ITAM / Endpoint Agent
Uninstall & Revoke
Remove the agent from an endpoint and revoke server credentials so it cannot reconnect.
Real-world scenario
Carlos Reyes · IT Admin at Bluewave Labs
Sophie Park leaves Bluewave Labs. Carlos uninstalls the agent from her MacBook and revokes credentials so the device record shows no active agent.
Before you begin
- Shell access on the endpoint (or user cooperation)
- Permission to revoke agents in WorkVerge
Overview
Uninstalling is a two-step process: remove software from the laptop, then revoke the agent credential in WorkVerge. Revoking alone does not remove local files; uninstalling alone leaves a revocable JWT on disk until credentials are cleared.
Step-by-step
- 1
Run uninstall on the endpoint first
Stop the service and remove agent binaries. Use the uninstall script or workverge-agentctl uninstall so launchd/systemd entries are cleaned up.
- 2
Revoke credentials in WorkVerge
From Agent Discovery uninstall guide or the device Health tab, revoke the agent on the server so the old JWT cannot reconnect.
- 3
Revoke enrollment tokens if needed
If the machine should never enroll again with the same token, revoke unused tokens under My Organization → Configuration.
Uninstall commands
macOS / Linux (curl)
curl -fsSL https://workverge.bluewavelabs.io/api/atx/v1/agent/uninstall.sh | bash
macOS / Linux (agentctl)
workverge-agentctl uninstall # Keep saved profiles for re-install on another environment: workverge-agentctl uninstall --keep-profiles
Windows
irm https://workverge.bluewavelabs.io/api/atx/v1/agent/uninstall.ps1 | iex
Uninstall guide in UI
In Agent Discovery or the device drawer, open Uninstall guide. The modal shows platform-specific commands, an optional Update without uninstalling one-liner, and a checkbox to Also revoke agent credentials on the server when you close the modal.
Device record remains
Related articles