylance in offline mode?

Offline Mode indicates the Cylance Smart Antivirus Agent installed on your system is not able to contact your Dashboard. The Agent must be able to reach the management console (Dashboard) in order to report status updates and receive policy updates.

Sours: https://findanyanswer.com/how-do-i-get-rid-of-cylance-protection
How to Uninstall SEP Client When You Cannot Uninstall It Through the Control Panel?

Knowledge Base

Note: Uninstalling Cylance Smart Antivirus on a device does not remove it from your Cylance Dashboard. You must manually remove the device from the Dashboard.

Complete the following steps to uninstall Cylance Smart Antivirus on a Windows 7 system:

  1. Select Start > Control Panel.
  2. Click Uninstall a Program. If you have icons selected instead of categories, click Programs and Features prior to this step.
  3. Select Cylance Smart Antivirus.
  4. Click Uninstall. If User Account Control (UAC) is enabled, click Yes to continue to uninstall. 
  5. For Modify Setup, click Uninstall.
  6. When the process completes, click Close.

Note: You can also attempt to uninstall via Command line. Open the Command line as an administrator and run the following command:

msiexec /x {2E64FC5C-9286-4A31-916B-0D8AE4B22954}


Complete the following steps to uninstall Cylance Smart Antivirus on a Windows 8.1 or 10 system:

  1. Right-click the Start icon in the lower-left corner.
  2. Click Apps and Features. A list of applications installed on your system display. If you do not see Apps, click System Apps & features
  3. Select Cylance Smart Antivirus.
  4. Click Uninstall. If User Account Control (UAC) is enabled, click Yes to continue uninstalling.
  5. For Modify Setup, click Uninstall.
  6. When the process completes, click Close.

Complete the following steps to uninstall Cylance Smart Antivirus on a Mac OS X and macOS system: 

  1. Open Spotlight Searchand search for Uninstall CylancePROTECT.
  2. Press Enter. You are prompted to uninstall Cylance. Click Yes.
  3. You are prompted for your device password. Input your password and select OK.


Note: Depending on your macOS version and system permissions, the method described above may not be available. 


Alternatively, complete the following steps to uninstall Cylance Smart Antivirus on a macOS or Mac OS X system: 

  1. Open the Terminal application by searching for Terminal in Spotlight Search.
  2. Type the following:
sudo launchctl unload /Library/LaunchDaemons/com.cylance.agent_service.plist

Note: The system prompts you for your device password and does not display it on the screen when you're typing. Trust that you're typing the correct password and press Enter.

  1. Type the following:
sudo rm /Library/Application\ Support/Cylance/Desktop/registry/LocalMachine /Software/Cylance/Desktop/values.xml
  1. Type the following:
sudo /Applications/Cylance/Uninstall\ CylancePROTECT.app//Contents/MacOS/Uninstall\CylancePROTECT
  1.  Run the uninstaller again:

sudo /Applications/Cylance/Uninstall\ CylancePROTECT.app/Contents/MacOS/Uninstall\ CylancePROTECT


Your Terminal window should appear similar to the following: 

User-added image

  1. These instructions should allow you to successfully uninstall Cylance Smart Antivirus by using your device administrator password as the password.

Back to top ↑

Sours: https://support.blackberry.com/kb/articleDetail?articleNumber=000067243&language=en_US

You will also be interested:

Hi Guys,

Does anyone know how to uninstall Cylance without the password?

We experienced and thanks to good backups, quickly recovered from a ransomware attack a while ago and after reviewing our endpoint protection solution, we decided on TrendMicro Office scan  and deep security especially since it clearly shows how they deal with ransomware especially in event of an incident.
Issue now is, while there's an ongoing debate with our external helpdesk provider mostly against removing the AV product they support, my users are suffering because everything including logging in to external applications is slow. Besides looking into our AD environment (which I'm scared of touching & needs a serious cleanup job), the only other thing I can do is remove cylance since the only difference before and after the attack is 2 antivirus solutions on each system. Shouldn't make any difference since I installed Trendmicro in coexist mode, however there is way too many errors resulting from cylance quarantine folders and unable to clean since the file it detected actually doesn't exist when I follow up with the logs.

I feel like if I can get rid of cylance, clear the errors in office scan, maybe there will be some improvement.. If not then I'll move on to troubleshooting the dreaded active directory.


Best Answer

Ronny N.

Serrano

OP

This was from our MSP.  We had deleted the endpoint in our Cylance dashboard, so it wasn't available to use Add/Remove Programs from the Windows control panel.  This is the solution that worked for us.  (Be sure to backup your registry first before attempting...)

An offline device that cannot access the console to make changes to the Self Protection Level or Prevent Service Shutdown settings, changes will need to be made manually to the registry to help uninstall the product.

You will first need to take ownership of the Cylance registry hive on the device:

Right Click on HKEY_LOCAL_MACHINE\SOFTWARE\Cylance\Desktop folder. Click on Advanced Click on Owner Tab Change the Current Owner from System to a Domain Administrator Select "Replace owner on subcontainers and objects" Click Apply, Then Click OK In the Security Tab, Click on Administrators Enabled Full Control for Administrators Click Apply, Then Click OK.

Then you will need to delete the registry key called "LastStateRestorePoint"

Then add a DWORD32 to HKEY_LOCAL_MACHINE\SOFTWARE\Cylance\Desktop called

"SelfProtectionLevel" and set the value to 1
Then reboot the device. Once the device is back up, you should be able to stop the Cylance service manually and proceed with the uninstall.

A command line uninstall option you can use is: msiexec /x {2E64FC5C-9286-4A31-916B-0D8AE4B22954}

View this "Best Answer" in the replies below »

16 Replies

· · ·

Armand4721

Pimiento

OP

Okay 

1st. You should never have 2 antivirus on the same system or network because as you have experienced it slows everything down. Even if a antivirus thinks its going to be cool and tell you "I can be installed in Coexist mode" that mite be true for that antivirus but not necessarily for the other antivirus, so therefor research has to be done about both antiviruses in correlation to Coexist mode. The 2 Antiviruses are scanning the same files and are competing for supremacy and causing the entire network to suffer. 

2nd Every Service provider will push there own product (AV in this case) because that means they make money doesn't mean they are right or wrong just means they are thinking about making money be firm with them.

3rd If this is a case of them not giving you the password to remove the AV you have many tools to remove it without it as an example the one I usually use that works well for me REVO UNINSTALLER (FREEWARE). Either way in IT we have to put the client first and atm your client is suffering because of the Service Provider. So if you have your other AV in place or ready to install plus licenses and confirmation from your client then go ahead and remove the AV you wish to Remove and let the Service provider continue on with there ranting at that point its not your problem anymore or at least shouldn't be.

Hope this helps

1

· · ·

SSmith207

Thai Pepper

OP

Michael,

From our experience, Trend Micro is really heavy on the system and can cause his type of issue alone. Trend may have a coexist mode, however, Cylance does not and would need to have folders excluded so it doesn’t interfere with Trend. Also, there are a list of folders that should be excluded in Trend to allow them to work together.

Memory protection in both Trend and Cylance can cause slow apps and slow systems overall. I’d be happy to talk with you about troubleshooting Cylance and getting this worked out.

It sounds like there are a lot of pieces of info missing in your post that would need to be considered before just removing Cylance.

We sell a few next-gen AV solutions and have had really great results (no infections) so far. We did however blow holes in almost every other solution out there and combine that with massive amounts of system resource utilization it makes it hard to recommend keeping both installed.

Edited Feb 12, 2019 at 19:54 UTC

2

· · ·

Jeff_D

Thai Pepper

OP

You can try this: 

Text

Launch a Elevated Command Prompt as Admin 2. Copy this path into the command prompt: wmic path win32_product WHERE (CAPTION LIKE "%%CYLANCE%%") call uninstall 3. Now go to Add/Remove Porgrams and remove anyting still listed within there that pertains to Dell Protection or Cylance Agent 4. Restart your computer

1

· · ·

Ronny N.

Serrano

OP

Best Answer

This was from our MSP.  We had deleted the endpoint in our Cylance dashboard, so it wasn't available to use Add/Remove Programs from the Windows control panel.  This is the solution that worked for us.  (Be sure to backup your registry first before attempting...)

An offline device that cannot access the console to make changes to the Self Protection Level or Prevent Service Shutdown settings, changes will need to be made manually to the registry to help uninstall the product.

You will first need to take ownership of the Cylance registry hive on the device:

Right Click on HKEY_LOCAL_MACHINE\SOFTWARE\Cylance\Desktop folder. Click on Advanced Click on Owner Tab Change the Current Owner from System to a Domain Administrator Select "Replace owner on subcontainers and objects" Click Apply, Then Click OK In the Security Tab, Click on Administrators Enabled Full Control for Administrators Click Apply, Then Click OK.

Then you will need to delete the registry key called "LastStateRestorePoint"

Then add a DWORD32 to HKEY_LOCAL_MACHINE\SOFTWARE\Cylance\Desktop called

"SelfProtectionLevel" and set the value to 1
Then reboot the device. Once the device is back up, you should be able to stop the Cylance service manually and proceed with the uninstall.

A command line uninstall option you can use is: msiexec /x {2E64FC5C-9286-4A31-916B-0D8AE4B22954}

5

· · ·

P.Pardus

Chipotle

OP

Armand4721 wrote:

Okay 

1st. You should never have 2 antivirus on the same system or network because as you have experienced it slows everything down. Even if a antivirus thinks its going to be cool and tell you "I can be installed in Coexist mode" that mite be true for that antivirus but not necessarily for the other antivirus, so therefor research has to be done about both antiviruses in correlation to Coexist mode. The 2 Antiviruses are scanning the same files and are competing for supremacy and causing the entire network to suffer. 

2nd Every Service provider will push there own product (AV in this case) because that means they make money doesn't mean they are right or wrong just means they are thinking about making money be firm with them.

3rd If this is a case of them not giving you the password to remove the AV you have many tools to remove it without it as an example the one I usually use that works well for me REVO UNINSTALLER (FREEWARE). Either way in IT we have to put the client first and atm your client is suffering because of the Service Provider. So if you have your other AV in place or ready to install plus licenses and confirmation from your client then go ahead and remove the AV you wish to Remove and let the Service provider continue on with there ranting at that point its not your problem anymore or at least shouldn't be.

Hope this helps

Yeah, I think we all know about 1 and 2, it can be as bad as BSOD and systems never booting, which is why I tested first with several different systems and double-checked with the AV Vendor before doing what I did...  I requested for the uninstall even before I finished with configuring the new AV policies on the dashboard so was hoping to have a couple of hours to a day between installing the new one and uninstalling the old... I didn't plan to have any time in-between where there is no protection whatsoever after what's just happened.

I've also tried iobit uninstaller as well as iobit unlocker, now tried revo uninstaller. Neither of them worked.

0

· · ·

P.Pardus

Chipotle

OP

Sadly this didn't work

Batchfile

C:\Windows\system32>wmic path win32_product WHERE (CAPTION LIKE "%%CYLANCE%%") call uninstall Executing (\\LS-BRQ4P52\root\cimv2:Win32_Product.IdentifyingNumber="{2E64FC5C-9286-4A31-916B-0D8AE4B22954}",Name="Cylance PROTECT",Version="1.2.1400.39")->uninstall() Method execution successful. Out Parameters: instance of __PARAMETERS { ReturnValue = 1603; };

Cylance was still sitting nicely :(

0

· · ·

P.Pardus

Chipotle

OP

Ronny N. wrote:

This was from our MSP.  We had deleted the endpoint in our Cylance dashboard, so it wasn't available to use Add/Remove Programs from the Windows control panel.  This is the solution that worked for us.  (Be sure to backup your registry first before attempting...)

An offline device that cannot access the console to make changes to the Self Protection Level or Prevent Service Shutdown settings, changes will need to be made manually to the registry to help uninstall the product.

You will first need to take ownership of the Cylance registry hive on the device:

Right Click on HKEY_LOCAL_MACHINE\SOFTWARE\Cylance\Desktop folder. Click on Advanced Click on Owner Tab Change the Current Owner from System to a Domain Administrator Select "Replace owner on subcontainers and objects" Click Apply, Then Click OK In the Security Tab, Click on Administrators Enabled Full Control for Administrators Click Apply, Then Click OK.

Then you will need to delete the registry key called "LastStateRestorePoint"

Then add a DWORD32 to HKEY_LOCAL_MACHINE\SOFTWARE\Cylance\Desktop called

"SelfProtectionLevel" and set the value to 1
Then reboot the device. Once the device is back up, you should be able to stop the Cylance service manually and proceed with the uninstall.

A command line uninstall option you can use is: msiexec /x {2E64FC5C-9286-4A31-916B-0D8AE4B22954}

This worked great.
Thanks a bunch.

Now I need to figure out how to turn this into a script.. About 188 systems currently have both Cylance and Trend Micro.

0

· · ·

Brianinca

Ghost Chili

OP

Have you done any testing to see if this solves your problem? I'm skeptical that it will. I've run Cylcance and Sophos Central/Cloud side by side for ~three years, prior to Intercept X/Hitman Pro being available. I've had essentially zero problems with coexistence, and while Cylance does most of the heavy lifting I've had good results with web filtering/ad blocking and zapping the occasional .js cryptomining code with Sophos. Standard computer config is i5/8GB/128GB SSD, nothing special, performance not an issue.

Slow logins to external applications is simply NOT something Cylance would have anything to do with, it doesn't add up.

0

· · ·

P.Pardus

Chipotle

OP

Brianinca wrote:

Have you done any testing to see if this solves your problem? I'm skeptical that it will. I've run Cylcance and Sophos Central/Cloud side by side for ~three years, prior to Intercept X/Hitman Pro being available. I've had essentially zero problems with coexistence, and while Cylance does most of the heavy lifting I've had good results with web filtering/ad blocking and zapping the occasional .js cryptomining code with Sophos. Standard computer config is i5/8GB/128GB SSD, nothing special, performance not an issue.

Slow logins to external applications is simply NOT something Cylance would have anything to do with, it doesn't add up.

Nothing special? SSD goes a long way to help performance and 99% of our computers are spinning disks.

Sounds like you manage your security solution yourself... Or at least you have some visibility to what's happening on your endpoints when it comes to malware and the likes. Couldn't get that access with the MSP since it's same dashboard for all their clients.. Not to say this would have been prevented, but sure helps to know what's happening.

Had to edit this severally to keep it short and stay on topic:
I have another post here but this one was just about figuring out how to remove Cylance without the password, while other things gets figured out.

I started looking at the antivirus because I noticed 4 computers that came back after deploying Trendmicro, had Eset, Cylance and trend micro, they were so slow you can't get past the login screen without safemode. Eset is the AV the MSP sold us when we started with them, then discontinued support for it and switched us to Cylance just over a year ago. Why some of our computers still had ESET, I have no idea. Anyways, they helped me remove ESET as well as Cylance on those computers and they were back to normal.
The thing is, we haven't had a great relationship with the MSP since we started with them, it's like one step forward three steps back.. The entire team that's supposed to be experts in all things regarding our company as well as the guys to escalate to have been replaced at least 3 times in the 2+ years we've been with them.. And it doesn't help that you get entirely new set of level 1 techs on the phone every couple of months... My boss have gradually limited their access to various things because of some major screw-ups, vmware, gsuite, firewalls, some sensitive servers.... Bringing us to the AV, if I have to work 5am to 3am to get things back to normal because if a hugely wide spread malware issue... Granted I got help from their AD expert installing removing one DC and installing the other from scratch, but at this point, doesn't it make more sense to run and manage our own AV solution? 

To answer your question, removing Cylance from the ones that had just Cylance and Trend Micro  seem to have helped, but it was near end of day so will see what they say after their early morning rush.

About the slow logins, I expect to have to do more work to get that sorted out between the AD servers and TrendMicro, this issue the users report starting after the recovery from the malware and the only changes since was the AV and the new DC.

We can talk about these other issues in the other post.

0

· · ·

P.Pardus

Chipotle

OP

Confirmed today from 5 users that their computers have been working better since Cylance was removed...

0

· · ·

spicehead-d4fh8

Pimiento

OP

Cylance Protectleft over from crooked MSP. Unable to remove.

 Registry would not let me take ownership of hive. 

REVO would not uninstall as advertised.

0

· · ·

Simpuhl

Poblano

OP

I used SetACL to do this all via command line

C:\SetACL.exe -on "HKLM\SOFTWARE\Cylance\Desktop" -ot reg -actn setowner -ownr "n:Administrators"
C:\SetACL.exe -on "HKLM\SOFTWARE\Cylance\Desktop" -ot reg -actn ace -ace n:Administrators;p:full

REG ADD "HKLM\SOFTWARE\Cylance\Desktop" /f /v SelfProtectionLevel /t REG_DWORD /d 1

Reboot Machine

MsiExec.exe /qn /norestart /X{3138EAD3-700B-4A10-B617-B3F8096EE30D}

0

· · ·

moises531

Pimiento

OP

Hello just a quick update with my installation the setacl does not work (access denied) nor the reg add

0

· · ·

joshschiller

Pimiento

OP

Did you look at task manager to see what process was utilizing the CPU or memory? Cylance is extremely light weight. In my experience, trend micro really slows down systems especially with any definition updates. With Cylance, you can whitelist files don’t they don’t quarantined. Cylance is a much better AV solution than Tren Micro.

1

· · ·

spicehead-9ikut

Pimiento

OP

If any of the other solutions on this post didn't work for you, I have one more thing you can try. 

I believe you will need to be logged in as the administrator for this to work. 

Path to the installation folder, mine was located at C:\Program Files\Cylance. Go into the folder and look for the .exe file that launches the application (I think it was just Cylanceprotect.exe but I'm not entirely sure because I just deleted mine). Right click on the file and go to Properties, then slick the Security tab. The problem for me was that the user profile I was logged into only had permission Read or Read & execute, while all the other boxes were greyed out. The SYSTEM owned the folder and had Full Control of everything. 

To change this, click on the Advanced button, then click Change next to where it says Owner (which for me was SYSTEM). Now it should be asking you to select a user or group. Click the Advanced button. Then click Find Now and select the administrative account that you are using (I simply went down to Users). Select the account and click OK and it should populate into the white box that says Enter the Object Name to Select(examples). Click Ok again. It should pop up with a message telling you to close and open properties again for this change to show up. Click through the messages saying ok until they are closed, then right click on the file again, go to Properties, Security, then you should be able to edit the rights of your profile to Full Control. Once this is done, you should be able to successfully remove the application via Add/Remove programs. 

Best of luck 

0

Sours: https://community.spiceworks.com/topic/2146468-uninstall-cylance-without-password


199 200 201 202 203