Windows - Software - Uninstall Palo Alto GlobalProtect

What the GlobalProtect removal Worklet does

This Automox Worklet™ removes Palo Alto GlobalProtect from Windows endpoints by scanning for both 32-bit and 64-bit installations in the system registry. The Worklet identifies all instances of the GlobalProtect application and executes the appropriate uninstall procedure for each one found.

The Worklet automatically detects whether GlobalProtect was installed using an MSI package or an executable installer, then executes the correct uninstall method for complete removal. This approach prevents installation failures caused by conflicting VPN client software or outdated versions.

GlobalProtect uninstallation often fails when performed manually due to permissions issues or incomplete removal of registry entries. This Worklet bypasses these challenges by running with elevated privileges and managing both the executable-based and MSI-based uninstall paths.

Why remove GlobalProtect from your network

Organizations frequently need to migrate away from Palo Alto GlobalProtect due to network architecture changes, business decisions, or transitions to alternative VPN solutions. Leaving orphaned VPN client software can cause connection conflicts, slow performance, and complicate future security appliance deployments.

Automating GlobalProtect removal delivers consistent cleanup across all endpoints. This eliminates the variability of manual uninstallation processes and reduces support tickets related to failed uninstalls or partial removals. Your endpoints remain clean and ready for new security tools or network configurations.

Using this Worklet saves IT operations teams time by eliminating the need for remote desktop sessions or user intervention to remove software. The automation scales effortlessly to hundreds or thousands of endpoints, completing removals during maintenance windows or immediately when needed.

How GlobalProtect removal works

1. Evaluation phase: The Worklet queries the Windows registry to detect all installed instances of GlobalProtect in both the native 64-bit registry location (HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) and the 32-bit compatibility location (HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall). It flags the endpoint for remediation if any instances are found.

2. Remediation phase: The Worklet executes in a 64-bit PowerShell context and retrieves the uninstall string from the registry for each GlobalProtect instance. For MSI-based installations, it runs msiexec with the silent and no-restart flags. For executable-based installations, it runs the uninstall program with the silent parameter (/S). The Worklet verifies successful completion by checking exit codes (0, 1641, or 3010 indicate success) and reports results to the Automox Activity Log.

GlobalProtect removal requirements

• Windows 7, Windows 10, Windows 11, or Server 2008 R2 and later

• Endpoint must have administrator privileges assigned to the Automox agent

• GlobalProtect must be installed as a Windows application (registry entry required)

• Supports both 32-bit and 64-bit versions automatically

• FixNow compatible for immediate execution

Expected state after GlobalProtect removal

After successful remediation, GlobalProtect will be completely uninstalled from the endpoint. The Worklet removes all application files, registry entries, and associated services. Endpoints no longer connect through the Palo Alto GlobalProtect VPN client, and the software no longer appears in the Windows Control Panel or registry uninstall locations.

If GlobalProtect was your active VPN connection method, endpoints lose that connectivity after removal. Plan GlobalProtect uninstallation for times when alternative network access is available, or schedule removal during maintenance windows when VPN access is not required. Subsequent Worklet evaluations on the same endpoint will exit clean since GlobalProtect is no longer detected.