Tamper protection and agent uninstallation

Kaseya MDR does not include a dedicated tamper protection feature that prevents local administrators from disabling or uninstalling the agent. Instead, Kaseya MDR relies on operating‑system permission controls to restrict agent removal or interference by non‑privileged users.

These controls are intended to prevent accidental or unauthorized actions by standard end users, while allowing legitimate administrative operations.

Installation and uninstallation controls

• Administrator privileges are required to install or uninstall the agent on all supported operating systems.

• Any user with local administrator rights can uninstall the agent.

• Standard (non‑administrator) users cannot uninstall the agent.

Windows‑specific behavior

On Windows systems:

• The agent appears in Control Panel > Programs > Programs and Features only when viewed by the administrative account that performed the installation.

• Standard (non-administrator) users cannot see or uninstall the agent through Programs and Features.

• The RocketAgent uninstaller executable located under C:\Program Files\RocketAgent:

  • Is visible to all users

  • Can be executed only by users with administrative privileges

  • Cannot be successfully run by standard users

Users with local administrator rights can also stop or disable the RocketAgent service. If the agent is stopped or uninstalled, it stops checking in and visibility is lost until the agent is restarted or reinstalled.

Scope and limitations

These controls ensure that:

• Standard users cannot uninstall or remove the agent.

• Agent removal requires explicit local administrative access.

• Accidental or casual removal by end users is prevented.

The platform does not prevent a local administrator (legitimate or compromised) from stopping, disabling, or uninstalling the agent, and does not claim hardened tamper resistance against privileged users.

IMPORTANT  Kaseya MDR relies on administrative trust boundaries, not hardened anti‑tamper mechanisms, to protect agent integrity. Organizations concerned about hostile administrator scenarios or advanced threat actors should manage local administrator access accordingly and monitor for agent removal or service stoppage events as part of their security operations.

Related articles

• Deploying the agent: Deploy the agent at scale using RMM tools, GPO, or other automation methods

• Configuring the agent for VDI environments: Configure agent registration behavior for non‑persistent or image‑based virtual desktops

• Uninstalling the agent: Remove the agent from endpoints when decommissioning systems or ending MDR coverage