Sometimes, due to issues on the .NET Framework or on the Windows Installer, the Heimdal Agent cannot be uninstalled using the usual methods: pressing the Uninstall button in Control Panel -> Programs and Features or running the uninstall command line from an elevated Command Prompt/PowerShell window.
BEHAVIOR: uninstalling the HEIMDAL Agent from Control Panel -> Programs and Features fails.
SOLUTION: the HEIMDAL Agent can be manually uninstalled by following the steps below.
1. Open Command Prompt (as an Administrator) and run the following command lines to stop the HEIMDAL services:
1. If the HEIMDAL services are running and cannot be disabled, download (https://prodcdn.heimdalsecurity.com/resources/logtracer.zip), extract the archive (password is 'heimdalprotectsyou'), and run the Heimdal LogTracer. If not, you can jump to step 3.
2. Disable the Tamper Protection mechanism using the Master Uninstall Password (can be generated in the HEIMDAL Dashboard -> Guide -> Your HS Activation Key -> Generate password).
3. Open Command Prompt (as an Administrator) and run the following command lines to stop the HEIMDAL services:
net stop "Heimdal Uptime Checker"
net stop "Heimdal Client Host"
net stop "Heimdal DarkLayer Guard"
net stop "Heimdal Update Service"
net stop "Heimdal Antivirus"
net stop "Heimdal Admin Privilege"
net stop "Heimdal Firewall"
net stop "Heimdal MailSentry"
net stop "Heimdal ProcessLock"
net stop "Heimdal Insights"
net stop "Heimdal Monitor"
net stop "Heimdal RemoteDesktop"
4. Kill all the HEIMDAL processes:
taskkill /IM Heimdal.AgentLoader.exe /F
taskkill /IM Heimdal.AgentError.exe /F
taskkill /IM Heimdal.AdminPrivilege.InjectorHelperX64.exe /F
taskkill /IM Heimdal.Agent.exe /F
taskkill /IM Heimdal.ThorAgent.exe /F
taskkill /IM Heimdal.UptimeChecker.exe /F
taskkill /IM Heimdal.ClientHost.exe /F
taskkill /IM Heimdal.DarkLayerGuard.exe /F
taskkill /IM Heimdal.Antivirus.exe /F
taskkill /IM Heimdal.AdminPrivilege.exe /F
taskkill /IM Heimdal.MailSentry.exe /F
taskkill /IM Heimdal.MailSentryMonitor.exe /F
taskkill /IM Heimdal.Firewall.exe /F
taskkill /IM Heimdal.RemoteDesktop.Service.exe /F
taskkill /IM Heimdal.UpdateService.exe /F
taskkill /IM Heimdal.MonitorServices.exe /F
taskkill /IM Heimdal.ProcessLock.exe /F
taskkill /IM Heimdal.Insights.Service.exe /F
taskkill /IM avupdate.exe /F
5. Delete the HEIMDAL services:
sc delete "Heimdal Uptime Checker"
sc delete "Heimdal Client Host"
sc delete "Heimdal DarkLayer Guard"
sc delete "Heimdal Update Service"
sc delete "Heimdal Antivirus"
sc delete "Heimdal Admin Privilege"
sc delete "Heimdal Firewall"
sc delete "Heimdal Monitor"
sc delete "Heimdal MailSentry"
sc delete "Heimdal ProcessLock"
sc delete "Heimdal Insights"
sc delete "Heimdal RemoteDesktop"
or
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Heimdal Admin Privilege" /f
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Heimdal Antivirus" /f
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Heimdal Client Host" /f
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Heimdal DarkLayer Guard" /f
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Heimdal Firewall" /f
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Heimdal Insights" /f
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Heimdal MailSentry" /f
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Heimdal Monitor" /f
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Heimdal ProcessLock" /f
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Heimdal RemoteDesktop" /f
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Heimdal Update Service" /f
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Heimdal Uptime Checker" /f
6. Delete the HEIMDAL folders:
rmdir /Q /S "C:\Program Files (x86)\Heimdal"
rmdir /Q /S "C:\Program Files\Heimdal"
rmdir /Q /S "C:\ProgramData\Heimdal Security\Heimdal Thor Agent"
rmdir /Q /S "C:\Windows\SysWOW64\Heimdal Security\Heimdal Jobs"
7. Delete the HEIMDAL installer registries:
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\<GUID> /f
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{GUID} /f
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{GUID} /f
reg delete HKEY_CLASSES_ROOT\Installer\Products\<GUID> /f
If none of the steps above fix the issue, please reach out to the HEIMDAL Security Support Team.