Mar 01 2022 08:03 AM
Hello,
We have installed ATP sensors on couple of DC's in the environment. ( Windows 2016 core servers)
Currently all servers are running with ATP version 2.174. However one server has outdated version 2.171.
Probably it was not updated through Azure Portal since the server was hung.
Just wanted to confirm if do we have any option to update the ATP version manually without uninstalling the current package.
- Or do we need to uninstall older version and reinstall newer version, If yes, does it require a Reboot.
And please provide best steps to follow during uninstalling ATP sensor in core servers .
Mar 01 2022 08:12 AM
Mar 01 2022 08:16 AM
Mar 01 2022 09:24 AM
Like other msi based installations, you have the uninstall string in the registry. Running that command will get your sensor removed.
Check the registry value under HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{guid}\QuietUninstallString
Notice the Wow6432Node in the path since the msi engine was 32bit, and the {guid} that may vary, depending on the version you have installed.
You should find the correct guid path by the DisplayName value, it should be Azure Advanced Threat Protection Sensor.
In my test machine, the command is
"C:\ProgramData\Package Cache\{fa207b08-f6c7-49c7-ba6b-8e2a8aaccf57}\Azure ATP Sensor Setup.exe" /uninstall /quiet