Windows - Software Lifecycle- Remove Automox Remote Control Application

What the Remote Control Remover does

This Automox Worklet™ completely removes the Automox Remote Control module from Windows endpoints. The Worklet targets all Remote Control components, including the remotecontrold.exe service, cloudflared tunneling agent, TightVNC remote access software, and related configuration files.

The removal process is comprehensive and multi-stage. The Worklet first stops any running processes, then removes Windows services, uninstalls TightVNC through MSI, deletes all binary files and log files, and finally removes the Remote Control configuration directory and temporary folders.

By design, the evaluation phase only detects the presence of Remote Control components. No removal occurs during evaluation, verifying you can preview what the Worklet will affect before remediation runs.

Why remove Automox Remote Control from endpoints

Organizations transitioning away from remote support tools or consolidating security software need to cleanly remove Remote Control without leaving behind orphaned processes. Security audits flag remote access software as potential attack vectors when not actively monitored or licensed. You may need to remove Remote Control when decommissioning endpoints, revoking remote access capabilities, consolidating support tools, or managing licensing. Removing unused software reduces security surface area and prevents accidental remote access connections through orphaned services.

The Worklet provides clean, safe removal without manual intervention. Rather than manually hunting for scattered binaries and registry entries, the automated removal ensures no stray Remote Control components remain on the endpoint that could restart automatically or consume resources.

How Automox Remote Control removal works

1. Evaluation phase: Scans the endpoint for Remote Control components including remotecontrold and cloudflared processes, TightVNC services, binary files in the Automox modules directory (such as remotecontrold.exe, cloudflared.exe, and dialog.exe), configuration files, log files, TightVNC MSI packages, and registry entries. Returns exit code 2 if any components are found, or exit code 0 if the endpoint is clean.

2. Remediation phase: Stops remotecontrold and cloudflared processes, removes the remotecontrold and TightVNC services, uninstalls TightVNC through the MSI uninstall string or product code, deletes all Remote Control binary files (remotecontrold.exe, cloudflared-windows-amd64.exe, cloudflared-windows-386.exe, cloudflared.exe, dialog.exe), removes all log files and configuration files (config.json, rc-module.log, rc-module-install-stdout.log, rc-stdout.log, rc-stderr.log), and removes the entire Remote Control temporary directory. Provides detailed logging throughout the removal process.

Remote Control removal requirements

• Windows 10, Windows 11, Windows Server 2016, or later

• Local Administrator privileges on the endpoint

• Remote Control application must be installed in the default Automox modules path (%ProgramFiles%\Automox\modules\rc or %ProgramFiles(x86)%\Automox\modules\rc)

• PowerShell execution is enabled on the endpoint

• The Worklet will not remove Remote Control components installed in non-standard locations

Expected state after Remote Control removal

After successful remediation, the endpoint will have no Automox Remote Control services running or installed with all components cleanly removed. The remotecontrold and TightVNC services will be removed from the Windows service manager, all Remote Control executables and configuration files will be deleted, and the Remote Control module directory will be empty or removed.

Verify successful removal by checking that no remotecontrold or cloudflared processes appear in Task Manager, no TightVNC services exist in Services (services.msc), and the %ProgramFiles%\Automox\modules\rc directory no longer contains any Remote Control files. Subsequent Worklet evaluations will return exit code 0, confirming complete removal.

How to validate windows - software lifecycle- remove automox remote control application changes

1. Run this Worklet on a pilot Windows endpoint and review evaluation output for windows - software lifecycle- remove automox remote control application.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as Get-WmiObject, Write-Host, Get-Service.

4. Validate remediation effects from script operations such as Get-Date, New-TimeSpan, New-Variable, then rerun evaluation for compliance.