I am trying to uninstall Cylance on our Workstations and it has been difficult. Below are the command i have tried but no result. It all failed and return Exit Code 1612 - msi file is not available in the Windows Installer cache. I still have cylance on machines, what can i do ? I need a fixlet or command that will remove all the presence of cylance
It may be just a case of 64/32 bit redirection - try action using wow64 redirection {not x64 of operating system}
If that doesn’t work you will need to go through the usual debug steps: try running the commands manually and see what happens. Do the affected machines show the product in Add/Remove Programs?, what is in the Uninstall registry key for the product?
I am sure its not a case of 64/32 bit redirection. But I will try the wow redirection. I try running the command manually nothing happened. Yes! the affected machines show the product in Add/Remove programs.
Do you have access to the console for Cylance? Do you know if there is a Require Password to Uninstall Agent?Is Prevent Service Shutdown from Device active?
If the command doesn’t work manually then it probably isn’t redirection - in fact, it isn’t really a Bigfix thing at all.
The error (1612) suggests that housekeeping to create space has removed the installer, but @baynes74 makes some good points.
Did you run the command manually with or without the /qn? I would try again without /qn (or from Add/Remove programs) to see what error messages appear in the UI.
I’ve had cases where an app can’t uninsall due to the msi having been removed (wasn’t due to manual cleanup of the Windows\Installer folder) and the way I managed to workaround it was to download the full MSI as part of the fixlet action then run the msiexec /x with the full path to the orginal MSI. Not ideal but helped avoid that somewhat tricky situation.
EDIT. And the MSI did vary depending of the version and patch level of the app the endpoint had. Woindering if you may have a spread of versions so the MSI you have may not work for all cases and you may beed MSI for each version in your environment?
I stopped having access to the console yesterday. Before loosing access, I change to to a policy with no settings enabled and then change the self protection level from Local system to Local admin. My license for Cylance already expired.
Either the installer has been removed, or the product has been updated via the console or cloud (I know nothing about Cylance) and the installer referenced in the registry does not match the installed version.
This is a common issue to MSI packages. A quick Google for “Cylance Removal Tool” yielded quite a few results for me, but I’m not familiar with the software or any of the removal tools so I don’t want to post direct links here.
If you find and test a removal tool that works on one machine, we should be able to help you automate removing it on your systems through BigFix.
I think my solution will be deleting all the presence of Cylance from the registry and the C drive … After talking with Cylance support, I was told to disable Cylance services and then delete Cylance from this locations
Remove Cylance folders from C:\Program Files, %ProgramData%, and %AppData%\Local
Remove the Cylance driver from C:\Windows\system32\drivers and C:\Windows\system32\drvstore
Remove Cylance registry keys from HKLM\Software and HKLM\System\CurrentControlSet\services
It worked doing all this but I need to be able to create action fixlet to delete all the presence of cylance in C: and registry. I created a fixlet to disable cylance service already.
// Disable Cylance Service
if {exists key “CylanceSvc” whose (exists value “start” of it) of key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services” of registry}
regset “[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CylanceSvc]” “start”=dword:00000004
endif true
This action to delete all the presence of cylance isnt working for me…
I’m not sure how to run the MS Troubleshooter silently, but it looks like there’s a set of PowerShell scripts embedded.
Your first step would be to identify whether there are command-line parameters you can use to automate whichever repair is working for you, but once you find that we can help you determine how to repeat it.
I ran the troubleshooter I had downloaded, followed the instructions, selected the application I needed to uninstall, and that was it. It asks me to try my uninstall again even though it has already been done. I dont know how to get the command-line parameters