Uninstalling Protect and removing Protect policies

In some instances, if you decide to uninstall Protect, you may need to disable associated firewall policies and SRP rules to ensure they are cleanly removed from endpoints. Consult with your TAM to determine if this is required. If so, you will need to deploy actions including the following two packages that were created when Protect was installed:

  • Disable Tanium Protect Software Restriction Policies
  • Remove Protect Firewall Rules

In order to complete a clean uninstall and removal of Protect policies, you must uninstall Protect before disabling the associated firewall policies and SRP rules.

How to uninstall Protect

The following procedure will guide you through removing the Protect workbench and uninstalling the service from the Tanium Module Serverâ„¢. See How to disable and remove Protect policies for the procedure to deploy actions for the two specific packages required to remove content associated with Protect after you have uninstalled Protect.

To uninstall Protect

  1. Click the main navigation icon in the upper left corner and select Tanium Solutions.
  2. Click Uninstall on the bottom right corner of the Protect box.
  3. Click Proceed with Uninstall on the next window and enter your credentials.

How to disable and remove Protect policies

After consultation with your TAM, you may be required to disable Protect policies after you have uninstalled Protect. This can occur if some endpoints are off-line when you uninstall Protect. For more detailed information on packages and deploying actions, see Tanium Platform User Guide: Managing Scheduled Actions and Tanium Platform User Guide: Managing and creating Packages.

To disable and remove Protect policies, you must first find all of the endpoints that are online and then deploy the removal packages.

Find all endpoints online

  1. Select Interact from the main menu.
  2. Assuming you want to disable Protect policies from all online computers now that you have uninstalled Protect, type get online from all machines in the question bar.
  3. Interact will suggest the query: Get Online from all machines. Select this query.
  4. Wait until your results have reached 100% and then select the box next to True.

Deploy removal packages

  1. Click Deploy Action.
  2. Under Deployment Package on the Deploy Action page, type Protect in the Enter package name here field.
  3. Select the Disable Tanium Protect Software Restriction Policies Package.
  4. Click show preview to continue at the bottom of the Deploy Action page.
  5. Click Deploy Action and enter your credentials. The Action Summary page will appear.
  6. Repeat all steps above, but select and deploy the Remove Protect Firewall Rules Package.

The Disable Tanium Protect Software Restriction Policies Package will remove all SRP rules created by Protect. It will not disable SRP on the endpoint. Likewise, the Remove Protect Firewall Rules Package will remove all firewall rules created by Protect. It will not disable the firewall on the endpoint.

Consult with your TAM before uninstalling Protect and disabling Protect policies.

Last updated: 7/17/2018 4:11 PM | Feedback