SmartEdge Agent removal script: reference and FAQ
This section provides additional reference information for the Uninstalling agent using a script (MDM) task.
Frequently asked questions
- Can this script be run on machines where the agent is already partially removed?
Yes. The script is idempotent. It checks for the existence of each artifact before attempting removal. Running it on a clean machine returns exit code 0 immediately.
- What if the MSI uninstall hangs?
Use the
-Forceflag to skip the MSI to uninstall it entirely. The script force removes all artifacts directly. If you run without-Forceand the MSI hangs, the script terminates it after the timeout (default 300 seconds) and continues with force removal. - Is a reboot always required after running the script?
If the exit code is 0, no reboot is required. If the exit code is 3010, a reboot is recommended to complete cleanup of locked files or WFP driver objects. The script never triggers a reboot automatically.
- Does this script work on endpoints that are not connected to the network?
Yes. The script operates entirely locally. No network connectivity or backend communication is required.
- Is it safe to run this script while users are logged in? Yes. The script runs silently with no user-visible windows or prompts. The bgptray system tray icon disappears when the tray process is terminated.Note: Network connectivity may be briefly disrupted during driver removal.
- Can I verify the removal without re-running the script?
Yes. Inspect the log file after execution. The verification phase lists any remaining artifacts. Running the script a second time on a clean machine confirms exit code 0.
Parameters
| Parameter | Default | Description |
|---|---|---|
-LogPath <path> |
C:\ProgramData\Forcepoint\SEA_Removal_Logs |
Directory where the log file is written. Useful for writing to a network share. |
-Force |
Off | Skips the MSI vendor to uninstall attempt and proceed directly to force removal. Faster and avoid potential MSI hangs. |
-SkipMsiUninstall |
Off | Same effect as -Force for the MSI phase only. |
-MsiTimeout <seconds> |
300 | Maximum time to wait for the MSI uninstall before killing it and proceeding. |
-NoReboot |
Off | Suppresses the reboot recommendation. The script never triggers a reboot automatically. When set, exit code 3010 is returned as informational only. |
What the script removes
The script performs a complete removal of all SmartEdge Agent components from the endpoint. All items listed below are removed automatically without user interaction.
| Component | Details |
|---|---|
| Services | bgAutoinstaller, bgSmartEdge, bitglass_seproxy, sedns, PacketFilter, bgprotect, fpguard |
| Kernel drivers | PacketFilterDriver.sys (WFP), bgprotect.sys (mini-filter), including driver store cleanup |
| WFP filters | Provider, sublayer, callouts registered by the PacketFilter driver |
| Processes | bgptray, bgpagent, autoinstallersvc, seproxysvc, seproxy, dnsserver, and any process running from the Bitglass installation folder |
| Folders | C:\Program Files\Bitglass, C:\Program Files (x86)\Bitglass, C:\ProgramData\Bitglass,
C:\ProgramData\Forcepoint\Bitglass, per-user AppData\Local\Bitglass |
| Registry | HKLM\SOFTWARE\Bitglass, per-user HKCU\Software\Bitglass, ARP uninstall keys (64-bit and 32-bit), MSI UserData/Products/UpgradeCodes/Folders
entries |
| Certificates | BG_SEProxy_CA and any Bitglass/Forcepoint certificates from LocalMachine and CurrentUser stores |
| Startup persistence | Run/RunOnce registry values, startup folder shortcuts, scheduled tasks |