NEW: Atera Agent uninstall prevention

nina
nina Internal Posts: 428 ✭✭✭✭✭
edited September 2023 in Remote Monitoring

Thank you to our community for suggesting this new feature via User Voice, Atera's features board!

You now have the option to prevent end-users from uninstalling the Atera agent on Windows devices.

Go to Admin > Settings > Agents > Select "Prevent end users from…" > Save

For more information, visit the following Knowledge Base article here.

To add your ideas to User Voice, you can access the features board by going to Resources at the top of the Community page > Got an idea? > User Voice > Describe and post your idea!

Comments

  • sandeep.h
    sandeep.h Member Posts: 18 ✭✭

    Hi Nina,

    Can you please confirm if this will work for existing agents as well or its only for new agents (after we enable the feature under settings)?

    Kind regards,

    Sandeep

  • nina
    nina Internal Posts: 428 ✭✭✭✭✭

    Hi @sandeep.h - It works for previously installed agents, agents that have the latest version, 1.8.5.6.

    You only need to enable the feature, and your end users will not be able to uninstall the agent!

  • bahlquist
    bahlquist Member Posts: 17 ✭✭

    Very nice - thanks for all the work to make this a reality Atera Team!

  • dyoder
    dyoder Member Posts: 52 ✭✭✭

    @nina - From the KB article you linked to, I see the following exceptions to the restricted uninstall of the Atera agent:

    Exceptions include using system privileges (GPO, CMD, Powershell, WMI), deleting the device from the Atera console, setting "UninstallOverride"=true in the registry, or if "integratorlogin" is missing from the system settings.

    Is there somewhere else that expands on this a little further?

    1. Do "system privileges" mean a local administrator, the SYSTEM account, or a user with an elevated admin token?
    2. Where exactly should the UninstallOverride property exist in the Windows Registry, and what type is it?
    3. If the IntegratorLogin property is missing, when does it need to be missing? When the Atera agent starts?

  • frank.pietersma
    frank.pietersma Member Posts: 78 ✭✭✭

    Finally it's here! We have been waiting a very long time for this!

    Just tried it and it seems so work properly.
    A user which has local admin rights was not be able to uninstall the agent. A message box popped up saying uninstalling is blocked.

    A little clarification regarding the exceptions would be great!

  • AElliott
    AElliott Member Posts: 12

    Please give some actual detail on how this prevents users from uninstalling. Most software that has this type of feature, there's an "Uninstall Password" we set to prevent uninstallation.

  • joseph.smith
    joseph.smith Member Posts: 24 ✭✭✭

    👍️

  • yasminproduct16
    yasminproduct16 Internal Posts: 16
    edited September 2023

    Hey all,

    I'm very happy that we were able to release this feature that you have requested :)

    Here is some clarification:

    This setting is available in the Atera console under the account settings. The default if false- meaning the end user can remove the Agent like any other program.
    If you want to prevent this, you can set it to True. This will change a registry key that will block the uninstallation from the end device side.
    If you want to remove the agent, you can still delete it through the Atera web console, or remove the agent locally on the device with SYSTEM user. Another option is editing the registry key that controls the uninstall prevention feature on the device.

    We know that some software offers an uninstall password but it's not very common with RMM systems. If you would prefer an uninstallation password we'd love to hear your thoughts.

  • tanderson
    tanderson Member Posts: 279 ✭✭✭✭

    @Yasmin from Atera If you delete an agent from the portal, does that send an uninstall command to the machine?

  • mbudke
    mbudke Member Posts: 137 ✭✭✭

    Really nice!! Thanks for implementing! :-)

  • Thanks for implementing.

    like others I think an uninstall password might be safer as it prevents PUA's just setting the new registry key and removing atera.

  • dyoder
    dyoder Member Posts: 52 ✭✭✭

    I agree with @nathan. The other products I use (and have used) have passwords to secure the installation.

    @nina and @Yasmin from Atera The uninstall prevention feature isn't working right now, so I can't test this, but bypassing and uninstalling the agent would look something like this in Powershell:

    [Microsoft.Win32.Registry]::SetValue('HKEY_LOCAL_MACHINE\SOFTWARE\ATERA Networks\AlphaAgent','UninstallOverride','true',[Microsoft.Win32.RegistryValueKind]::String)
    Restart-Service -Name AteraAgent -Force ; Get-CimInstance -ClassName CIM_Product -Filter "Name like 'AteraAgent'" | Invoke-CimMethod -MethodName 'Uninstall'

    With Atera's current solution to protect against agent uninstalls, I certainly wouldn't brand the feature as "securing" the agent. Adding a password would be a much better step in the direction of securing the agent.

    If you want an example of using a password, you're already integrated with ESET. Check out their implementation of securing their management agent with a password.

  • dfletcher
    dfletcher Member Posts: 30 ✭✭

    @nina Is this a beta feature? It doesn't show up in our settings. Instead of Agents our settings menu lists Devices and the only option is for Retired devices.

    When announcing new features please indicate whether they are in beta or general release. It's tiresome to poke around for a new feature that doesn't exist.

    Suggesting that I change my company over to beta or preview of some sort to get early access does not interest me. I just want to know if it's general release or not before I go poking around looking for it.

  • dyoder
    dyoder Member Posts: 52 ✭✭✭

    @dfletcher I've had this happen with several features before. Sometimes Atera will release a feature into production but then pull it because it's not quite ready for primetime. I'm sure it will be back soon. But it was definitely not a beta feature.

  • [Deleted User]
    [Deleted User] Posts: 0
    edited September 2023

    I don't see the new feature either. also I wish atera would stop renaming things - one minute they are referred to as devices - the next they are called agents

    new screen nina posted above

    Retired devices - should be in a section called "Reporting" and renamed to "Not recently seen devices" because, just because it hasn't been switched on recently - does not mean it is retired it could be a laptop that is only used twice a year as a standby, but just should be excluded from certain patch compliance reports etc.

  • dyoder
    dyoder Member Posts: 52 ✭✭✭

    @nathan

    Retired devices - should be in a section called "Reporting" and renamed to "Not recently seen" because, just because it hasn't been switched on recently - does not mean it is retired it could be a laptop that is only used twice a year as a standby, but just should be excluded from certain patch compliance reports etc.

    @nina ^^ this. It would also be great if retired devices weren't counted when generating invoices either (see this post)

  • nina
    nina Internal Posts: 428 ✭✭✭✭✭

    Good suggestion. Thank you! I've passed this on internally.

  • nina
    nina Internal Posts: 428 ✭✭✭✭✭
  • nina
    nina Internal Posts: 428 ✭✭✭✭✭
    edited September 2023

    Hi all!

    Quick update: As you already pointed out in this discussion, we did have an issue with the uninstall prevention feature, so we’ve turned the toggle off. For now, you won’t see this option under the settings until the fix is uploaded.

    FWIW We will redeploy the feature again with the new Agent version 1.8.5.7

    Thank you again for your assistance in helping us troubleshoot the issue! Community for the win.

    Nina

  • I have done and improved the wording for the suggested replacement to "Infrequent devices".

    Please everyone go and vote for it here:-

    https://atera.uservoice.com/forums/936306-ideas-and-feedback/suggestions/47229257-retired-devices-should-be-renamed-to-infrequent-d

    and while you are at it, please add your votes too for proper retired devices support :-

    https://atera.uservoice.com/forums/936306-ideas-and-feedback/suggestions/44000010-ability-to-archive-retired-devices

  • Please, please, please - as I have said before, once you have announced a feature as available (as you did above) if it then gets pulled please too announce this in the "What's new section" under known issues, it is such a waste of time for us all to go looking for a feature - only to find that it is not there.

    To be clear - I have absolutely no issue with you announcing something and then having to roll back - that is all good - just make sure you keep your customers informed.

  • nina
    nina Internal Posts: 428 ✭✭✭✭✭

    Agreed. I will speak with the Product Team about this to see what we can do to better communicate this to our users.

  • AElliott
    AElliott Member Posts: 12

    I don't have:

    "Go to Admin > Settings > Agents > "

    …..but I have an agent that didn't install fully (splashtop service won't start, most files are missing from the Splashtop folder) and I can't uninstall Atera to fix it. Love when this sort of stuff happens when under pressure with deadlines.

    Another half-baked Atera feature. I can't believe I'm saying this, but the Kaseya agent was 1000% better in managing the agent itself.

  • kim
    kim Member Posts: 113 ✭✭✭

    Hi @AElliott,


    I had a few agents a while ago that wouldn’t let me connect using splashtop because there was a version conflict with the Splashtop RMM. While it was not convenient, I got on the phone with the customer, used Anydesk to connect and fix Splashtop. You do have the option when connecting to clients with other choices such as TeamViewer, Anydesk, and Splashtop. I have used scripts in the Shared Library to send scripts through the agent that was working in the cmd prompt to also fix the Splashtop connection issue. Like I mentioned before it’s not a convenient solution, but as we know with a lot of remote connections, that can be a problem when it drops off.