Linux - Software Lifecycle - Uninstall Kaspersky Software

What the Kaspersky Uninstaller does

This Automox Worklet™ removes Kaspersky Endpoint Security (kesl) from Linux endpoints. The Worklet detects which package manager installed Kaspersky and uses the appropriate removal command to uninstall the software completely.

After package removal, the Worklet deletes Kaspersky-related directories including /opt/kaspersky, /etc/opt/kaspersky, and /var/opt/kaspersky. This thorough cleanup removes configuration files, databases, and logs that would otherwise persist after uninstallation.

The Worklet performs a final verification to confirm that both the package and directories are removed before reporting success.

Why remove Kaspersky from your Linux fleet

Running multiple endpoint security solutions simultaneously creates resource contention, kernel conflicts, and performance degradation. When Kaspersky remains installed alongside replacement security software, endpoints experience high CPU usage, memory exhaustion, and driver conflicts that cause system instability. Organizations cannot maintain dual security agents indefinitely, yet manual removal across distributed Linux fleets is time-consuming and error-prone.

Manual removal of endpoint security products across a Linux fleet is time-consuming and error-prone. Each endpoint may have different configurations, and incomplete removal can leave orphaned files and services. This Worklet standardizes the removal process and provides verification that Kaspersky is fully uninstalled.

The Worklet handles the complexity of supporting multiple Linux distributions and package managers, allowing you to target mixed environments with a single policy.

How Kaspersky removal works

1. Evaluation phase: The Worklet checks for Kaspersky Endpoint Security (kesl) across multiple package managers. It queries rpm -qa, dpkg-query -l, dnf list installed, yum list installed, and zypper search --installed-only to detect if kesl is present. If found through any package manager, the endpoint is flagged for remediation.

2. Remediation phase: The Worklet removes Kaspersky using the appropriate command: rpm -e, apt-get remove --purge, dnf remove, yum remove, or zypper remove. It then deletes the directories /opt/kaspersky, /etc/opt/kaspersky, and /var/opt/kaspersky. A final check confirms that both the package and directories are removed.

Kaspersky removal requirements

• Linux endpoint with rpm, apt, dnf, yum, or zypper package manager

• Root or sudo privileges for package removal and directory deletion

• Kaspersky Endpoint Security (kesl) package installed on the endpoint

Expected state after Kaspersky removal

After successful remediation, Kaspersky Endpoint Security is completely removed from the endpoint. The kesl package no longer appears in the system's package database, and the Kaspersky directories under /opt, /etc/opt, and /var/opt are deleted. The endpoint no longer runs Kaspersky protection services.

Verification: Verify package removal by running the appropriate command for your package manager: rpm -qa | grep kesl, dpkg -l | grep kesl, or equivalent. Confirm directory removal with ls /opt/kaspersky which should return "No such file or directory". Check process list with ps aux | grep kesl to confirm no Kaspersky processes are running. Deploy replacement endpoint protection before or immediately after removing Kaspersky to maintain continuous security coverage.

How to validate uninstall kaspersky software changes

1. Run this Worklet on a pilot Linux endpoint and review evaluation output for uninstall kaspersky software.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as exit, elif, else.

4. Validate remediation effects from script operations such as remove_kaspersky_endpoint_security, sudo, elif, then rerun evaluation for compliance.