macOS - Software Lifecycle - Uninstall Rapid7 Insight Agent

What the Rapid7 Insight Agent uninstaller does

This Automox Worklet™ removes the Rapid7 Insight Agent from macOS endpoints using Rapid7's official uninstaller. The Worklet detects whether the agent is installed by checking the launchctl service list and the /opt/rapid7 directory, then downloads and executes the appropriate uninstaller for your endpoint's architecture.

The Worklet supports both Intel (x86_64) and Apple Silicon (ARM64) architectures, automatically selecting the correct uninstaller variant based on your endpoint's processor type. This maintains clean, architecture-specific removal of all agent components.

Why remove Rapid7 Insight Agent from macOS

Organizations may need to uninstall the Rapid7 Insight Agent for several reasons: decommissioning endpoints, switching to alternative vulnerability management solutions, reducing endpoint overhead, or complying with security policies that restrict third-party monitoring agents.

Using the vendor's official uninstaller maintains complete removal of all agent files, registry entries, and services. This approach prevents orphaned processes and partial installations that could cause compatibility issues with other security tools or create unnecessary system overhead.

How Rapid7 agent uninstallation works

1. Evaluation phase: The Worklet checks whether Rapid7 Insight Agent is installed by querying the launchctl daemon list for the com.rapid7.ir_agent service and verifying the presence of the /opt/rapid7 directory. If the agent is found, the Worklet flags the endpoint for remediation.

2. Remediation phase: The Worklet determines the endpoint's architecture (ARM64 or x86_64) and downloads the corresponding Rapid7 uninstaller script directly from Rapid7's official storage endpoint. It then executes the uninstaller with the uninstall parameter to remove all agent components, services, and related files.

Rapid7 agent removal requirements

• macOS 10.13 or later (Intel or Apple Silicon architecture)

• Administrator or sudo privileges required to remove system services and files from /opt/rapid7

• Internet access required to download the official Rapid7 uninstaller script from Rapid7's cloud storage

• Rapid7 Insight Agent must be installed on the endpoint for the Worklet to perform remediation

Expected macOS state after Rapid7 removal

After the Worklet successfully completes, the Rapid7 Insight Agent will be completely removed from the endpoint. You can verify successful removal by checking the Applications folder or by searching for the application in Spotlight. The launchctl daemon will no longer list the com.rapid7.ir_agent service, the /opt/rapid7 directory will be deleted, and all related processes and system services will be terminated.

Rapid7 will no longer collect vulnerability data or endpoint information from the endpoint. The endpoint will be free to install alternative monitoring agents or security tools without conflicts from residual Rapid7 components. You can verify successful removal by running launchctl list and confirming that no Rapid7 services appear in the output.

How to validate uninstall rapid7 insight agent changes

1. Run this Worklet on a pilot macOS endpoint and review evaluation output for uninstall rapid7 insight agent.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as function, elif, else.

4. Validate remediation effects from script operations such as function, elif, else, then rerun evaluation for compliance.

For technical validation, compare endpoint state to the Worklet evaluation logic and remediation flow for uninstall rapid7 insight agent. This supports repeatable software lifecycle workflows, faster change control review, and auditable compliance evidence.

Useful script references for this Worklet include evaluation operations such as function, elif, else and remediation operations such as function, elif, else. Use these indicators to verify that endpoint changes match intended policy outcomes.