# How to uninstall an EDR host?
### Overview
You can uninstall EDR agents directly from Stoik Protect—whether your endpoints are protected by CrowdStrike or SentinelOne. This enhancement gives you complete control over the MDR lifecycle, from installation to removal.
[#for-workstations-and-servors](#for-workstations-and-servors "mention")
[#for-mobile-device](#for-mobile-device "mention")
[#host-statuses](#host-statuses "mention")
### For Workstations and Servors
{% hint style="info" %}
MFA must have been enabled for at least two weeks on your account to generate a valid token.
{% endhint %}
1. Open Stoik Protect, go to `Endpoints` > `Hosts`.
2. Locate the host you want to uninstall, and click `Uninstall Agent` from the host's action menu.
3. The uninstallation process then varies depending on the agent provider:
1. For **CrowdStrike**, the uninstallation token appears in a pop-up window. Follow the instructions provided to manually uninstall the agent using this token.
2. For **SentinelOne**, no token is required. Stoïk Protect automatically manages the entire process once confirmation is validated.
1. For **Linux**, run the following command \
`sudo /opt/CrowdStrike/falconctl -s --maintenance-token=`
4. The **host** status updates (cf. [#host-statuses](#host-statuses "mention"))
1. "Uninstalling" while the uninstallation is in progress.
2. For both, "Inactive" when the agent is completely removed and no longer communicating.
### For Mobile Device
For mobile devices, follow these steps based on the device operating system:
• **Android**: Uninstall the EDR agent application from the device like any other app. Use your device’s app management or Settings to remove the app.
• **iOS**: Remove the EDR profile first: Go to **Settings \\> General \\> VPN & Device Management** and delete the EDR agent profile. After the profile is successfully removed, delete the EDR agent application.
### Host Statuses
| Status | Description |
| ---------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Active** | The agent is online and reporting normally. |
| **Uninstalling** |
The uninstallation has been triggered from Stoïk Protect.
⚠️For CrowdStrike, uninstalling status is set as soon as the uninstallation process is confirmed, even though You didn't start the uninstallation process.
|
| **Inactive** | The agent has been removed or hasn’t reported activity for 30+ days. |
{% hint style="info" %}
💡 After uninstallation
* The workstation will remain visible for 45 days in the CrowdStrike or Stoïk Protect console,
* But the Crowdstrike agent will be uninstalled from the workstation immediately.
💡 Special case: Loss of access to an endpoint (theft, storage, etc.)
* 👁️ Detection: after 90 days without an Internet connection, the workstation is declared "lost": the EDR no longer collects telemetry.
* ⚙️ Technique: the CrowdStrike programme remains installed locally on the terminal, but can no longer be controlled remotely.
{% endhint %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.stoik.io/stoik-mdr/how-to-uninstall-an-edr-host.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.