Windows - Software Lifecycle - Uninstall Sumo Logic Collector

What the Sumo Logic Uninstaller does

This Automox Worklet™ automatically detects and removes the Sumo Logic Collector agent from your Windows endpoints. The Worklet checks the Windows Registry for the presence of the Sumo Logic Collector application across both 32-bit and 64-bit registry locations.

When the application is found, the Worklet invokes the Sumo Logic uninstall executable with silent mode parameters to complete removal without user interaction. The process accommodates both x86 and x64 architectures on Windows Server and workstation endpoints.

If Sumo Logic Collector is not present, the endpoint is marked as compliant and the Worklet run ends successfully. This approach maintains accurate infrastructure inventory reflecting which endpoints have the data collection agent active.

Why remove Sumo Logic Collector from your endpoints

Organizations often need to consolidate their monitoring and logging infrastructure as requirements evolve. Removing Sumo Logic Collector from endpoints where monitoring is no longer needed reduces agent overhead, decreases endpoint resource consumption, and simplifies your system administration.

Using the Worklet instead of manual removal guarantees consistent uninstallation across your fleet. Manual removal can leave residual registry entries or configuration files that create inconsistency. The Worklet provides a standardized, repeatable process through Automox automation.

Automated removal also simplifies compliance reporting and endpoint state tracking. You can rapidly remove the agent from hundreds of endpoints simultaneously, keeping your environment clean and aligned with current monitoring policies.

How Sumo Logic Collector removal works

1. Evaluation phase: The Worklet queries the Windows Registry to detect the Sumo Logic Collector application. It checks both the native registry view and the 32-bit registry view (Wow6432Node) on 64-bit systems. If the application is found, the endpoint is flagged for remediation.

2. Remediation phase: The Worklet executes the Sumo Logic uninstall utility with silent parameters. It runs uninstall.exe located in the Sumo Logic installation directory with the "-console -q" options, preventing user prompts and completing the removal automatically.

Sumo Logic uninstallation requirements

• Windows Server 2016 or later, or Windows 10 and later on workstations

• Local administrator privileges required to access the Registry and execute the uninstall utility

• Sumo Logic Collector must be installed (application detection relies on Registry DisplayName matching)

• The uninstall.exe file must exist at the default installation path (C:\Program Files\Sumo Logic Collector or C:\Program Files (x86)\Sumo Logic Collector)

• Optional: Use the appName parameter if a custom display name is configured for the Sumo Logic installation

Expected state after Sumo Logic removal

After the Worklet completes successfully, the Sumo Logic Collector application will no longer appear in the Windows Add/Remove Programs list. The Registry entries for the application will be removed, and the installation directory can be deleted if no residual files remain.

The endpoint will no longer send data to the Sumo Logic cloud service, and monitoring from that Worklet perspective will cease. Subsequent Worklet runs will detect the application as absent and report the endpoint as compliant. If the uninstall process requires a system reboot, the Worklet handles the reboot gracefully and exits with the appropriate status code.

How to validate uninstall sumo logic collector changes

1. Run this Worklet on a pilot Windows endpoint and review evaluation output for uninstall sumo logic collector.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as Write-Output.

4. Validate remediation effects from script operations such as Uninstall-SumoLogic, Write-Verbose, Write-Error, then rerun evaluation for compliance.