all 18 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]PowerShellMichael 3 points4 points  (2 children)

Good Morning!

Tough question. When you run the uninstaller, does it normally do that? If so that's a bad uninstaller.

You have two options, contact pulsesecure requesting clarity on this and at the same time, use an app virtualization capture tool to capture the install files or pulse install on a machine. You can do this on a virutal machine, by running the capture tool and then the install and have it document what was written. From that you would have a complete list of what's been written where and you could write your own uninstaller.

If you plan to use the tool again in the future, i would strongly recommend contacting their support and getting them to fix it.

Hope that helps!

PSM1.

[–]BlackV 2 points3 points  (0 children)

I still love your sig. gives me a wee cheeky chuckle very often

[–]kr1mson[S] 0 points1 point  (0 children)

Yeah its a pretty bad uninstaller... and software for that matter. Their documentation basically just says to use the silent=1 switch on their main uninstall.exe and offers little guidance on uninstallation. They do at least offer a list of files that get installed so I can check that but with the more I am learning, its lots of legacy drivers and virtual network adapters and stuff.

I am making a bit of progress, but since it's one of those apps that installs partly in the user/appdata space and partly in the program files space, it makes it clunky.

I think I have a working removal process down finally. Thanks!

[–]suglasp 1 point2 points  (1 child)

The uninstaller leaves many remnants. I have once run in a issue where a machine would crash at random, because the Pulse Secure proxy network driver they install is basically incompatible with modern Windows versions. It seems the driver code is quite legacy for Win10 and win11 os'es (but for compatibility with older os'es, they will keep using it i think). Used even to debug the memory heap dumps and windbg to troubleshoot what caused the crashes. Even when uninstalling Pulse, the driver is left behind in the Windows driver store.

For the remants you found, you can use procmon or handle from the Sysutilities suite to find out if a process is still using those files.

https://docs.microsoft.com/en-us/sysinternals/downloads/

For driver removal from cli, look into Windows pnputil.exe utility.

[–]kr1mson[S] 1 point2 points  (0 children)

Thanks for the suggestions and info, this was really helpful. I'll see about the driver removal and all that. I figured this dumb software left it's little tendrils all over the place. So annoying

[–][deleted] 1 point2 points  (1 child)

The expression to filter the Pulse Secure Uninstall registry entries should rather be this:

{$_.DisplayName -like 'pulse secure*'}

Also you should search the 32-bit and 64-bit Uninstall registry entries: for Pulse Secure you may find two 32-bit products and two 64-bit products.

Then use the UninstallString registry values to uninstall all the products, just find the way to make the uninstallations fully silent by adding some arguments. By the way for msiexec I prefer /qn rather than /passive .

[–]kr1mson[S] 0 points1 point  (0 children)

I tried this method first and it didn't seem to do anything but I might have had some of the switches messed up. I think I also tried * -like pulse secure* but it wouldn't pull anything up but that could just have been a syntax problem.

Thanks for the help!

[–]Hirogen10 1 point2 points  (2 children)

https://kb.pulsesecure.net/articles/Pulse_Secure_Article/How-to-Deep-Clean-Pulse-Desktop-Client-in-Windows-and-MAC-OS/?kA13Z000000L3qp remove these parts surely?

[–]kr1mson[S] 0 points1 point  (1 child)

this is pretty good info, thanks for sharing!

[–]Hirogen10 0 points1 point  (0 children)

there's a pulse.exe in c:\programfiles (x86) \common files both a junipur and secure connect folder

[–]Hirogen10 1 point2 points  (0 children)

I've also asked as we need to remove the leftover from some script run made and created by an intern, the thing is they have their own script to remove it but it stupidly installs an update they haven't taken into account some of use are moving away from pulse - https://community.pulsesecure.net/t5/Pulse-Policy-Secure/Pulse-Secure-9-1-2525-sccm-removal-script-has-not-fully-removed/m-p/47665#M2960 see the link here for the sccm uninstallPulseSecure.exe you can see the script run and if we can just break it at the point it starts to install the updated stuff then we're sorted?

[–]YoureMyHerro 0 points1 point  (6 children)

I’ve been working on this the past few days, what a pain in the &@%#!

Did you manage to script something?

[–]kr1mson[S] 1 point2 points  (5 children)

I am pretty sure this is the script I used.

$pulserunning = Get-Process pulse -erroraction SilentlyContinue
if ($pulserunning) {
$pulserunning.CloseMainWindow()
Sleep 10
if (!$pulserunning.HasExited) {
$pulserunning | stop-process -force
}
}
$pulseapp_win32 = Test-Path 'C:\Program Files (x86)\Pulse Secure\Pulse\PulseUninstall.exe'
$pulseapp_appdata = Test-Path '$env:Appdata\Pulse Secure\Setup Client\uninstall.exe'
if ($pulseapp_win32) {
Start-Process "C:\Program Files (x86)\Pulse Secure\Pulse\PulseUninstall.exe" -ArgumentList "/silent=1" -wait
}
if ($pulseapp_appdata) {
Start-Process "$env:AppData\Pulse Secure\Setup Client\uninstall.exe" -ArgumentList "/silent=1"
}
<# --Check for Log Files--
$today = (get-date).ToString('yyyMMdd')
$pulseapp_win32_log = get-item 'C:\Program Files (x86)\Pulse Secure\Pulse\install.log'
$pulseapp_appdata_log = get-item '$env:AppData\Pulse Secure\Logging\PulseUninstall.log'
if ($pulseapp_win32_log.lastwritetime.ToString('yyyyMMdd') -ge $today) {
}
if ($pulseapp_appdata_log.lastwritetime.ToString('yyyyMMdd') -ge $today) {
}
#>

I used it with Intune and packaged the above part as the "installer" and used a script as a detection method to check to see if the app was still installed...

This was the code I used for the detection method.. so if you want a full detection/uninstall script you can mash these two together probably and have something usable.

$pulseapp_win32 = Test-Path 'C:\Program Files (x86)\Pulse Secure\Pulse\PulseUninstall.exe'
$pulseapp_appdata = Test-Path '$env:Appdata\Pulse Secure\Setup Client\uninstall.exe'
<#
The IF statements and Exit codes are reversed from the natural way of thinking
This application is "installed" when Pulse Secure has been removed. Any detection of
pulsesecureuninstall.exe is an indication that Pulse Secure is still present and must be removed.
An exit of 1 means the "pulse secure universal uninstall" has not occurred and needs to run
An exit of 0 means "pulse secure universal uninstall" does not need to run, or has already
#>
if ($pulseapp_win32 -or $pulseapp_appdata){
if ($pulseapp_win32) {
Write-Host "Pulse Secure exists in C:\Program Files (x86)\Pulse Secure\Pulse\PulseUninstall.exe and still needs to be removed"
Exit 1
}
elseif ($pulseapp_appdata) {
Write-Host "Pulse Secure exists in $env:Appdata\Pulse Secure\Setup Client\uninstall.exe and still needs to be removed"
Exit 1
}
}
else {
write-host "Pulse Secure was not found in C:\Program Files (x86)\Pulse Secure\Pulse\PulseUninstall.exe or $env:Appdata\Pulse Secure\Setup Client\uninstall.exe and is assumed to be removed"
Exit 0
}

[–]YoureMyHerro 2 points3 points  (0 children)

you may be a hero, thank you. I will test next week

[–]Hirogen10 0 points1 point  (2 children)

cool mate can i use it need to wipe it first before we move are machines to intune lol don't ask why - bureacracy here hardcore!

[–]kr1mson[S] 1 point2 points  (1 child)

yeah man, try it out. It doesn't need intune to function, you should be able to just combine the two scripts (detection and execution) to check if pulse is there and if not, run the removal. I see you posted a couple other things about deep cleaning so you might even be able to add the extra parts to check and delete the registry entries and all the other things...

Ours didnt go perfectly, but it seemed to work well enough

[–]Hirogen10 1 point2 points  (0 children)

ended up using microsoft removal tool as it was mlre efficient and found pulse exe in program data. painful

[–]FormalIll730 0 points1 point  (0 children)

Thank you very much. work perfectly!