Windows - Software Lifecycle - Uninstall Kaspersky Software

What the Kaspersky software uninstaller does

This Automox Worklet™ removes all versions of Kaspersky antivirus and security software from Windows endpoints. The Worklet automatically detects installed Kaspersky products through the Windows registry and executes the appropriate uninstall commands without requiring manual intervention.

The Worklet handles both 32-bit and 64-bit Kaspersky installations on systems running 32-bit or 64-bit Windows. It queries multiple registry locations to maintain complete coverage of all installed Kaspersky versions and variants.

Why remove Kaspersky software from your endpoints

Organizations may need to uninstall Kaspersky to transition to a different security solution, reduce licensing costs, or comply with software policies that restrict specific vendors. Manual uninstall across multiple endpoints is time-consuming and error-prone.

The Worklet automates this process across your entire fleet, verifying consistent removal and eliminating the risk of incomplete uninstalls that could leave registry artifacts or installation files behind. This is particularly valuable when managing large deployments or rapid transitions between security products.

How Kaspersky software removal works

1. Evaluation phase: The Worklet queries the Windows registry at HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall and HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall to detect any installed Kaspersky products. It checks both 64-bit and 32-bit registry hives to identify all Kaspersky versions on the endpoint.

2. Remediation phase: For each detected Kaspersky product, the Worklet extracts the uninstall string and executes it with silent parameters (/VERYSILENT and /NORESTART). If the uninstall string uses MSI format, it invokes msiexec.exe with the /x flag and quiet mode. The Worklet monitors exit codes to verify successful uninstallation.

Kaspersky removal requirements

• Windows 7 or later (Windows 10, Windows 11, Server 2016, Server 2019, Server 2022)

• Administrator privileges required to access registry and execute uninstall commands

• PowerShell 3.0 or later for script execution

• FixNow compatible for immediate deployment without scheduling

Expected state after Kaspersky removal

After the Worklet completes successfully, all Kaspersky software is removed from the endpoint. The Worklet validates removal by checking exit codes from the uninstall processes. Exit codes of 0, 1641 (restart required), or 3010 (restart required) are treated as successful.

You can verify complete removal by checking that no Kaspersky entries appear in the Windows Programs and Features list and that the Worklet returns a successful evaluation on subsequent runs. If you plan to install a different security solution, you can deploy it immediately after the Worklet completes.

How to validate uninstall kaspersky software changes

1. Run this Worklet on a pilot Windows endpoint and review evaluation output for uninstall kaspersky software.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as Write-Output, Get-ChildItem, Get-ItemProperty.

4. Validate remediation effects from script operations such as Kaspersky-Check, Get-ChildItem, Get-ItemProperty, then rerun evaluation for compliance.

For technical validation, compare endpoint state to the Worklet evaluation logic and remediation flow for uninstall kaspersky software. This supports repeatable software lifecycle workflows, faster change control review, and auditable compliance evidence.

Useful script references for this Worklet include evaluation operations such as Write-Output, Get-ChildItem, Get-ItemProperty and remediation operations such as Kaspersky-Check, Get-ChildItem, Get-ItemProperty. Use these indicators to verify that endpoint changes match intended policy outcomes.