Removing the application

You can remove Kaspersky Security fully or remove just one of the application components (File Threat Protection or Network Threat Protection).

If you want to fully remove Kaspersky Security, you must perform the following actions:

1. Remove both Kaspersky Security components (File Threat Protection and Network Threat Protection) from the virtual infrastructure.
2. Unregister both Kaspersky Security services in VMware NSX Manager.

   Kaspersky Security services can be unregistered in the Integration Server Console. The Integration Server (Kaspersky Service Manager) will also be unregistered in VMware NSX Manager.

3. Remove the Kaspersky Security administration plug-in and Integration Server.
4. If you are using the application in multitenancy mode, you need to also remove the Kaspersky Security administration plug-in for tenants and virtual Administration Servers of Kaspersky Security Center that were created to manage the protection of virtual machines of tenants.

   For details on removing virtual Administration Servers, please refer to the Kaspersky Security Center documentation.

If you want to remove one of the Kaspersky Security components, you must perform the following actions:

1. Remove the Kaspersky Security component (File Threat Protection or Network Threat Protection) from the virtual infrastructure.
2. In VMware NSX Manager, unregister the Kaspersky Security service corresponding to the removed component (Kaspersky File Antimalware Protection or Kaspersky Network Protection).

When an SVM with the File Threat Protection component is removed, the copies of files that were placed in Backup on the SVM are automatically deleted. If the use of network data storage was enabled for an SVM, backup copies of files from this SVM are saved in a separate folder in the network data storage.

After removal of the File Threat Protection and Network Threat Protection components, SVMs continue to be displayed in the Kaspersky Security Center Administration Console. When the period specified in the Kaspersky Security Center settings elapses (see the Kaspersky Security Center documentation), the SVMs are automatically removed from the Administration Console. You can manually remove SVMs from the Kaspersky Security Center Administration Console right after the completion of the application removal procedure.

Until SVMs have been removed from the Kaspersky Security Center Administration Console, the events generated by these SVMs are saved in Kaspersky Security Center and displayed in the Kaspersky Security Center reports and event log.

The list of backup copies of files placed in Backup on SVMs with the File Threat Protection component is also saved in Kaspersky Security Center, but no operations can be performed on the backup copies of files.

Removing the Kaspersky Security components in VMware virtual infrastructure

To remove the File Threat Protection component in a VMware virtual infrastructure, you must perform the following actions:

1. Remove all SVMs with the File Threat Protection component on VMware clusters.

   SVMs are removed by removing the file system protection service (Kaspersky File Antimalware Protection) deployed on VMware clusters.

   Removal is performed in the VMware vSphere Web Client console (in the Networking & Security → Installation and Upgrade section on the Service Deployments tab). In the list of deployed network services and protection services for virtual machines, you must remove the Kaspersky File Antimalware Protection service deployed on the clusters from which you want to remove the SVMs (for details, please refer to the Knowledge Base).

2. Remove the NSX Security Policy that is configured to use the file system protection service (Kaspersky File Antimalware Protection).

   Deletion of an NSX Security Policy is performed in the VMware vSphere Web Client console (in the Networking & Security → Service Composer section on the Security Policies tab). You must perform the following action for the selected policy: Actions → Delete.

   You can also delete the NSX Security Group that includes the protected virtual machines.

   Deletion of an NSX Security Group is performed in the VMware vSphere Web Client console (in the Networking & Security → Service Composer section on the Security Groups tab).

   For details about deleting an NSX Security Policy or NSX Security Group, please refer to the Knowledge Base.

To remove the Network Threat Protection component in a VMware virtual infrastructure, you must perform the following actions:

1. Remove all SVMs with the Network Threat Protection component on VMware clusters.

   SVMs are removed by removing the network protection service (Kaspersky Network Protection) deployed on VMware clusters.

   Removal is performed in the VMware vSphere Web Client console (in the Networking & Security → Installation and Upgrade section on the Service Deployments tab). In the list of deployed network services and protection services for virtual machines, you must remove the Kaspersky Network Protection service deployed on the clusters from which you want to remove the SVMs (for details, please refer to the Knowledge Base).

2. Remove the NSX Security Policy that is configured to use the network protection service (Kaspersky Network Protection).

   Deletion of an NSX Security Policy is performed in the VMware vSphere Web Client console (in the Networking & Security → Service Composer section on the Security Policies tab). You must perform the following action for the selected policy: Actions → Delete.

   You can also delete the NSX Security Group that includes the protected virtual machines.

   Deletion of an NSX Security Group is performed in the VMware vSphere Web Client console (in the Networking & Security → Service Composer section on the Security Groups tab).

   For details about deleting an NSX Security Policy or NSX Security Group, please refer to the Knowledge Base.

Unregistering Kaspersky Security services and the Integration Server

You can unregister a Kaspersky Security service only if all SVMs have been removed from the VMware clusters and the service is not being used in NSX Security Policies.

To unregister Kaspersky Security services in VMware NSX Manager:

1. Start the Integration Server Console.

   The Virtual infrastructure protection section opens.

2. In the list, select the VMware vCenter Server and expand the list of available actions by clicking the address or name of the VMware vCenter Server in the Address column.
3. In the Manage protection section, select Unregister Kaspersky Security services.
4. In the window that opens, do one of the following:
   • If you remove the File Threat Protection component, select the Kaspersky File Antimalware Protection check box.
   • If you remove the Network Threat Protection component, select the Kaspersky Network Protection check box.
   • If you fully remove the application, select both check boxes. In VMware NSX Manager, both Kaspersky Security services will be unregistered as well as the Integration Server (Kaspersky Service Manager).

   If one of the Kaspersky Security services has already been unregistered, the check box is unavailable.

5. Click OK.

If unregistration of Kaspersky Security services and Integration Server ends with an error, you can manually unregister services and Integration Server in the VMware vSphere Web Client console (for details, please refer to the Knowledge Base).

Removing the Kaspersky Security main administration plug-in and Integration Server

You can remove the Kaspersky Security main administration plug-in, Integration Server, and the Integration Server Console by using one of the following methods:

• In interactive mode using the operating system's standard tools for removing programs. In the applications list, select Kaspersky Security for Virtualization 6.0 Agentless – management components for removal. The wizard is used to perform removal.
• In silent mode via the command line. You must type the following command in the command line:

  ksv-components_6.0.0.XXX_mlg.exe -q -uninstall

  where 6.0.0.XXX is the number of the application version.

While removing Integration Server using the wizard, you can save the following data used in the operation of the Integration Server:

• The SSL certificate used to establish a secure connection to the Integration Server
• Data saved by the Integration Server during operation
• Trace files of the Integration Server and Integration Server Console

If you want to save the specified data, click the Save button in the window prompting you to save data. The saved data and settings are automatically used when you install the Integration Server again.

Removing the Kaspersky Security administration plug-in for tenants

You can remove the Kaspersky Security administration plug-in for tenants in one of the following ways:

• In interactive mode using the operating system's standard tools for removing programs.

  In the applications list, select Kaspersky Security for Virtualization 6.0 Agentless (for tenants) – administration plug-in for removal. The wizard is used to perform removal.

• In silent mode via the command line. You must type the following command in the command line:

  ksv-t-components_6.0.0.XXX_mlg.exe -q -uninstall

  where 6.0.0.XXX is the number of the application version.