Uninstalling Forefront from Server Core

The best way to uninstall any program from Server Core, is to go into the registry to HKLM\software\Microsoft\Windows\CurrentVersion\Uninstall .  In there, you will see GUID for the various programs that are installed.  If you select the GUID and look at the right had side you will see some good information:



One of the REG_EXPAND_SZ values on the right is the UninstallString.  If you copy that value and paste it into the command line, it will politely ask:  Are you sure you want to uninstall this product?  If you are sure you want to uninstall it, go ahead and hit Ok.

If you want to get rid of both pieces of Forefront ( the Security State Assessment Service, and the Client Security Antimalware Service) you will need to find both registry keys and run both uninstalls.  There is a catch though…  the Client Security Antimalware Service has a value that looks like this: MsiExec.exe /I{436028CD-6476-4224-9274-8F0320F30FD1}.  To get it to uninstall, you need to change the /I to /X like this MsiExec.exe /X{436028CD-6476-4224-9274-8F0320F30FD1}.


  1. I found these strings under HKLM\software\Microsoft\Windows\CurrentVersion\Uninstall, by the way, not the location noted above, but otherwise, these instructions worked beautifully. Thank you!

    1. Thanks for catching that. I updated the post to correctly reflect the path. That is what I get for typing it out instead of copying and pasting.

Leave a Reply