How to uninstall an EDR host?

Overview

You can uninstall EDR agents directly from Stoik Protect—whether your endpoints are protected by CrowdStrike or SentinelOne. This enhancement gives you complete control over the MDR lifecycle, from installation to removal.

Walkthrough

MFA must have been enabled for at least two weeks on your account to generate a valid token.

  1. Open Stoik Protect, go to Endpoints > Hosts.

  1. Locate the host you want to uninstall, and click Uninstall Agent from the host's action menu.

  2. The uninstallation process then varies depending on the agent provider:

    1. For CrowdStrike, the uninstallation token appears in a pop-up window. Follow the instructions provided to manually uninstall the agent using this token.

    2. For SentinelOne, no token is required. Stoik Protect automatically manages the entire process once confirmation is validated.

  3. The host status updates in real time:

    1. Uninstalling while the uninstallation is in progress.

    2. Inactive when the agent is completely removed and no longer communicating.

Host Statuses

Status
Description

Active

The agent is online and reporting normally.

Uninstalling

The uninstallation has been triggered from Stoïk Protect.

Inactive

The agent has been removed or hasn’t reported activity for 30+ days.

PreviousHow to add more licences?NextEmail Security setup: Microsoft O365

Last updated

Was this helpful?