Uninstall Elastic Agent

To uninstall Elastic Agent from a host, run the uninstall command from the directory where it’s running. Refer to the Fleet and Elastic Agent documentation for more information.

If Agent tamper protection is enabled on the Agent policy for the host, you’ll need to include the uninstall token in the command, using the --uninstall-token flag. You can find the uninstall token on the Agent policy or at Fleet → Uninstall tokens.

For example, to uninstall Elastic Agent on a macOS or Linux host:

sudo elastic-agent uninstall --uninstall-token 12345678901234567890123456789012

Use these commands to uninstall Elastic Endpoint from a host ONLY if uninstalling an Elastic Agent is unsuccessful.

Windows

cd %TEMP%
copy "c:\Program Files\Elastic\Endpoint\elastic-endpoint.exe" elastic-endpoint.exe
.\elastic-endpoint.exe uninstall
del .\elastic-endpoint.exe

macOS

cd /tmp
cp /Library/Elastic/Endpoint/elastic-endpoint elastic-endpoint
sudo ./elastic-endpoint uninstall
rm elastic-endpoint

Linux

cd /tmp
cp /opt/Elastic/Endpoint/elastic-endpoint elastic-endpoint
sudo ./elastic-endpoint uninstall
rm elastic-endpoint