Windows - Software Lifecycle - Uninstall Splashtop Streamer

What the Splashtop Streamer uninstaller does

This Automox Worklet™ removes Splashtop Streamer from Windows endpoints by driving the vendor's own uninstaller. The Worklet scans the Windows registry for any installed Splashtop Streamer entry, identifies whether the install is MSI-based or EXE-based, and then runs the matching silent uninstall command. Both 32-bit and 64-bit installations on workstations and Windows Server hosts are covered in a single policy run.

Splashtop Streamer registers under HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall on native-bitness systems and under HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall on 64-bit Windows. The Worklet reads the DisplayName, UninstallString, and QuietUninstallString values from both hives, so the same script works regardless of which installer the original admin chose. The SRService background service that Splashtop installs alongside the streamer is stopped as part of the uninstall handoff so file handles do not block removal.

When the source install is an MSI, the Worklet invokes msiexec /x with the registered ProductCode plus /qn /norestart for a quiet, no-reboot exit. When the source install is an EXE, the Worklet runs the registered UninstallString (typically the bundled uninst.exe under C:\Program Files (x86)\Splashtop\Splashtop Remote\Streamer) with the /S silent switch. The Worklet treats exit codes 0, 1641, and 3010 as successful uninstall outcomes so a pending-reboot endpoint is not flagged as a failure.

Why remove Splashtop Streamer from your endpoints

Leaving a remote access agent installed after the team has switched vendors is one of the most common findings in a remote-access audit. Splashtop Streamer listens for inbound connections, runs the SRService service under LocalSystem, and keeps its own update channel open to streamer.splashtop.com. On endpoints that no longer need it, every one of those surfaces is dead weight: an extra service to patch, an extra credential set to rotate, and an extra path for a former contractor or stolen account to reach the desktop. Audit frameworks such as CIS Control 4 (Secure Configuration of Enterprise Assets) and NIST 800-53 CM-7 (Least Functionality) both expect unused remote access tooling to come off the build.

Scheduling this Worklet against the Windows group walks the Uninstall hive on every laptop, kiosk, and server, calls the registered UninstallString or msiexec /x silently against the Splashtop Streamer ProductCode, and then stops the SRService service before removing the install directory. One policy run produces the per-host evidence stream for CIS Control 4 (Secure Configuration of Enterprise Assets) and NIST 800-53 CM-7 (Least Functionality), so the audit closeout is a query against the activity log rather than a spreadsheet.

How Splashtop Streamer removal works

1. Evaluation phase: The Worklet enumerates HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall and HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall with Get-ChildItem and Get-ItemProperty, filtering on DisplayName -like "*Splashtop Streamer*". When a matching entry is found, the endpoint is flagged non-compliant and the UninstallString, QuietUninstallString, and ProductCode are captured for the remediation step. Endpoints with no matching entry exit clean and remediation is skipped.

2. Remediation phase: The Worklet stops the SRService service with Stop-Service so the uninstaller can release its file handles, then branches on installer type. MSI installs run msiexec /x {ProductCode} /qn /norestart. EXE installs run the registered UninstallString (typically "C:\Program Files (x86)\Splashtop\Splashtop Remote\Streamer\uninst.exe" /S). Exit codes 0, 1641, and 3010 are treated as success. A second registry sweep confirms the DisplayName is gone before the Worklet reports compliance.

Splashtop Streamer removal requirements

• Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, or Windows Server 2022

• PowerShell 5.1 or later (the Automox agent already meets this on supported Windows builds)

• Local administrator context for the Automox agent so it can read both registry hives and stop the SRService service

• Splashtop Streamer present on the endpoint (the Worklet exits clean and skips remediation when nothing is installed)

• No interactive Splashtop session in progress; queue the policy during a maintenance window if remote workers may be connected

Expected state after Splashtop Streamer removal

After the Worklet exits successfully, Splashtop Streamer is gone from the endpoint. The DisplayName disappears from both HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall and HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall. The SRService service no longer appears in services.msc or Get-Service SRService. The install directory under C:\Program Files (x86)\Splashtop\Splashtop Remote is removed by the vendor uninstaller, and any Splashtop entry in Settings > Apps > Installed apps is cleared.

To validate from a single endpoint, run Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*, HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Where-Object {$_.DisplayName -like "*Splashtop*"} in an elevated PowerShell session and confirm the output is empty. To validate at fleet scale, re-run the policy on the original target group. Endpoints already remediated come back compliant on the next evaluation because the registry sweep finds no Splashtop Streamer entry, and the activity log records the no-op outcome as evidence for the audit trail. Exit code 3010 is the normal signal that the endpoint will benefit from a reboot but is otherwise compliant, and exit code 1641 means the uninstaller has already initiated the reboot itself.