Uninstall the Security Center agent from a server-Security Center(Security Center)-阿里云帮助中心

Uninstallation notes

Agent uninstallation impacts

Uninstalling the agent is irreversible and results in the following:
- Loss of security protection: The server loses all Security Center protection, including vulnerability detection, baseline checks, web tamper proofing, anti-ransomware, virus scanning, intrusion prevention, and container security.
- Interruption of data collection: Security log collection on the server stops, and related log delivery tasks fail.
- Loss of historical data: Historical alerts, quarantined files, and related configurations for the server in Security Center are permanently deleted and cannot be recovered, even after reinstalling the agent.
Asset record handling

After uninstallation, the server's asset record remains in the console. For non-Alibaba Cloud servers, unbind the server to delete its record and release the quota. Change the protection status of a server.

Choose a method

Item	Console uninstallation	Command-line uninstallation
Use cases	Agent is online. Suitable for quick, one-time manual uninstallation.	Agent is offline, or you need batch or automated uninstallation using scripts.
Prerequisites	The agent must be online to receive and execute the uninstallation command.	Administrator permissions on the server (root for Linux, Administrator for Windows). In the console, disable Malicious Host Behavior Prevention and Agent Protection for the server.
Platform	All operations are performed in the Security Center console.	Requires operations in the Security Center console and on the target server.
Features	Simple and fast; no server login required.	Supports offline and automated scenarios.

Uninstall the agent

Uninstall the agent in the console

The simplest method. Requires the agent to be Online to receive and execute the uninstallation command.

Log on to the Security Center console.

Access the Security Center console - System Settings - Feature Settings. In the upper-left corner of the page, select the region where the assets to be protected are located: Chinese Mainland or Outside Chinese Mainland.
On the Agent tab, click the Uninstall tab.
In the server list, find the server where you want to uninstall the agent, and click Uninstall in the Actions column.
In the confirmation dialog box, click OK.

Important
The agent status changes to Offline after the command executes, typically within minutes but up to 3 hours.

Uninstall the agent using a command

If the agent is offline or you need automated uninstallation, log on to the server and run the uninstallation command.

Disable protection and self-protection: The agent's self-protection blocks uninstallation. Disable Malicious Host Behavior Prevention and Agent Protection in the console before proceeding.
1. Access the Security Center console - Asset Center - Host Assets. In the upper-left corner of the page, select the region where the assets to be protected are located: Chinese Mainland or Outside Chinese Mainland.
2. On the Server tab, click the name of the target server to view its details page.
3. On the Basic Information tab of the details page, in the Defense Status section, turn off Agent Protection and Malicious Host Behavior Prevention.
Run the uninstallation command
Linux
1. Log on to the Linux server as the root user.
2. Run the command that corresponds to your server type.
  
  Note
  The uninstall.sh script stops the Aegis agent service, removes files from /usr/local/aegis, and deletes startup items.
  - Alibaba Cloud ECS
    wget "http://update2.aegis.aliyun.com/download/uninstall.sh" && chmod +x uninstall.sh && ./uninstall.sh
  - Servers not on Alibaba Cloud (data centers or other cloud providers)
    wget "http://update.aegis.aliyun.com/download/uninstall.sh" && chmod +x uninstall.sh && ./uninstall.sh
Windows
1. Download the uninstall.bat script.
  
  Download URL: https://update.aegis.aliyun.com/download/uninstall.bat.
2. Copy the downloaded uninstall.bat to the target Windows server.
3. On the server, right-click the uninstall.bat file and select Run as administrator.
  
  Note
  The script runs automatically and the window closes after the uninstallation is complete.

Verify the uninstallation

Log on to the server to confirm the agent is fully removed.

Linux

Run the following command. If the agent is fully removed, no output is returned.

# Check for core processes (AlibabaSecurityAegisDetect, AlibabaSecurityAegisMonitor, AlibabaSecurityAegisUpdate)
ps -ef | grep -E 'AlibabaSecurityAegisDetect|AlibabaSecurityAegisMonitor|AlibabaSecurityAegisUpdate'

Windows

Open the Services Manager by running services.msc. Confirm that the Alibaba Security Aegis Detect Service and Alibaba Security Aegis Update Service services are no longer in the service list.

Troubleshooting

Insufficient permissions: Run the script with root (Linux) or administrator (Windows) privileges.
Self-protection not disabled: Check whether the Malicious Host Behavior Prevention and Agent Protection switches are turned off in the Security Center console.
Network issues: If wget fails, check the server's network connection or DNS settings. Alternatively, download the script on another machine and upload it to the server.

Reinstall the agent

To reinstall the agent, follow the instructions in Install the agent.

Important

A 24-hour cool-down period is enforced after uninstallation to protect backend service stability. If you reinstall the agent during this period, the cloud policy automatically uninstalls it.

FAQ

Does uninstalling the agent stop Security Center billing?

No. Agent uninstallation only removes the program from the server and does not affect Security Center billing.
After uninstalling the agent, why is the asset record still in the asset list in the console?

Uninstallation only removes the agent program. The asset record is retained for auditing and traceability.
- For Alibaba Cloud ECS instances, the asset record is tied to the lifecycle of the ECS instance. The asset record is retained as long as the ECS instance exists.
- For non-Alibaba Cloud servers, the status changes to Offline after uninstallation. To remove the record and release the quota, unbind the asset. Change the protection status of a server.
Do I need to restart the server after uninstalling the agent?

No. The script stops services and removes files immediately. No restart is needed.