MacOS
View all Worklets
MacOSmacOS

macOS - Software Lifecycle- Remove Automox Remote Control Application

Removes Automox Remote Control application and components from macOS endpoints

Worklet Details

What the Remote Control Uninstaller does

This Automox Worklet™ removes the Automox Remote Control application and all related components from macOS endpoints. The Worklet detects and removes the remotecontrold daemon, cloudflared tunnel client, dialog utilities, and any associated VNC applications including TightVNC and OSXvnc.

The Worklet also removes system launch services (launchd daemons) that manage remote control functionality, configuration files, log files, and temporary directories. This maintains complete removal of remote access capabilities from the endpoint.

The process includes safe handling of processes to avoid conflicts with other system software, such as Cloudflare WARP, which shares a process name but serves different functions.

Why remove Remote Control from your endpoints

Remote control software running on endpoints creates an attack vector that security auditors flag during compliance reviews. Organizations transitioning away from remote control capabilities or consolidating support tools need to cleanly remove these components without leaving behind orphaned processes or configuration files. Removing remote control capabilities reduces your endpoint's attack surface and gives users explicit control over what remote access tools are installed. If your organization no longer requires remote access capabilities or is transitioning to different remote support solutions, uninstalling Remote Control maintains no orphaned processes consume system resources.

Organizations with strict security policies may require removing remote access tools that are not in active use. This Worklet automates the removal process and maintains consistent cleanup across your fleet, eliminating the need for manual uninstallation on individual endpoints.

Complete removal of Remote Control components prevents accidental re-enablement and verifies that subsequent vulnerability patches or updates to remote access tools do not affect endpoints where you have intentionally disabled remote support.

How Remote Control removal works

  1. Evaluation phase: Checks for presence of Remote Control components by scanning running processes (remotecontrold, cloudflared, dialog, osxvnc), files in /Library/Application Support/Automox/modules/remotecontrol/, launchd services, and application bundles in /Applications/. Returns exit code 2 if components are found, exit code 0 if the system is clean.

  2. Remediation phase: Stops running Remote Control processes with filters to avoid terminating unrelated system processes. Removes launchd services for Remote Control components and VNC applications. Calls the remotecontrold uninstaller executable if present. Uninstalls TightVNC and OSXvnc by removing their application bundles, package receipts, preferences, and launch agents. Deletes all module files, executables, configuration files, log files, temporary directories, and the Automox Remote Control application bundle.

Remote Control removal requirements

  • macOS endpoints (Monterey or later recommended)

  • Standard user or administrator credentials to stop processes and modify /Library/ directories

  • Remote Control application previously installed on the endpoint

  • No active remote control sessions (they will be terminated during remediation)

Expected state after Remote Control removal

After successful remediation, the endpoint will have no Remote Control application, associated processes, or system services running. All related executables (remotecontrold, cloudflared, dialog), configuration files, and log files are deleted. The system is restored to its original state without remote control capabilities.

Any active remote control sessions are terminated, and subsequent attempts to establish remote connections fail because the supporting infrastructure has been removed. The Worklet generates detailed logs documenting which components were removed and the overall success or failure of the uninstallation process for troubleshooting if needed.

How to validate macos - software lifecycle- remove automox remote control application changes

  1. Run this Worklet on a pilot macOS endpoint and review evaluation output for macos - software lifecycle- remove automox remote control application.

  2. Confirm Automox activity logs show successful completion and exit code 0.

  3. Verify endpoint state using checks aligned to evaluation script logic, such as else, pkgutil, exit.

  4. Validate remediation effects from script operations such as set, runtime, local, then rerun evaluation for compliance.

View in app
evalutation image
remediation image

Consider Worklets your easy button

What's a Worklet?

A Worklet is an automation script, written in Bash or PowerShell, designed for seamless execution on endpoints – at scale – within the Automox platform. Worklet automation scripts perform configuration, remediation, and the installation or removal of applications and settings across Windows, macOS, and Linux.

do more with worklets