Red Cloak Endpoint Agent Uninstall

integrations endpoints red cloak secureworks edr

This section provides information on how to uninstall the Red Cloak™ Endpoint Agent from Secureworks® Taegis™ XDR.

Windows Agent ⫘

Tip

If you are migrating from the Red Cloak Endpoint Agent to the Windows Taegis Endpoint Agent, a new PowerShell script is available that uninstalls the Red Cloak Endpoint Agent after installing the Taegis Endpoint Agent. For more information, see Install Windows Taegis Endpoint Agent Using PowerShell Script.

Use the following instructions to remove the Red Cloak Endpoint Agent Windows software with or without the registry and file system intact.

Remove Red Cloak Endpoint Agent with Registry and File System Intact ⫘

To remove the Red Cloak Endpoint Agent software but leave the registry and file system intact, use Microsoft’s Add or Remove Programs feature:

For Red Cloak Endpoint Agent version 2.1.4.0 and later, remove both Dell SecureWorks Red Cloak Endpoint Agent and Dell SecureWorks Ignition.
For Red Cloak Endpoint Agent versions prior to 2.1.4.0, remove Dell SecureWorks Red Cloak Endpoint Agent.

Remove Red Cloak Endpoint Agent Including Registry and File System ⫘

To remove the Red Cloak Endpoint Agent software completely, including registry and file system, follow these instructions:

Uninstall the Red Cloak Endpoint Agent ⫘

To manually remove/uninstall Red Cloak Endpoint Agent from the command line, do the following:

For Red Cloak Endpoint Agent versions 2.1.4.0 and later:

Open a command prompt.
Execute the following commands:

wmic product where name="Dell SecureWorks Red Cloak" call uninstall /nointeractive

wmic product where name="Dell SecureWorks Ignition" call uninstall /nointeractive

For Red Cloak Endpoint Agent versions prior to 2.1.4.0:

Open a command prompt.
Execute the command: MsiExec.exe /x Drive:\path\redcloak.msi.

Example: msiexec.exe /x "C:\Downloads\Red Cloak\redcloak.msi

Registry Clean-up ⫘

Open the Registry Editor.
Open the Search dialog box by pressing F3 or clicking Edit > Find and search for red cloak; alternatively, use the following list of locations.
Manually remove any entry with Red Cloak Endpoint Agent references found in the registry search, or the following locations:

HKLM\SOFTWARE\RedCloak
HKLM\SOFTWARE\Dell Secureworks
HKU\.DEFAULT\Software\Dell Secureworks
HKU\.DEFAULT\Dell Secureworks
HKU\S-1-5-18\Software\Dell Secureworks
HKU\S-1-5-18\Dell Secureworks
HKCU\SOFTWARE\Dell Secureworks

File System Clean-up ⫘

Delete the Dell SecureWorks folder from C:\Program Files (x86).

Linux Agent ⫘

To remove the Red Cloak Endpoint Agent Linux software, run the following command:

For Fedora based distributions (i.e. CentOS)

yum remove redcloak

For Debian based distributions (i.e. Ubuntu)

apt-get remove redcloak