-
Notifications
You must be signed in to change notification settings - Fork 760
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Uninstall flow not working #932
Comments
I'm assuming that the installation is not using fleetspeak (the next generation, experimental, communication framework, which can be enabled at install time). TL;DR: A restart of the client machine is necessary. The GRR installation installs a Windows service. The service runs the nanny / the GRR monitor. The nanny starts the GRR agent and monitors it. If the agent crashes, the monitor restarts it. My understanding is that the The |
This clarifies why it wasn't working. However, in most of the cases the machines cannot be restarted. Is there another approach in order to kill and stop the service without restarting? |
There is functionality to execute arbitrary Python code on the client: So it would be possible to upload and then execute the following snippet:
However, I'm not completely sure if this will work, since it would stop the service from within GRR itself. Note, that the actual service name ("GRR Monitor") in the above example can be customized using the config and might differ in your installation. The respective config variable is |
Actually, I think the python snippet might be worth a try. |
I've tried ExecutePythonHack and it's working. The procedure would be the following:
However, I would suggest changing the description of the flow Uninstall as it says that it stops the service when actually it's not doing that. Thanks! |
I agree that the description should be adapted, I'll make the respective change. |
Environment
Describe the issue
I have tried to kill the GRR process and remove the persistence in a client by using the administrative flows
Kill
andUninstall
(with the kill flag). When executing, the client crashes but after that, the connection is still active.Is this a known problem? Or maybe there's a requisite for these flows to work that I am not aware of?
The text was updated successfully, but these errors were encountered: