1 Uninstalling IBM IDS from DMZ Servers
On The Server
- Prior to uninstalling the agent, you must first disable agent protection. To do this, open a command prompt and run the following:
<drive>:\Program Files\[IBM] ISS\Server Protection\rapapp -ap
Note: It may also reside in Program Files (X86) which is the case on most servers in our environment
Note: If the above command returns an error, contact IT security and request them for the access protection password and then running the following
<drive>:\Program Files\[IBM] ISS\Server Protection\rapapp –ap <password>
- Once agent protection is disabled, run the following command from a command prompt to uninstall Host Protection for Windows agent:
<drive>:\Program Files\[IBM] ISS\Server Protection\AgentRemove.exe -full
An uninstall log will be generated in C:\Windows\AgentRemove.log.
- Open the registry and delete the registry keys listed below if they exist:
HKLM\Software\Agent
HKLM\Software\ISS
HKLM\System\CurrentControlSet\Services\blackICE
HKLM\System\CurrentControlSet\Services\RapAPP
HKLM\System\CurrentControlSet\Services\issfltr
HKLM\System\CurrentControlSet\Services\issnet
HKLM\System\CurrentControlSet\Services\issnfh
HKLM\System\CurrentControlSet\Services\W32Yelo
- Open a command prompt and run the following commands to remove the services if they exist:
sc delete VPatch
sc delete blackice
sc delete rapapp
sc delete ibmproventia
- Delete the following directories and files if they exist:
\Program Files\ISS\proventia server
\Windows\System32\blackdll.dll
\Windows\System32\drivers\blackcat.sys
\Windows\System32\drivers\MakoNT.sys
\Windows\System32\drivers\isskboep.sys
\Windows\System32\drivers\issnetv.sys
\Windows\System32\drivers\issnfhv.sys
- Reboot the server.
Finally, contact IT security to get the agent removed manually within SiteProtector.
No comments:
Post a Comment