Remove CDBurnerXP optical disc software from Windows endpoints across 32-bit and 64-bit architectures
This Automox Worklet™ detects and removes CDBurnerXP from Windows endpoints. The Worklet inspects both 32-bit and 64-bit Windows uninstall registry hives to locate the installed product, then drives the recorded uninstaller to remove the application without user interaction. Endpoints with no CDBurnerXP install are returned as compliant in a single evaluation pass and skip remediation entirely.
The remediation script reads each matching product's UninstallString from the registry. For installer-package installs that landed under Program Files\CDBurnerXP or Program Files (x86)\CDBurnerXP, the Worklet invokes the recorded unins000.exe with /VERYSILENT and /NORESTART so the uninstaller runs without prompts. For Windows Installer (MSI) installs, the Worklet rebuilds the command as msiexec.exe /x {ProductCode} /qn /norestart, where the ProductCode comes directly from the registry entry. Both paths run under -Wait so the agent does not return until the uninstaller exits.
The Worklet handles the case where both 32-bit and 64-bit installs are present on a single endpoint. The remediation loop walks every matching uninstall key, runs the recorded removal command, and validates the exit code against the accepted success set: 0 (success), 1641 (success, Windows Installer initiated a restart), and 3010 (success, restart required). Any other exit code is treated as a failure and surfaces in the Automox activity log so the admin can triage the endpoint individually.
CDBurnerXP is a freeware optical disc burning tool whose active development ended years ago. Once a product stops shipping updates, every vulnerability discovered in its installer, in its bundled libraries, or in the privileged services it registers on Windows becomes a permanent risk surface. Most modern fleets long ago replaced physical disc burning with ISO mounting, cloud storage, and signed image distribution, so the application is rarely in active use yet still sits in Programs and Features on hundreds of endpoints. Leaving it in place keeps an unmaintained third-party binary under Program Files (x86)\CDBurnerXP, leaves registry entries the agent must continue to evaluate, and adds an item to every software-inventory audit with no offsetting business value.
Running this Worklet on a scheduled policy resolves the UninstallString or ProductCode for CDBurnerXP on every Windows endpoint in scope and runs the silent removal in a single pass. Remote workstations, lab machines, and on-prem servers all receive the same uninstall command, and the activity log records exit codes 0, 1641, or 3010 as success so a partial fleet removal does not have to be reconciled by hand.
Evaluation phase: The Worklet enumerates the uninstall registry keys at HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall and HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall and filters on DisplayName matching CDBurnerXP. Both hives are checked independently so a 32-bit install on a 64-bit endpoint is not missed. When at least one match is found, the Worklet records the install path (commonly Program Files (x86)\CDBurnerXP), captures the UninstallString and any ProductCode value, and flags the endpoint non-compliant. If no match is found, the Worklet exits 0 and the endpoint is reported compliant.
Remediation phase: For each matching uninstall key the script parses the recorded UninstallString. Inno Setup installs run unins000.exe /VERYSILENT /NORESTART. Windows Installer entries are rewritten to msiexec.exe /x {ProductCode} /qn /norestart so the install is removed without a UI prompt or a forced reboot. The Worklet calls Start-Process with -Wait and -PassThru, captures the exit code, and validates it against the accepted set (0, 1641, 3010). The evaluation phase then reruns to confirm the registry entry is gone and the endpoint reports compliant on the next policy sync.
Windows 7 SP1 or later, including Windows 10, Windows 11, Server 2012 R2, Server 2016, Server 2019, and Server 2022
PowerShell 3.0 or later (shipped by default on every supported Windows version above)
Local administrator privileges on the endpoint; the Automox agent runs as SYSTEM and already meets this
Read access to HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall and the Wow6432Node mirror, plus execute access to the recorded UninstallString or msiexec.exe
No active CDBurnerXP process on the endpoint at remediation time; the silent uninstaller will fail if a burn job or the GUI is open
Optional: a maintenance window if endpoints may need a deferred restart after a 3010 exit code from a Windows Installer removal
After a successful run, CDBurnerXP no longer appears in Programs and Features (appwiz.cpl). The uninstall registry key under HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall (and its Wow6432Node mirror) is removed, and the installation directory under Program Files\CDBurnerXP or Program Files (x86)\CDBurnerXP is emptied by the uninstaller. Start Menu shortcuts and any cdb file associations are cleaned up by the recorded uninstaller. Subsequent evaluations exit 0 and the endpoint reports compliant without triggering remediation again.
Validate from PowerShell with Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* | Where-Object DisplayName -like 'CDBurnerXP*' and confirm the command returns no results. Repeat against HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* to cover 32-bit installs. Then run Test-Path 'C:\Program Files (x86)\CDBurnerXP' and Test-Path 'C:\Program Files\CDBurnerXP'; both should return False. For audit evidence, attach the Automox activity log entry showing the recorded UninstallString, the resolved ProductCode, and the exit code returned (0, 1641, or 3010). The Worklet only restores work on an endpoint if CDBurnerXP is reinstalled later, at which point the next evaluation flags the endpoint and remediation runs again.


Loading...
Consider Worklets your easy button
A Worklet is an automation script, written in Bash or PowerShell, designed for seamless execution on endpoints – at scale – within the Automox platform. Worklets deploy named-CVE mitigations within hours of disclosure, perform configuration, remediation, and install or remove applications and settings across Windows, macOS, and Linux.

AUTOMOX + WORKLETS™
Uncover new possibilities with simple, powerful automation.
By submitting this form you agree to our Master Services Agreement and Privacy Policy
By submitting this form you agree to our Master Services Agreement and Privacy Policy.
Already have an account? Log in