🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Red Cloak™ Endpoint Agent Uninstall

integrations endpoints red cloak secureworks edr


This section provides information on how to uninstall the Red Cloak™ Endpoint Agent from Secureworks® Taegis™ XDR.

Windows Agent

Tip

If you are migrating from the Red Cloak™ Endpoint Agent to the Windows Taegis™ Endpoint Agent, a new PowerShell script is available that uninstalls the Red Cloak™ Endpoint Agent after installing the Taegis™ Endpoint Agent. For more information, see Install Windows Taegis™ Endpoint Agent Using PowerShell Script.

Use the following instructions to remove the Red Cloak™ Endpoint Agent Windows software with or without the registry and file system intact.

Remove Red Cloak™ Endpoint Agent with Registry and File System Intact

To remove the Red Cloak™ Endpoint Agent software but leave the registry and file system intact, use Microsoft’s Add or Remove Programs feature:

Remove Red Cloak™ Endpoint Agent Including Registry and File System

To remove the Red Cloak™ Endpoint Agent software completely, including registry and file system, follow these instructions:

Uninstall the Red Cloak™ Endpoint Agent

To manually remove/uninstall Red Cloak™ Endpoint Agent from the command line, do the following:

For Red Cloak™ Endpoint Agent versions 2.1.4.0 and later:

  1. Open a command prompt.
  2. Execute the following commands:

wmic product where name="Dell SecureWorks Red Cloak" call uninstall /nointeractive

wmic product where name="Dell SecureWorks Ignition" call uninstall /nointeractive

For Red Cloak™ Endpoint Agent versions prior to 2.1.4.0:

  1. Open a command prompt.
  2. Execute the command: MsiExec.exe /x Drive:\path\redcloak.msi.

Example: msiexec.exe /x "C:\Downloads\Red Cloak\redcloak.msi

Registry Clean-up

  1. Open the Registry Editor.
  2. Open the Search dialog box by pressing F3 or clicking Edit > Find and search for red cloak; alternatively, use the following list of locations.
  3. Manually remove any entry with Red Cloak™ Endpoint Agent references found in the registry search, or the following locations:
HKLM\SOFTWARE\RedCloak
HKLM\SOFTWARE\Dell Secureworks
HKU\.DEFAULT\Software\Dell Secureworks
HKU\.DEFAULT\Dell Secureworks
HKU\S-1-5-18\Software\Dell Secureworks
HKU\S-1-5-18\Dell Secureworks
HKCU\SOFTWARE\Dell Secureworks

File System Clean-up

Delete the Dell SecureWorks folder from C:\Program Files (x86).

Linux Agent

To remove the Red Cloak™ Endpoint Agent Linux software, run the following command:

yum remove redcloak

apt-get remove redcloak

 

On this page: