Windows - Software - Uninstall Splashtop Business

What the Splashtop Business uninstaller does

This Automox Worklet™ removes Splashtop Business remote access software from Windows endpoints. The Worklet inspects both the 64-bit and 32-bit Windows uninstall registry hives, locates every install of Splashtop Business by DisplayName, and runs the vendor uninstaller in silent mode. Endpoints without Splashtop Business installed pass the evaluation phase and are skipped, so the policy is safe to schedule fleet-wide.

The evaluation script reads the uninstall keys at HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall and HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall. The remediation script reads the same keys, pulls the UninstallString value for each match, and dispatches the correct command form. MSI-based installs are removed with msiexec.exe /x {GUID} /qn /norestart, where the GUID is the PSChildName of the registry subkey. EXE-based installs are removed by invoking the vendor uninstaller (typically C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\uninstaller.exe) with the /S silent flag.

On 64-bit Windows the remediation relaunches itself through sysnative\WindowsPowerShell\v1.0\powershell.exe so the script runs as a native 64-bit process. That detail matters because the 32-bit PowerShell host the agent sometimes spawns cannot see the 64-bit registry view, and Splashtop Business installs there on most modern endpoints. Exit codes 0, 1641, and 3010 are all treated as success so that pending-reboot scenarios are not mislabeled as failures.

Why remove Splashtop Business from Windows endpoints

Splashtop Business is a sanctioned remote access tool in many shops, but lingering installs after a vendor change, a contractor offboarding, or a tool consolidation are a real attack surface problem. Every remote access agent is an inbound channel into the endpoint. When a tool is no longer in use, its agent still listens, still calls home, and still ships with a credential set that the security team is no longer rotating. Removing the binary closes the channel and reduces the third-party software inventory the team has to track for CVE advisories.

This Worklet runs the same evaluation logic on the executive laptop, the warehouse kiosk, and the server in a colocation rack: relaunch under sysnative PowerShell so the 64-bit Uninstall hive is visible, locate the Splashtop Business entry, and call msiexec /x /qn /norestart against the resolved ProductCode. Exit codes 0, 1641, and 3010 are treated as success so a pending-reboot endpoint is not mislabeled, and each result reports back to the Automox activity log so the team can prove the install has actually left every host.

How Splashtop Business removal works

1. Evaluation phase: The Worklet enumerates subkeys under HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall and HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall, reads the DisplayName value of each, and matches against the string Splashtop Business. On 64-bit Windows it opens the 64-bit registry view through Microsoft.Win32.RegistryKey to avoid WOW64 redirection. Any match flags the endpoint non-compliant with Exit 1 and a Write-Output line in the activity log; a clean endpoint exits 0.

2. Remediation phase: The remediation script re-runs the same registry sweep, this time collecting the UninstallString and PSChildName for each match. If the UninstallString matches msiexec, the Worklet runs Start-Process msiexec.exe -ArgumentList "/x $($version.PSChildName) /qn /norestart" -Wait -PassThru. Otherwise it runs Start-Process $uninstString -ArgumentList '/S' -Wait -PassThru, which invokes the Splashtop uninstaller.exe binary in C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\. Each invocation is checked for exit codes 0, 1641, or 3010 before the registry key is recorded as uninstalled.

Splashtop Business removal requirements

• Windows 10, Windows 11, Windows Server 2016, 2019, 2022, or later

• Splashtop Business installed under C:\Program Files (x86)\Splashtop\ or registered in the standard uninstall registry hive

• SYSTEM or local administrator privileges (the Automox agent runs as SYSTEM by default and already satisfies this requirement)

• Both 32-bit and 64-bit Splashtop Business builds are handled; no architecture flag needs to be set on the policy

• No active remote session on the endpoint at runtime, because the uninstaller terminates the SRService and SRManager services before removing files

• Outbound HTTPS to the vendor licensing endpoint is not required for removal; the script does not contact Splashtop infrastructure

Expected state after Splashtop Business removal

After a successful run, the Splashtop Business entry disappears from the Windows uninstall registry under both HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall and HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall. The C:\Program Files (x86)\Splashtop\ directory is removed by the vendor uninstaller, and the SRService and SRManager Windows services no longer appear in Get-Service output. Start menu shortcuts under %ProgramData%\Microsoft\Windows\Start Menu\Programs\Splashtop are also deleted by the uninstaller. The Activity Log records the line Splashtop Business uninstall was successful with exit code 0.

Validate the change by running Get-ItemProperty HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Where-Object DisplayName -match 'Splashtop' and confirming the result is empty. Re-run the Worklet's evaluation phase as a second check; a clean endpoint exits 0 with the line Splashtop Business was not found. Now Exiting. If exit code 3010 is reported, schedule a reboot to complete the removal of any locked binaries left by the SRService driver. End users will no longer be able to launch Splashtop Business from the Start menu, and inbound remote access sessions over the Splashtop relay will fail to connect because the local service is gone. Confirm an alternative remote support workflow is in place before scoping this Worklet to endpoints used by remote support staff.