Uninstalling Protect and removing Protect policies
In some instances, if you decide to uninstall Protect, you might need to disable associated firewall policies and SRP rules to ensure they are cleanly removed from endpoints. Consult with your TAM to determine if this is required. If so, you need to deploy actions including the following two packages that were created when Protect was installed:
- Disable Tanium Protect Software Restriction Policies
- Remove Protect Firewall Rules
In order to complete a clean uninstall and removal of Protect policies, you must uninstall Protect before disabling the associated firewall policies and SRP rules.
The following procedure guides you through removing the Protect workbench and uninstalling the service from the Tanium Module Server™. See How to disable and remove Protect policies for the procedure to deploy actions for the two specific packages required to remove content associated with Protect after you have uninstalled Protect.
To uninstall Protect
- From the Main menu, click Tanium Solutions.
- Click Uninstall on the bottom right corner of the Protect box.
- Click Proceed with Uninstall on the next window and enter your credentials.
After consultation with your TAM, you might be required to disable Protect policies after you have uninstalled Protect. This can occur if some endpoints are off-line when you uninstall Protect. For more detailed information on packages and deploying actions, see Tanium Platform User Guide: Managing Scheduled Actions and Tanium Platform User Guide: Managing and creating Packages.
To disable and remove Protect policies, you must first find all of the endpoints that are online and then deploy the removal packages.
Find all endpoints online
- Select Interact from the main menu.
- Assuming you want to disable Protect policies from all online computers now that you have uninstalled Protect, type get online from all machines in the question bar.
- Interact suggests the query: Get Online from all machines. Select this query.
- Wait until your results have reached 100% and then select the box next to True.
- Click Deploy Action.
- Under Deployment Package on the Deploy Action page, type Protect in the Enter package name here field.
- Select the Disable Tanium Protect Software Restriction Policies Package.
- Click show preview to continue at the bottom of the Deploy Action page.
- Click Deploy Action and enter your credentials. The Action Summary page appears.
- Repeat all steps above, but select and deploy the Remove Protect Firewall Rules Package.
The Disable Tanium Protect Software Restriction Policies Package removes all SRP rules created by Protect. It does not disable SRP on the endpoint. Likewise, the Remove Protect Firewall Rules Package removes all firewall rules created by Protect. It does not disable the firewall on the endpoint.
Last updated: 2/27/2020 2:46 PM | Feedback