Uninstalling the QRadar EDR Agent on a Windows endpoint locally in safe mode

If the standard QRadar® EDR Agent uninstallation fails, you can uninstall the agent in safe mode.

About this task

Windows-only

Procedure

  1. Enter safe mode, then open the command prompt as an administrator.
  2. Stop and delete keeper by typing the following command.
    sc stop keeper & sc delete keeper
  3. Stop and delete rqtsentry by typing the following command.
    sc stop rqtsentry & sc delete rqtsentry
  4. Stop and delete rqtnetsentry by typing the following command.
    sc stop rqtnetsentry & sc delete rqtnetsentry
  5. Stop and delete i00 by typing the following command.
    sc stop i00 & sc delete i00
  6. Remove the ReaQta folder by typing the following command.
    rmdir c:\Program Files\ReaQta
  7. Remove the rqtsentry, rqtnetsentry, and i00 system files by typing the following commands.
    del c:\windows\system32\drivers\rqtsentry.sys
    del c:\windows\system32\drivers\rqtnetsentry.sys
    del c:\windows\system32\drivers\i00.sys
  8. Open the registry editor by typing the following command.
    regedit
  9. Search the registry for reaqta and remove any entries that are found.