Linux - Software Lifecycle - Uninstall Splashtop Streamer

What the Splashtop Streamer uninstaller does on Linux

This Automox Worklet™ uninstalls Splashtop Streamer from Linux endpoints, including Debian, Ubuntu, RHEL, CentOS, Rocky, Alma, Fedora, and SUSE hosts. The Worklet detects every common Splashtop install fingerprint, runs the right removal path for the package manager in front of it, and scrubs the configuration, log, and state directories the vendor leaves behind. The result is an endpoint where the splashtop-streamer command, /opt/splashtop-streamer tree, and SRStreamer service are all gone in a single policy run.

The remediation script begins by stopping the service with systemctl stop splashtop-streamer.service, then falls back to service splashtop-streamer stop on hosts without systemd. When /opt/splashtop-streamer/uninstall.sh exists and is executable, the Worklet runs it in silent mode (-s) first, because the vendor uninstaller knows how to detach the SRStreamer daemon and remove the audio plug-in cleanly. Package removal then runs through apt-get remove --purge splashtop*, dpkg -r and --purge for any leftovers, dnf -y remove, yum -y remove, zypper -n remove, or rpm -e, depending on what the endpoint provides.

Finally, the Worklet performs a recursive rm -rf against /opt/splashtop-streamer, /etc/init.d/splashtop-streamer, /var/log/splashtop*, /var/lib/splashtop*, and /etc/splashtop*. A post-removal verification confirms the splashtop-streamer command is no longer on PATH and /opt/splashtop-streamer is gone; if either check still passes, the script exits 1 so the failure surfaces in Automox activity logs instead of looking like a clean run.

Why uninstall Splashtop Streamer from Linux endpoints

Splashtop Streamer is the agent that lets a remote technician take over the Linux endpoint, so an unmanaged install is a standing inbound remote access path that bypasses your sanctioned support tooling and audit trail. Shadow-IT remote support agents like this also collect screen, clipboard, and file-transfer history under /var/log/splashtop* and /var/lib/splashtop*, which becomes a data-exposure problem if the host is decommissioned without sanitization. Cleaning up only the package leaves these directories behind; cleaning up only the directories leaves the dpkg or rpm database claiming the software is still installed. This Worklet does both.

Scheduling this Worklet against the Linux endpoint group runs both halves of the cleanup on every host: apt-get purge or yum erase against the splashtop-streamer package so the dpkg or rpm database reflects reality, then rm -rf against /opt/splashtop-streamer, /var/log/splashtop*, /var/lib/splashtop*, and /etc/splashtop* so the log and configuration directories do not linger as a data-exposure problem. Production servers, developer workstations, and lab VMs land in the same clean state on the next agent check-in.

How Splashtop Streamer removal works on Linux

1. Evaluation phase: The script sets is_installed=false, then flips it to true if any of five checks succeed: command -v splashtop-streamer resolves, /opt/splashtop-streamer exists as a directory, /etc/init.d/splashtop-streamer exists as a file, dpkg -l | grep -qi splashtop returns a match, or rpm -qa | grep -qi splashtop returns a match. A detection exits 1 (non-compliant, remediate); a clean endpoint exits 0 (compliant, skip).

2. Remediation phase: The script stops the service via systemctl stop splashtop-streamer.service and service splashtop-streamer stop, runs /opt/splashtop-streamer/uninstall.sh -s when available, removes packages with apt-get remove --purge "splashtop*" plus apt-get autoremove on Debian/Ubuntu, iterates dpkg -r and dpkg --purge over any remaining splashtop entries, removes RPM packages through dnf, yum, zypper, or rpm -e depending on what is present, then rm -rf cleans /opt/splashtop-streamer, /etc/init.d/splashtop-streamer, /var/log/splashtop*, /var/lib/splashtop*, and /etc/splashtop*. A final check exits 0 on success or 1 if the binary or /opt directory survives.

Splashtop Streamer removal requirements

• Linux endpoint running Debian, Ubuntu, RHEL, CentOS, Rocky, Alma, Fedora, or SUSE with dpkg, rpm, or both available

• Root or sudo privileges for the Automox agent to stop services, remove packages, and delete files under /opt, /etc, /var/log, and /var/lib (the default agent context meets this)

• systemctl available on systemd hosts; the script falls back to the legacy service command when systemctl is missing

• Coordination with any active remote support sessions, because stopping splashtop-streamer.service immediately terminates inbound SRStreamer connections

• An approved replacement remote support tool already deployed if remote access to the endpoint is still required after removal

Expected state after Splashtop Streamer removal

After a successful remediation run, command -v splashtop-streamer returns nothing and exits non-zero, /opt/splashtop-streamer is gone, and /etc/init.d/splashtop-streamer no longer exists. On Debian and Ubuntu, dpkg -l | grep -i splashtop produces no output and dpkg-query -W -f='${Status}\n' splashtop-streamer reports no installed package. On RPM-based distributions, rpm -qa | grep -i splashtop returns empty. The directories /var/log/splashtop*, /var/lib/splashtop*, and /etc/splashtop* are removed, so session recordings and cached credentials no longer persist on disk.

Validate by running systemctl status splashtop-streamer.service and confirming Unit splashtop-streamer.service could not be found, then ss -tlnp | grep -E '6783|17990|17991' to confirm Splashtop ports are no longer in LISTEN. For audit evidence, capture the Automox activity log entry showing exit code 0 alongside a post-run dpkg -l splashtop-streamer or rpm -q splashtop-streamer call returning the not-installed message, and store both with the policy run identifier. Subsequent Automox evaluations report the endpoint compliant without re-running remediation, because none of the five detection checks return true on a clean host.