Windows - Software Lifecycle - Uninstall AnyDesk

What the AnyDesk uninstaller does

This Automox Worklet™ uninstalls AnyDesk from Windows endpoints by detecting the application's presence in Program Files and removing both the executable and associated system artifacts. The Worklet searches both 32-bit and 64-bit installation directories to guarantee complete removal regardless of application architecture. AnyDesk is a third-party remote access solution that, while legitimate for authorized use, often gets installed without IT department approval, creating compliance and security risks.

When AnyDesk is detected during the evaluation phase, the Worklet executes the application's built-in uninstall command with silent operation flags, followed by cleanup of the installation directory and any residual configuration files. This two-phase approach verifies that neither the executable nor cached settings remain on the endpoint. The remediation process runs with administrative privileges to access protected program directories.

The Worklet targets specific installation paths where AnyDesk typically resides on Windows systems. By automating this removal across your endpoint fleet, you maintain policy compliance and reduce the risk of unauthorized remote access being used to compromise your infrastructure. This is particularly important in organizations subject to security frameworks that require strict control over remote access tools.

Security risks from unauthorized remote access tools

Unauthorized remote access applications create unmonitored backdoors into your environment. When users install AnyDesk without approval, attackers can leverage these tools to bypass network security controls, exfiltrate sensitive data, and establish persistent access that your security monitoring cannot detect. You lose visibility into who accesses endpoints, what credentials authenticate sessions, and what data leaves your network.

AnyDesk installations violate compliance requirements in regulated industries. The application bypasses your identity and access management systems, preventing audit log generation and encryption standard enforcement. Your approved remote support platforms integrate with enterprise security controls, while unmanaged applications like AnyDesk operate outside your security perimeter without oversight.

How AnyDesk removal works

1. Evaluation phase: The Worklet checks both Program Files and Program Files (x86) directories for the presence of AnyDesk.exe. If either installation is detected, the endpoint is flagged as non-compliant and requires remediation.

2. Remediation phase: The Worklet executes AnyDesk.exe with the --remove and --silent flags to perform an unattended uninstallation. After the uninstall process completes, it removes the entire AnyDesk installation directory and all related files using recursive deletion with force flags to guarantee nothing remains.

AnyDesk removal requirements

• Windows 10, Windows 11, Windows Server 2016, or later

• Local Administrator privileges to remove files from Program Files directories

• No active AnyDesk remote sessions (though remediation will proceed regardless)

• PowerShell 3.0 or later for script execution

Outcomes after removing unauthorized remote access

AnyDesk disappears from your endpoints completely, closing unauthorized backdoors and restoring security control. The application no longer appears in Programs and Features, installation directories are deleted, and the AnyDesk service stops running. Your security monitoring regains full visibility into remote access attempts through approved platforms only.

Subsequent evaluations report endpoints as compliant with your remote access policy. Automatic remediation triggers if users reinstall AnyDesk, maintaining continuous enforcement without manual intervention. Your organization demonstrates configuration management compliance across the Windows fleet with consistent application of approved remote support tools.

How to validate uninstall anydesk changes

1. Run this Worklet on a pilot Windows endpoint and review evaluation output for uninstall anydesk.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as Test-Path, Write-Output.

4. Validate remediation effects from script operations such as Test-Path, Write-Output, Start-Process, then rerun evaluation for compliance.

Expected state after uninstall anydesk changes

After remediation, endpoints reflect the target uninstall anydesk configuration and report compliant status in Automox.

You can confirm results by correlating activity logs with evaluation checks (Test-Path, Write-Output) and remediation actions (Test-Path, Write-Output, Start-Process).