Skip to main content

How to uninstall AQUILA EDR Agent

Uninstall AQUILA Agent

There are two primary methods to uninstall the AQUILA Agent on Windows:

  1. Manual Uninstallation via the Windows GUI – Navigate through the Control Panel or directly to the installation directory to initiate the uninstaller.

  2. Uninstallation via Windows PowerShell – Execute the uninstall command using PowerShell with administrative privileges for a more direct and scriptable approach.

Uninstall Elastic Agent Manually

To manually uninstall AQUILA Agent, you can follow these steps based on your operating system:

Step 1: In your keyboard click  the windows logo. Then type "Add or remove program">hit enter.

image.png

Step 2: In the search bar type>aquila agent>navigate through "">click uninstall.

image.png

Step 3: Click "Yes" to proceed and just follow the uninstallation process.

image.png

image.png

image.png

image.png

Step 5: Manually verify successful uninstallation. Navigate to the installation directory, typically located at:

This PC > Local Disk (C:) > Program Files > Aquila Agent

Ensure that the Elastic folder is either empty or no longer present, which indicates that the Elastic Agent has been successfully removed.

Note: The file path may vary depending on your installation configuration.

image.png

Step 6: Confirm removal via Task Manager. Open Task Manager and navigate to the Services or Processes tab. Look for any entries related to AQUILA Agent. If uninstallation was successful, no AQUILA Agent services or processes should be running.

This provides additional confirmation that the agent has been fully removed from the system.

image.png

Uninstall AQUILA Agent using PowerShell

Ensure you are using an elevated PowerShell session to allow the uninstallation to complete successfully.

Step 1: Run PowerShell with administrative privileges, then execute the following command:

cd \

This will change the current working directory to the root of the current drive.

image.png

Step 2: Uninstall Elastic Endpoint from the root directory. Once you have navigated to the root of the system drive (e.g., C:\), run the following command to initiate the uninstallation of Elastic Endpoint:

Windows:

Stop-Service elastic-agent
Remove-Item -Recurse -Force "C:\Program Files\Elastic\Agent"
sc delete elastic-agent
Stop-Service elastic-endpoint
Remove-Item -Recurse -Force "C:\Program Files\Elastic\Endpoint"
sc delete elastic-endpoint

Linux:

Stop-Service elastic-agent
Remove-Item -Recurse -Force "C:\Program Files\Elastic\Agent"
sc delete elastic-agent
Stop-Service elastic-endpoint
Remove-Item -Recurse -Force "C:\Program Files\Elastic\Endpoint"
sc delete elastic-endpoint

macOS:

Stop-Service elastic-agent
Remove-Item -Recurse -Force "C:\Program Files\Elastic\Agent"
sc delete elastic-agent
Stop-Service elastic-endpoint
Remove-Item -Recurse -Force "C:\Program Files\Elastic\Endpoint"
sc delete elastic-endpoint

Stop-Service elastic-agent
Remove-Item -Recurse -Force "C:\Program Files\Elastic\Agent"
sc delete elastic-agent
Stop-Service elastic-endpoint
Remove-Item -Recurse -Force "C:\Program Files\Elastic\Endpoint"
sc delete elastic-endpoint

 Additional Steps

  • Unenroll the Agent: If the agent is managed by Fleet, ensure it is unenrolled before removal.

  • Backup Configuration: If needed, back up any configuration files you want to preserve before deletion.

                 

                                For more detailed instructions, you can refer to the Elastic documentation: Uninstall Elastic Agents.
 

Back to top