Start Free Trial Go to Trend Vision One™
Welcome to Trend Micro
This website uses cookies for website functionality, traffic analytics, personalization, social media functionality and advertising. Our Cookie Notice provides more information and explains how to amend your cookie settings.
Learn more
Uninstall a Security Agent

Uninstall a Security Agent

This task retrieves a list of Security Agents and then uninstalls a specific Security Agent.

  1. Obtain an application ID and API key.
  2. Define the libraries and functions necessary to create JSON Web Tokens for authorization.
  3. Obtain the host name of the Security Agent that you want to uninstall.
  4. Uninstall the Security Agent.
  5. Verify that the Security Agent was uninstalled.

Obtain an Application ID and API Key

This task retrieves the application ID and API key for an external application that consumes Apex Central Automation APIs.

  1. Go to Administration > Settings > Automation API Access Settings.

    The Automation API Access Settings screen appears.

  2. Click Add.

    The Application Access Settings section appears and displays the following information:

    • Application ID: Used by Apex Central to identify the external application

    • API key: Used by the external application to sign requests sent to Apex Central

    • API type: Indicates the API functions that the external application can access

  3. Select Enable application integration using Apex Central Automation APIs.
  4. Configure the following settings.

    • Application name: Specify an easily identifiable name for the application.

    • Communication time-out: Select the maximum number of seconds allowed for a request to reach Apex Central after the application generates the request.

  5. Click Save.

    The Automation API Access Settings screen appears and displays the newly added application in the table.

  6. In Python, assign values to following parameters.

    Parameter

    Value

    use_application_id

    Your application ID

    use_api_key

    Your API key

    use_url_base

    Your server URL

    		 
    use_application_id = YOUR_APPLICATION_ID
use_api_key = YOUR_API_KEY
use_url_base = YOUR_SERVER_URL

Define the Libraries and Functions Required for JSON Web Token Creation

This task defines the necessary libraries and functions for creating the JSON web token (JWT).

  1. Define the necessary libraries. 
    import base64
import jwt
import hashlib
import time
import json
  2. Define the function that creates the checksum. 
    def create_checksum(http_method, raw_url, headers, request_body):
    string_to_hash = http_method.upper() + '|' + raw_url.lower() + '|' + headers + '|' + request_body
    base64_string = base64.b64encode(hashlib.sha256(str.encode(string_to_hash)).digest()).decode('utf-8')
    return base64_string
  3. Define the function that creates the JWT. 
    def create_jwt_token(appication_id, api_key, http_method, raw_url, headers, request_body,
                     iat=time.time(), algorithm='HS256', version='V1'):
    checksum = create_checksum(http_method, raw_url, headers, request_body)
    payload = {'appid': appication_id,
               'iat': iat,
               'version': version,
               'checksum': checksum}
    token = jwt.encode(payload, api_key, algorithm=algorithm).decode('utf-8')
    return token

Obtain the Host Name of the Security Agent

This task retrieves the host name of the Security Agent that you want to uninstall.

  1. Retrieve the list of Security Agents that are managed by the selected server, and assign the response value to r.

    For more information about the "List Security Agents" API, see https://automation.trendmicro.com/apex-central/api#tag/Security-Agents.

    print('(Optional) Get the Security Agent list, if you does not have host name.')
productAgentAPIPath = '/WebApp/API/AgentResource/ProductAgents'
canonicalRequestHeaders = ''
 
useRequestBody = ''
useQueryString=''
 
jwt_token = create_jwt_token(use_application_id, use_api_key, 'GET',
                              productAgentAPIPath + useQueryString,
                              canonicalRequestHeaders, useRequestBody, iat=time.time())
 
headers = {'Authorization': 'Bearer ' + jwt_token , 'Content-Type': 'application/json;charset=utf-8'}
r = requests.get(use_url_base + productAgentAPIPath + useQueryString, headers=headers, verify=False)
  2. Perform error handling and print the API response. 
    if r.status_code !=200 and r.status_code!=201:
  print('Not successful, please handle your error')
 
#Show the information of agents. 
# print(r.status_code)
# print(json.dumps(r.json(), indent=4))
host_name = r.json()["result_content"][0]["host_name"]
print("host name:", host_name)
  3. Locate the host name in the response. 
    200
{
    "result_code": 1,
    "result_description": "Operation successful",
    "result_content": [
       {
            "entity_id": "492E8584-0114-694D-BF9D-44CC20141501",
            "product": "SLF_PRODUCT_OFFICESCAN_CE",
            "managing_server_id": "33111111-1111-AAAA-AAAA-111100000001",
            "ad_domain": "",
            "folder_path": "DOMAIN",
            "ip_address_list": "10.1.1.1",
            "mac_address_list": "00-60-59-A4-70-2D",
            "host_name": "client01",
            "isolation_status": "normal",
            "capabilities": [
                "cmd_restore_isolated_agent",
                "cmd_isolate_agent",
                "cmd_relocate_agent",
                "cmd_uninstall_agent"
            ]
        },
        ...
        {
            "entity_id": "80180123-1059-CCCC-CCCC-111100000010",
            "product": "SLF_PRODUCT_HEADLESS_DSM",
            "managing_server_id": "80180123-1059-694D-BF9D-44CC80320001",
            "ad_domain": "",
            "folder_path": "iptlab",
            "ip_address_list": "100.1.1.10",
            "mac_address_list": "00-50-56-A7-69-10",
            "host_name": "host8",
            "isolation_status": "not_supported",
            "capabilities": []
        }
    ]
}
  4. Verify that the Security Agent can be uninstalled using the API.
    Note:

    If the capabilities parameter contains cmd_uninstall_agent, then the Security Agent can be uninstalled using the API.

  5. Assign a value to host_name. 
    ### Setting the host name of security agent.
print('Setting the host name of security agent.')
host_name = r.json()["result_content"][0]["host_name"]
print("host name:", host_name)

Uninstall the Security Agent

This task uninstalls the specified Security Agent.

  1. Specify the host name of the Security Agent.

    For more information about the "Isolate, Restore, Relocate, or Uninstall Security Agent" API, see https://automation.trendmicro.com/apex-central/api#tag/Update-Agents.

    To successfully uninstall the Security Agent, you must include all of the following parameters in the payload.

    Parameter

    Value

    Purpose

    host_name

    YOUR_HOST_NAME

    Identifies the endpoint on which the Security Agent is installed

    act

    cmd_uninstall_agent

    Uninstalls the Security Agent

    allow_multiple_match

    True

    Allows modification of multiple Security Agents

    You can identify the Security Agent using one or more (any combination) of the following parameters. In this use case, only entity_id is specified.

    Name

    Type

    Description

    entity_id

    String

    GUID of the managed product agent

    host_name

    String

    Endpoint name of the managed product agent

    ip_address

    String

    IP address of the managed product agent

    mac_address

    String

    MAC address of the managed product agent

    product

    String

    Trend Micro product on the server instance

    		 
    ### Using the host name the security agent, and uninstall it.
print('Using the host name the security agent, and uninstall it.')
 
productAgentAPIPath = '/WebApp/API/AgentResource/ProductAgents'
canonicalRequestHeaders = ''
useQueryString = ''
  
payload = {
  "entity_id":"8a1a84550462-40bc9afc-3770-16ac-cd6c",
  "act":"cmd_uninstall_agent",
  "allow_multiple_match":False
  }
useRequestBody = json.dumps(payload) 
  
jwt_token = create_jwt_token(use_application_id, use_api_key, 'POST',
                              productAgentAPIPath + useQueryString,
                              canonicalRequestHeaders, useRequestBody, iat=time.time())
 
headers = {'Authorization': 'Bearer ' + jwt_token , 'Content-Type': 'application/json;charset=utf-8'}
#Choose by call type.
r = requests.post(use_url_base + productAgentAPIPath + useQueryString, headers=headers, data=useRequestBody, verify=False)
    Note:

    If the allow_multiple_match value is False and the specified parameters match multiple agents, the operation will be unsuccessful.

  2. Perform error handling and print the API response. 
    if r.status_code !=200 and r.status_code!=201:
  print('Not successful, please handle your error')
 
# Show the information of agents. 
# print(r.status_code)
# print(json.dumps(r.json(), indent=4))
  3. Verify that the request was successful.

    If your request was successful, the response will be similar to the following:

    200
{
    "result_code": 1,
    "result_description": "Operation successful",
    "result_content": [
     {
       "entity_id":"8a1a84550462-40bc9afc-3770-16ac-cd6c",
       "product":"SLF_PRODUCT_OFFICESCAN_CE",
       "managing_server_id":
          "026332F39EBC-41C19604-02DD-2C5F-EDE5",
       "ad_domain":"",
       "folder_path":"Workgroup",
       "ip_address_list":"192.168.121.132",
       "mac_address_list":"00-0C-29-9B-AB-65",
       "host_name":"OSCECLIENT",
       "isolation_status":"normal",
       "capabilities":[
          "cmd_uninstall_agent",
          "cmd_relocate_agent",
          "cmd_isolate_agent",
          "cmd_restore_isolated_agent"
        ]
    }
  ]
}
    Important:

    Not all Security Agents can be uninstalled using the API. If result_code value is 1 and the result_content value is a null array [], the operation was successful but the specified Security Agent cannot be uninstalled using the API.

  4. Retrieve the list of Security Agents that are managed by the specified server, and assign the response value to r.

    For more information about the "List Security Agents" API, see https://automation.trendmicro.com/apex-central/api#tag/Security-Agents.

    ### (Optional) Check the result in the security agent list.
print('(Optional) Check the result in the security agent list.')
productAgentAPIPath = '/WebApp/API/AgentResource/ProductAgents'
canonicalRequestHeaders = ''
 
useRequestBody = ''
useQueryString='?host_name='+host_name
 
jwt_token = create_jwt_token(use_application_id, use_api_key, 'GET',
                              productAgentAPIPath + useQueryString,
                              canonicalRequestHeaders, useRequestBody, iat=time.time())
   
headers = {'Authorization': 'Bearer ' + jwt_token , 'Content-Type': 'application/json;charset=utf-8'}
r = requests.get(use_url_base + productAgentAPIPath + useQueryString, headers=headers, verify=False)
  5. Perform error handling and print the API response. 
    if r.status_code !=200 and r.status_code!=201:
  print('Not successful, please handle your error')
 
#Show the information of agents. 
print(r.status_code)
print("Please check "+host_name + " agent does not exist:")
print(json.dumps(r.json(), indent=4))
  6. Verify that the specified Security Agent no longer exists.
Feedback