Skip to main content

How to uninstall AQUILA EDR Agent

Uninstall AQUILA Agent

There are two primary methods to uninstall the AQUILA Agent on Windows:

  1. Manual Uninstallation via the Windows GUI – Navigate through the Control Panel or directly to the installation directory to initiate the uninstaller.

  2. Uninstallation via Windows PowerShell/Terminal – Execute the uninstall command using PowerShell with administrative privileges for a more direct and scriptable approach.

Uninstall Elastic Agent Manually

To manually uninstall AQUILA Agent, you can follow these steps based on your operating system:

Step 1: In your keyboard click  the windows logo. Then type "Add or remove program">hit enter.

image.png

Step 2: In the search bar type>aquila agent>navigate through "">click uninstall.

image.png

Step 3: Click "Yes" to proceed and just follow the uninstallation process.

image.png

image.png

image.png

image.png

Step 5: Manually verify successful uninstallation. Navigate to the installation directory, typically located at:

This PC > Local Disk (C:) > Program Files > Aquila Agent

Ensure that the Elastic folder is either empty or no longer present, which indicates that the Elastic Agent has been successfully removed.

Note: The file path may vary depending on your installation configuration.

image.png

Step 6: Confirm removal via Task Manager. Open Task Manager and navigate to the Services or Processes tab. Look for any entries related to AQUILA Agent. If uninstallation was successful, no AQUILA Agent services or processes should be running.

This provides additional confirmation that the agent has been fully removed from the system.

image.png

Uninstall AQUILA Agent using PowerShell

Ensure you are using an elevated PowerShell/Terminal session to allow the uninstallation to complete successfully.

Step 1: Run PowerShell/Terminal with administrative privileges, then execute the following command:

Windows:

Stop-Service "Elastic Agent"
Remove-Item -Recurse -Force "C:\Program Files\Elastic\Agent"
sc delete elastic-agent
Stop-Service "Elastic Endpoint"
Remove-Item -Recurse -Force "C:\Program Files\Elastic\Endpoint"
sc delete elastic-endpoint

Linux/macOS:

sudo systemctl stop elastic-agent
sudo systemctl disable elastic-agent
sudo rm -f /etc/systemd/system/elastic-agent.service
sudo systemctl stop elastic-endpoint
sudo systemctl disable elastic-endpoint
sudo rm -f /etc/systemd/system/elastic-endpoint.service
sudo systemctl daemon-reload

 Additional Steps

  • Unenroll the Agent: If the agent is managed by Fleet, ensure it is unenrolled before removal.

  • Backup Configuration: If needed, back up any configuration files you want to preserve before deletion.

                 

                                For more detailed instructions, you can refer to the Elastic documentation: Uninstall Elastic Agents.
 

No Comments
Back to top