Help CenterPlease Note: Uninstalling ThreatLocker is not a solution to issues, and it can make them harder to diagnose. If you are experiencing issues, please contact our Cyber Hero Team.
Uninstalling with MDM (Recommended)
To silently uninstall the ThreatLocker Mac Agent using an MDM solution, additional prerequisites must be met to ensure the uninstall process is not blocked by built-in protections, such as Tamper Protection, or by enforced configuration profiles.
Prerequisites
ThreatLocker deployments using MDM typically rely on a two-part Configuration Profile setup. Under normal operation, both profiles are installed and actively enforce protections on the device.
Uninstall Process
-
Remove the “ThreatLocker Startup & Lock” Configuration Profile - Before initiating the uninstall, instruct your MDM to remove the Configuration Profile labeled “ThreatLocker Startup & Lock.”
-
The Startup & Lock profile prevents anything from deactivating or removing the ThreatLocker System Extension.
-
IMPORTANT NOTE: Do not remove the “ThreatLocker Configuration” profile. This profile must remain in place to grant the agent Full Disk Access, which is required for the uninstall process to complete successfully.
-
-
Disable Tamper Protection - In the ThreatLocker Portal, disable Tamper Protection for the target device(s). For information on how to disable Tamper Protection, please refer to the following article:
-
Enable Silent Uninstall - In the ThreatLocker Portal, set the “AllowSilentUninstall” option on the applicable device or device group. For information on how to add an Option, please refer to the following article:
-
- This explicitly permits the agent to be removed without user interaction.
-
Confirm Policy Sync - Ensure the device has received and applied all changes from Steps 1–3.
-
-
This may require a device check-in or manual sync, depending on your MDM.
-
-
Deploy the Uninstall Script via MDM - Once all prerequisites are satisfied, push the official uninstall script through your MDM solution. The uninstall script can be found here.
-
Verify Removal - After successful execution:
-
- The ThreatLocker agent will be removed from the device.
- The device will no longer appear in the ThreatLocker Portal.
Please Note: Skipping any of the above steps may result in the uninstall failing. Timing and policy propagation are critical, so ensure devices are fully synchronized before executing the uninstall script.
Uninstalling Without MDM
To uninstall the ThreatLocker Mac Agent without an MDM, the following prerequisites must be met to ensure the uninstall process is not blocked by built-in Tamper Protection or agent misconfiguration.
-
Disable Tamper Protection - In the ThreatLocker Portal, disable Tamper Protection for the target device(s). For information on how to disable Tamper Protection, please refer to the following article:
-
Verify Full Disk Access permissions for ThreatLocker – The ThreatLocker Agent requires Full Disk Access to complete the uninstall process. This can be verified by right-clicking the ThreatLocker Menu bar icon and checking that Agent Full Disk Access is set to Granted.
It can also be verified by navigating to System Settings, selecting Privacy & Security, and choosing Full Disk Access.
From Full Disk Access, locate the ThreatLocker Agent option and confirm that the switch is turned ON, granting Full Disk Access
-
Stop the ThreatLocker process - Stop the ThreatLocker process by running the following command in macOS terminal:
pkill -9 -x "ThreatLocker"
-
Uninstall ThreatLocker - Uninstall ThreatLocker by running the following command in macOS terminal:
open "/Applications/ThreatLocker.app" --args -uninstall
-
Verify Removal - After successful execution:
-
- The ThreatLocker agent will be removed from the device.
- The device will no longer appear in the ThreatLocker Portal.
Please Note: Skipping any of the above steps may result in the uninstall failing or being incomplete.