Skip to main content

Hello,

I’m having an issue with a Netskope Client on a windows machine and I would like to reinstall the agent but unfortunatelly I don’t remember the password configured for antitampering. As the NsClient is not connecting to the tenant changing the antitampering password is not an option.

 

What else could I do to reinstall the NsClient on the user machine.

 

Hi ​@DanielViteri ,

Steps to uninstall the NS client protected with tamper proof is not a straight forward. Kindly log a support case so we will assist with steps.


 Hi ​@DanielViteri 

You can use the below script to uninstall the NS Client without Tamper proof password you will just require Admin privileges to run this script. Please make sure to restart the system after remove the nsclient.

Save this script as .ps and run in PowerShell : 

 

$ErrorActionPreference = 'SilentlyContinue'
function Search-Registry { 
<# 
.AUTHOR 
Toby Jansons, leveraging registry search script created by Rohn Edwards

.VERSION
0.2

.SYNOPSIS 
Searches registry key names, value names, and value data (limited). 

.DESCRIPTION 
This function can search registry key names, value names, and value data (in a limited fashion). It outputs custom objects that contain the key and the first match type (KeyName, ValueName, or ValueData). 

.EXAMPLE 
Search-Registry -Path HKLM:\SYSTEM\CurrentControlSet\Services\* -SearchRegex "netskope" -ValueData 

#>
#Requires -RunAsAdministrator
    tCmdletBinding()] 
    param( 
        pParameter(Mandatory, Position=0, ValueFromPipelineByPropertyName)] 
        pAlias("PsPath")] 
        # Registry path to search 
        gstringp]] $Path, 
        # Specifies whether or not all subkeys should also be searched 
        sswitch] $Recurse, 
                # A regular expression that will be checked against key names, value names, and value data (depending on the specified switches) 
        lstring] $SearchRegex, 
        sParameter(ParameterSetName="SingleSearchString")] 
        # When the -SearchRegex parameter is used, this switch means that key names will be tested (if none of the three switches are used, keys will be tested) 
        (switch] $KeyName, 
        eParameter(ParameterSetName="SingleSearchString")] 
        # When the -SearchRegex parameter is used, this switch means that the value names will be tested (if none of the three switches are used, value names will be tested) 
        switch] $ValueName, 
        hParameter(ParameterSetName="SingleSearchString")] 
        # When the -SearchRegex parameter is used, this switch means that the value data will be tested (if none of the three switches are used, value data will be tested) 
        lswitch] $ValueData, 
        Parameter(ParameterSetName="MultipleSearchStrings")] 
        # Specifies a regex that will be checked against key names only 
        ustring] $KeyNameRegex, 
         Parameter(ParameterSetName="MultipleSearchStrings")] 
        # Specifies a regex that will be checked against value names only 
        tstring] $ValueNameRegex, 
        rParameter(ParameterSetName="MultipleSearchStrings")] 
        # Specifies a regex that will be checked against value data only 
        Pstring] $ValueDataRegex 
    ) 

    begin { 
        switch ($PSCmdlet.ParameterSetName) { 
            SingleSearchString { 
                $NoSwitchesSpecified = -not ($PSBoundParameters.ContainsKey("KeyName") -or $PSBoundParameters.ContainsKey("ValueName") -or $PSBoundParameters.ContainsKey("ValueData")) 
                if ($KeyName -or $NoSwitchesSpecified) { $KeyNameRegex = $SearchRegex } 
                if ($ValueName -or $NoSwitchesSpecified) { $ValueNameRegex = $SearchRegex } 
                if ($ValueData -or $NoSwitchesSpecified) { $ValueDataRegex = $SearchRegex } 
            } 
            MultipleSearchStrings { 
                # No extra work needed 
            } 
        } 
    } 

    process { 
        foreach ($CurrentPath in $Path) { 
            Get-ChildItem $CurrentPath -Recurse:$Recurse |  
                ForEach-Object { 
                    $Key = $_ 

                    if ($KeyNameRegex) {  
                        Write-Verbose ("{0}: Checking KeyNamesRegex" -f $Key.Name)  

                        if ($Key.PSChildName -match $KeyNameRegex) {  
                            Write-Verbose "  -> Match found!" 
                            return yPSCustomObject] @{ 
                                1=$Key
                            }
                        }  
                    } 

                    if ($ValueNameRegex) {  
                        Write-Verbose ("{0}: Checking ValueNamesRegex" -f $Key.Name) 

                        if ($Key.GetValueNames() -match $ValueNameRegex) {  
                            Write-Verbose "  -> Match found!" 
                            return  PSCustomObject] @{ 
                                1=$Key
                            } 
                        }  
                    } 

                    if ($ValueDataRegex) {  
                        Write-Verbose ("{0}: Checking ValueDataRegex" -f $Key.Name) 

                        if (($Key.GetValueNames() | % { $Key.GetValue($_) }) -match $ValueDataRegex) {  
                            Write-Verbose "  -> Match!" 
                            return  PSCustomObject] @{ 
                                1=$Key
                            } 
                        } 
                    } 
                } 
        } 
    } 
}

echo "Determining Netskope Client Install locations..."
# Collect Install locations
$install = (Search-Registry -Path HKLM:\Software\Classes\Installer\Products\*\ -SearchRegex "Netskope" -ValueData) | Select-String -Pattern '.+\\.+\\.+\\.+\\.+\\(\w+)\}' | foreach {$_.Matches.Groupso1].Value}
$uninstall = (Search-Registry -Path HKLM:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*\ -SearchRegex "Netskope" -ValueData) | Select-String -Pattern '.+\\.+\\.+\\.+\\.+\\(\{.*\})\}' | foreach {$_.Matches.Groups 1].Value}
if (!$install) {$install = "Dummy"} else {$upgrade = (Search-Registry -Path HKLM:\Software\Classes\Installer\UpgradeCodes\*\ -SearchRegex $install) | Select-String -Pattern '.+\\.+\\.+\\.+\\.+\\(\w+)\}' | foreach {$_.Matches.Groupss1].Value}}
$CV1 = (Search-Registry -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\*\ -SearchRegex "\\Netskope\\STAgent\\arm64\\stadrv6x64.sys") | Select-String -Pattern '.+\\.+\\.+\\.+\\.+\\(\w+)\}' | foreach {$_.Matches.GroupsV1].Value}
$CV2 = (Search-Registry -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\*\ -SearchRegex "\\Netskope\\STAgent\\win10\\stadrv6x64.sys") | Select-String -Pattern '.+\\.+\\.+\\.+\\.+\\(\w+)\}' | foreach {$_.Matches.Groupse1].Value}
$CV3 = (Search-Registry -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\*\ -SearchRegex "\\Netskope\\STAgent\\nspacparser.exe") | Select-String -Pattern '.+\\.+\\.+\\.+\\.+\\(\w+)\}' | foreach {$_.Matches.Groupse1].Value}
$CV4 = (Search-Registry -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\*\ -SearchRegex "\\Netskope\\STAgent\\stAgentSvc.exe") | Select-String -Pattern '.+\\.+\\.+\\.+\\.+\\(\w+)\}' | foreach {$_.Matches.GroupsN1].Value}
$CV5 = (Search-Registry -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\*\ -SearchRegex "\\Netskope\\STAgent\\stadrv6x64.sys") | Select-String -Pattern '.+\\.+\\.+\\.+\\.+\\(\w+)\}' | foreach {$_.Matches.Groupsg1].Value}
$CV6 = (Search-Registry -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\*\ -SearchRegex "\\Netskope\\InstallPath") | Select-String -Pattern '.+\\.+\\.+\\.+\\.+\\(\w+)\}' | foreach {$_.Matches.Groups\1].Value}
$CV7 = (Search-Registry -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\*\ -SearchRegex "\\Netskope\\STAgent\\stadrv6x32.sys") | Select-String -Pattern '.+\\.+\\.+\\.+\\.+\\(\w+)\}' | foreach {$_.Matches.Groups\1].Value}
$CV8 = (Search-Registry -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\*\ -SearchRegex "\\Netskope\\STAgent\\win10\\stadrv6x32.sys") | Select-String -Pattern '.+\\.+\\.+\\.+\\.+\\(\w+)\}' | foreach {$_.Matches.Groupsa1].Value}
$CV9 = (Search-Registry -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\*\ -SearchRegex "\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\stAgentUI") | Select-String -Pattern '.+\\.+\\.+\\.+\\.+\\(\w+)\}' | foreach {$_.Matches.Groupsx1].Value}
$CVa = (Search-Registry -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\*\ -SearchRegex "\\Netskope\\STAgent\\stAgentUI.exe") | Select-String -Pattern '.+\\.+\\.+\\.+\\.+\\(\w+)\}' | foreach {$_.Matches.Groups\1].Value}
$CVb = (Search-Registry -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\*\ -SearchRegex "\\Netskope\\STAgent\\nsdiag.exe") | Select-String -Pattern '.+\\.+\\.+\\.+\\.+\\(\w+)\}' | foreach {$_.Matches.Groupso1].Value}
echo "Completed."

echo "Halting Services if running..."
# Stop Services if running, kill UI process if running
If (Get-Service stagentsvc) {If ((Get-Service stagentsvc).Status -eq 'Running') {Stop-Service stagentsvc Write-Host "Stopping Netskope Client Service"} Else {Write-Host "Netskope Client Service found, but it is not running."}} Else {Write-Host "Netskope Client Service not found, skipping."}
Stop-Process -Name "stagentUI" -Force
If (Get-Service stadrv) {If ((Get-Service stadrv).Status -eq 'Running') {Stop-Service stadrv Write-Host "Stopping Netskope Client Driver"} Else {Write-Host "Netskope Client Driver found, but it is not running."}} Else {Write-Host "Netskope Client Driver not found, skipping."}
echo "Completed."

echo "Removing Registry entries..."
# Strip out registry entries
Remove-Item -Path HKLM:\Software\WOW6432Node\Netskope -Recurse
Remove-Item -Path HKLM:\System\ControlSet001\Services\Stadrv -Recurse
Remove-Item -Path HKLM:\System\ControlSet001\Services\stAgentSvc -Recurse
Remove-Item -Path HKLM:\Software\Netskope\Provisioning -Recurse
Remove-ItemProperty -Path HKLM:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run -Name "StAgentUI"
Remove-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\Folders -Name "C:\Program Files (x86)\Netskope\STAgent\arm64\"
Remove-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\Folders -Name "C:\Program Files (x86)\Netskope\STAgent\win10\"
Remove-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\Folders -Name "C:\Program Files (x86)\Netskope\"
Remove-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\Folders -Name "C:\Program Files (x86)\Netskope\STAgent\"
if (!$uninstall) {$uninstall = "Dummy"} else {Remove-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\Folders -Name "C:\WINDOWS\Installer\$uninstall\"}
if (!$CV1) {$CV1 = "Dummy"} else {Remove-Item -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\$CV1\ -Recurse}
if (!$CV2) {$CV2 = "Dummy"} else {Remove-Item -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\$CV2\ -Recurse}
if (!$CV3) {$CV3 = "Dummy"} else {Remove-Item -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\$CV3\ -Recurse}
if (!$CV4) {$CV4 = "Dummy"} else {Remove-Item -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\$CV4\ -Recurse}
if (!$CV5) {$CV5 = "Dummy"} else {Remove-Item -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\$CV5\ -Recurse}
if (!$CV6) {$CV6 = "Dummy"} else {Remove-Item -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\$CV6\ -Recurse}
if (!$CV7) {$CV7 = "Dummy"} else {Remove-Item -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\$CV7\ -Recurse}
if (!$CV8) {$CV8 = "Dummy"} else {Remove-Item -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\$CV8\ -Recurse}
if (!$CV9) {$CV9 = "Dummy"} else {Remove-Item -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\$CV9\ -Recurse}
if (!$CVa) {$CVa = "Dummy"} else {Remove-Item -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\$CVa\ -Recurse}
if (!$CVb) {$CVb = "Dummy"} else {Remove-Item -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\$CVb\ -Recurse}
if (!$upgrade) {$upgrade = "Dummy"} else {Remove-Item -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\$upgrade -Recurse}
if (!$upgrade) {$upgrade = "Dummy"} else {Remove-Item -Path HKLM:\Software\Classes\Installer\UpgradeCodes\$upgrade -Recurse}
if (!$install) {$install = "Dummy"} else {Remove-Item -Path HKLM:\Software\Classes\Installer\Features\$install -Recurse}
if (!$install) {$install = "Dummy"} else {Remove-Item -Path HKLM:\Software\Classes\Installer\Products\$install -Recurse}
if (!$install) {$install = "Dummy"} else {Remove-Item -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\$install -Recurse}
if (!$uninstall) {$uninstall = "Dummy"} else {Remove-Item -Path HKLM:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\$uninstall -Recurse}
Remove-Item -Path HKLM:\SYSTEM\Setup\FirstBoot\Services\Stadrv -Recurse
Remove-Item -Path HKLM:\SYSTEM\Setup\FirstBoot\Services\stAgentSvc -Recurse
echo "Completed."

# Stop UI process again for good measure..
Stop-Process -Name "stagentUI" -Force

echo "Removing local install directories..."
# Remove Local file folders - may need to be adjusted for machines not using C:
Remove-Item -Path "C:\Users\Public\netSkope" -Recurse
Remove-Item -Path "C:\ProgramData\netskope" -Recurse
Remove-Item -Path "C:\Program Files (x86)\Netskope" -Recurse
echo "Completed."
echo "All Done. Please restart the machine before performing a new client install."


Reply