align box

How to Troubleshoot Azure ATP (Advanced Threat Protection) Sensor Failed Installs (Installations) - August 2022

    Retrieve your list of servers
    Import the list of servers from a text file into your Remote Desktop Program
    Remote into each Server
    From a command line or PowerShell type: services.msc
    Check to see if the AATPSensor service is running
    Create a TEMP folder in the root of C:\ Drive
    From a command line or PowerShell type: mkdir "C:\temp"
    From a command line or PowerShell type: mkdir "C:\temp\registry backup"
    From a command line or PowerShell type: REGEDIT
    From a command line or PowerShell type: reg export HKCR "C:\temp\registry backup\HKCR.Reg" /y
    From a command line or PowerShell type: reg export HKCR "C:\temp\registry backup\HKCU.Reg" /y
    From a command line or PowerShell type: reg export HKCR "C:\temp\registry backup\HKLM.Reg" /y
    From a command line or PowerShell type: reg export HKCR "C:\temp\registry backup\HKU.Reg" /y
    From a command line or PowerShell type: reg export HKCR "C:\temp\registry backup\HKCC.Reg" /y
    From a command line type: wmic product get name
    From PowerShell type: Get-WmiObject -Class Win32_Product
    From a command line type: MSIEXEC /X {c0bf9f15-5220-4f89-abae-11320e145a37}
    From a command line or PowerShell type: cd "C:\ProgramData\Package Cache\{c0bf9f15-5220-4f89-abae-11320e145a37}\"
    From a command line type: "wmic product get name "Azure ATP Sensor Setup.exe" /uninstall /quiet
    From PowerShell type: $MyApp = Get-WmiObject -Class Win32_Product | Where-Object{$_.Name -eq "Azure Advanced Threat Protection Sensor"}
    From PowerShell type: $MyApp.Uninstall()
    From a command line or PowerShell type: REGEDIT
    Search/Find: Azure Advanced
    From PowerShell type: Get-ChildItem -Path HKLM:\ -Recurse -Include *azure* -ErrorAction SilentlyContinue
    From PowerShell type: Get-ChildItem -Path HKCU:\ -Recurse -Include *azure* -ErrorAction SilentlyContinue
    From PowerShell type: Get-ChildItem -Path HKCC:\ -Recurse -Include *azure* -ErrorAction SilentlyContinue
    From PowerShell type: Get-ChildItem -Path HKCR:\ -Recurse -Include *azure* -ErrorAction SilentlyContinue
    From PowerShell type: Get-ChildItem -Path HKU:\ -Recurse -Include *azure* -ErrorAction SilentlyContinue
    From PowerShell type: Get-ChildItem -Path HKLM:\ -Recurse -Include *atp* -ErrorAction SilentlyContinue
    From PowerShell type: Get-ChildItem -Path HKCU:\ -Recurse -Include *atp* -ErrorAction SilentlyContinue
    From PowerShell type: Get-ChildItem -Path HKCC:\ -Recurse -Include *atp* -ErrorAction SilentlyContinue
    From PowerShell type: Get-ChildItem -Path HKCR:\ -Recurse -Include *atp* -ErrorAction SilentlyContinue
    From PowerShell type: Get-ChildItem -Path HKU:\ -Recurse -Include *atp* -ErrorAction SilentlyContinue
    THIS BASICALLY BRINGS US TO THE END OF RUNNING A NUKE UNINSTALL REMOVAL OF AZURE ATP (ADVANCED THREAT PROTECTION)
    NOW WE WANT TO BEGIN THE INSTALL/REINSTALL
    From a command line or PowerShell type: cd "C:\temp\AdvancedThreatProtection"
    From a command line type: "Azure ATP sensor Setup.exe" /quiet NetFrameworkCommandLineArguments="/q" AccessKey="jdkjfaojdfjajlkjflaijdjsajdfidfjaindifnaindinjk3iijjj030j33820j0jdd"