Feature Improvement: Uninstall Security

We just introduced changes to PC Matic Pro and MSP to further protect your devices from cybercriminals and mischievous users. PC Matic and SuperShield can no longer be uninstalled from the control panel on each device. You are able to uninstall the software completely using three different methods outlined below.

If the device is online and has a connection to your management console:

  1. You can use the bulk uninstall option from the Devices tab (table view) by selecting devices on the left and choosing Bulk Uninstall Agent. You can also uninstall individually from the devices page by using the Agent Software Action.
  • This does not require a reboot of the device to complete, and uninstalls everything in the background without user interaction.
  • Any devices that are offline will not uninstall. You will need to resend the uninstall command once the device is online and connected.

If the devices were installed using the Device Manager through Active Directory:

  1. Navigate to the Network Devices area and use the same process to uninstall that was used to install the client.
  • This does not require a reboot of the machine and will uninstall without user interaction.

If the device won’t connect to the PC Matic console:

  1. From Options > Installer Downloads > Endpoint Uninstaller download the uninstall executable to the computer you wish to uninstall on.
  2. Note where you save the uninstaller to, as we will need to run the executable from an Administrator command prompt.
  3. Open the Admin command prompt and change directory to where the uninstaller exe is located (Ex. cd C:/Users/UserName/Desktop).
  4. Copy the command string from your uninstaller download area, paste it into the command prompt and press enter.
  • This does not require a reboot to complete.
  • The string in your management console is unique to your account and helps to protect the uninstaller from being used maliciously. It will not run without the unique string you copied from the management console.

After the uninstall is complete using any of the above methods, you can delete the device from your account.

Why did we make this change?

Cyber criminals are leveraging Remote Desktop Protocol to take control of machines either through stole credentials or brute force attacks. Once in control, the first step they take is uninstalling the antivirus software that is in place to manually run the ransomware or malware. As you know, we have implemented steps to easily turn off RDP on each machine and protect against brute force attacks by locking out accounts. However, if credentials are stolen and you are legitimately using RDP, we wouldn’t have any oversight on a cyber criminal using those stolen credentials.

With this change, the cyber criminal will attempt to uninstall through the control panel and receive a message that it is not allowed. We’re continuing to take steps to keep you secure from any security vulnerabilities that could lead to infection, even if outside our product’s protection scope. Stay tuned for more changes in the near future!

743 total views, 1 views today

(Visited 1 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.