Created
May 17, 2023 12:20
-
-
Save taylorwalton/e3ebe36e56474fe0f25a6e99ca6bd8b6 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Check if WazuhSvc is installed | |
| $wazuhStatus = Get-Service | Where-Object { $_.Name -eq "WazuhSvc" } | |
| if ($wazuhStatus -ne $null) { | |
| Write-Output "Wazuh-Agent (WazuhSvc) is installed. Attempting to stop (if running) and uninstall..." | |
| # Stop the service if it's running | |
| if ($wazuhStatus.Status -eq 'Running') { | |
| Stop-Service -Name "WazuhSvc" -Force | |
| } | |
| # Uninstall the program by name | |
| $programName = "Wazuh Agent" | |
| $program = Get-WmiObject -Class Win32_Product | Where-Object { $_.Name -eq $programName } | |
| if ($program) { | |
| $program.Uninstall() | |
| } else { | |
| Write-Output "Wazuh Agent not found in installed programs." | |
| } | |
| # Remove the ossec-agent directory | |
| if (Test-Path -Path "C:\Program Files (x86)\ossec-agent") { | |
| Remove-Item -Path "C:\Program Files (x86)\ossec-agent" -Force -Recurse | |
| Write-Output "ossec-agent directory has been removed." | |
| } else { | |
| Write-Output "ossec-agent directory not found." | |
| } | |
| } | |
| else { | |
| Write-Output "Wazuh-Agent (WazuhSvc) is not installed." | |
| } | |
| # Find Sysmon or Sysmon64 exe | |
| try { | |
| $sysmonExePath = (Get-Command -Name "sysmon.exe").Source | |
| } catch { | |
| Write-Output "sysmon.exe not found." | |
| } | |
| try { | |
| $sysmon64ExePath = (Get-Command -Name "sysmon64.exe").Source | |
| } catch { | |
| Write-Output "sysmon64.exe not found." | |
| } | |
| # Check if Sysmon or Sysmon64 is installed and running | |
| $sysmonStatus = Get-Service | Where-Object { $_.Name -eq "Sysmon" -or $_.Name -eq "Sysmon64" } | |
| if ($sysmonStatus -ne $null) { | |
| if ($sysmonStatus.Status -eq 'Running') { | |
| Write-Output "Sysmon is running. Attempting to stop and uninstall..." | |
| # Stop the service | |
| Stop-Service -Name $sysmonStatus.Name -Force | |
| # Uninstall command for Sysmon or Sysmon64 | |
| if ($sysmonExePath) { | |
| & $sysmonExePath -u force | |
| } elseif ($sysmon64ExePath) { | |
| & $sysmon64ExePath -u force | |
| } | |
| } | |
| else { | |
| Write-Output "Sysmon is installed but not running. Attempting to uninstall..." | |
| # Uninstall command for Sysmon or Sysmon64 | |
| if ($sysmonExePath) { | |
| & $sysmonExePath -u force | |
| } elseif ($sysmon64ExePath) { | |
| & $sysmon64ExePath -u force | |
| } | |
| } | |
| } | |
| else { | |
| Write-Output "Sysmon is not installed." | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment