Remove HP bloatware

@erottier - I have made some changes. HP Wolf Security was there already on this list but I could not get it to work with these commands.

EDIT: I should try to run this with System permissions and test it out.

Note that you have to reboot after installing it. Maybe that's your issue? It works fine on my end.

Author

Will give it a try next time I come across a machine. Added a section to reboot.

Will give it a try next time I come across a machine. Added a section to reboot.

Nice!
BTW, I have it running successfully on more then 60 machines now.

Wouldn't it be easier to set a $Failed boolean to $True if something failed to install and 'reboot' if the value is true? Or perhaps both systems to be sure?

Author

Sweet! Thank you for trying it out. I will look at what I can do regarding the other features. So just to confirm - all Wolf Security stuff has been removed with the existing code?

Sweet! Thank you for trying it out. I will look at what I can do regarding the other features. So just to confirm - all Wolf Security stuff has been removed with the existing code?

NP, and yes! :D

And if you STILL (wink) don't believe me that your code works: (note that I show the value of all 3 arrays and paused the window for my benefit)

Only problem I ran into is the uninstalls don't seem to be silent. I got a pop-up on Support Assistant uninstall asking if I wanted to keep data, and I also got the web page pop-up asking why it was uninstalled.

Is there a way to silent uninstall the programs in the list? Sorry for such a silly question, lol.

Author

@VexedViper - it seems there might be a specialized uninstallation code required, instead of the generic code that is used here. I might not be able to help with that.

Thank you for a very useful tool.

Care must be taken to remove exclusions inserted in Windows Defender by "HP Wolf Security": these exclusions are NOT removed by the uninstall process. In fact, they are greyed out in the exclusion lists and cannot be removed manually.

After six hours of googling around, I finally found this article on the exclusions added by HP’s bloatware :

"Configure Exclusions and Whitelisting for Third-Party Security Software (bromium.com)" (https://support.bromium.com/s/article/Bromium-and-Third-Party-Software-Interoperability-Guide)

Sure enough, section 1 of this article lists all the files and folder exclusions that we can see in Windows Defender Settings but can’t remove after this “HP Wolf Security” is uninstalled.

Section 2.1 list the executable responsible for adding these exclusions and has this bit of warning “When installed, Sure Click Enterprise will automatically attempt to add exclusions for the following files and directories into Windows Defender…”

It also refers to another article "Controller Management Action: Sure Click Enterprise has not been added to the Windows Defender exclusions (bromium.com)" (https://support.bromium.com/s/article/Controller-Management-Action-Bromium-has-not-been-added-to-the-Windows-Defender-exclusions) where you can learn this executable modifies a Microsoft group policy.

When uninstalling this “HP Wolf Security” software from a freshly installed HP PC, these directories
c:\Program Files\HP
C:\ProgramData\Bromium
C:\Users\Usager\AppData\Local\Bromium
C:\Users\Usager\AppData\LocalLow\Bromium
are left unprotected because the setting s modified by “Br-uxendm.exe” are not undone: this was not part of the “installation” procedure and it not part of the uninstall. (The situation is much worst than that: about 39 executables can be impersonated and there are “Bromium” directories for each user on the workstation…)

The Bromium utility responsible for this mess is “Br-uxendm.exe”: its actual strategy depend on the antivirus program in use. In the case at hand, only Windows Defender is running immediately before this “HP Wolf Security” is installed.

As a temporary bypass, all HP software related to “Wolf” must be uninstalled first. Next, the Windows Defender exclusion parameters are disabled in local group policy. Finally the PC must be restarted.

Total: 9 hours wasted on this issue because HP can’t “get it right”. You can pass this along the food chain: every time you push a customer out of the door, there are no further sales …

Conclusion: use GPEDIT to disable the local policy:

• Local Computer Policy
  • Computer Configuration
    • Administrative Templates
      • Windows Components
        • Microsoft Defender Antivirus
          • Exclusions
            • disable the path and process lists.

GPEDIT applies these policies even if the "path and process lists" appear as "Not Configured".

Regards,

@SergeCaron I too have this issue. In my case, these orphaned Defender exclusions like yours are set in local GPO as 'not configured', however I also found them in the registry, and once removed from the registry, this in turn removed them from Defender, so the issue was solved. In case anyone else was looking for a solution.

Hi @mark05e,

First of all, I've only started using a Github account today so I'm not sure I'm doing everything the correct way.

I have modified your script a little bit. I have written the script so it can be packaged as a Win32 app and be deployed as a Windows app during Autopilot. I've changed the error handling and added a module to write to a log file (this still needs some finetuning).

On my test devices there were still some issues removing HP Connection Optimizer, HP Support Assistant (silently) and HP Wolf.
I've included some extra steps to try and remove those apps if the other attempts fail.

I also added some Windows apps to be removed to the list.

You can find the script here:
https://github.com/JoachimBerghmans/Powershell/blob/main/Autopilot/Remove-Bloatware.ps1

Author

@JoachimBerghmans thank you for sharing your code and the effort put into the enhancements. I used to work at an MSP when I made this and now I do not anymore. Happy that you have found it useful and that you have shared your changes.

From my understanding of the situation, HP regularly makes new additions to their bloatware and the script changes need to be kept up inorder to meet those changes.

Thank you @JoachimBerghmans script works like clockwork with Intune!

Also battling this currently. Thank you @mark05e and @JoachimBerghmans for these scripts. Very helpful.

@Bosse-smartsys Which way did you get it to work via Intune? I packaged with the Intune tool and deployed as a win32 application but it fails after I sync the machine.

@josephkray It works fine for me in Intune too. No need to deploy as Win32, just run it as a standard script to your clients through intune. These are the settings that worked for me:

PowerShell script - Remove-HPbloatware.ps1
Run this script using the logged on credentials - No
Enforce script signature check - No
Run script in 64 bit PowerShell Host - Yes

If you are not sure how to use powershell scripts in Intune, have a quick look at this documentation, it's pretty straight forward.
https://docs.microsoft.com/en-us/mem/intune/apps/intune-management-extension

Thank you @custa19 , just implemented your way of doing it vs doing the package and it worked perfectly.

Thanks a lot mate

Please add to $UninstallPackages: "AD2F1837.HPQuickTouch"

Add to $UninstallPrograms: "HP Sure Click Security Browser"

$InstalledPrograms += Get-Package | Where {$_.Name.Contains("HP Wolf Security")} # also uninstall programs like "HP Wolf Security Application Support for Chrome x.y.z.z"

$InstalledPrograms += Get-Package | Where {$_.Name.Contains("HP Wolf Security")} # also uninstall programs like "HP Wolf Security Application Support for Chrome x.y.z.z"

When I add this, I get the following:
Method invocation failed because [Microsoft.PackageManagement.Packaging.SoftwareIdentity] does not contain a method named 'op_Addition'.
At line:1 char:1

• $InstalledPrograms += Get-Package | Where {$_.Name.Contains("HP Wolf ...

•   + CategoryInfo          : InvalidOperation: (op_Addition:String) [], RuntimeException
    + FullyQualifiedErrorId : MethodNotFound
  
  

$InstalledPrograms += Get-Package | Where {$_.Name.Contains("HP Wolf Security")} # also uninstall programs like "HP Wolf Security Application Support for Chrome x.y.z.z"

When I add this, I get the following: Method invocation failed because [Microsoft.PackageManagement.Packaging.SoftwareIdentity] does not contain a method named 'op_Addition'. At line:1 char:1

• $InstalledPrograms += Get-Package | Where {$_.Name.Contains("HP Wolf ...

•   + CategoryInfo          : InvalidOperation: (op_Addition:String) [], RuntimeException
    + FullyQualifiedErrorId : MethodNotFound
  

I am now using:
$InstalledPrograms = Get-Package | Where {($UninstallPrograms -contains $_.Name) -or ($_.Name.Contains("HP Wolf Security"))}

seems to work.

The error can happen when the number of items is only 1. Your solution would be better.

Author

Write-LogEntry: Remove-HPbloatware.ps1:113
Line |
 113 |      Write-LogEntry -Value  "Failed to uninstall HP Wolf Security usin …
     |      ~~~~~~~~~~~~~~
     | The term 'Write-LogEntry' is not recognized as a name of a cmdlet, function, script file, or
     | executable program. Check the spelling of the name, or if a path was included, verify that the path is
     | correct and try again.

Write-LogEntry: Remove-HPbloatware.ps1:122
Line |
 122 |      Write-LogEntry -Value  "Failed to uninstall HP Wolf Security 2 us …
     |      ~~~~~~~~~~~~~~
     | The term 'Write-LogEntry' is not recognized as a name of a cmdlet, function, script file, or
     | executable program. Check the spelling of the name, or if a path was included, verify that the path is
     | correct and try again.

Author

@azumukupoe - Thank You. This has been fixed.

FYI; HP is hiding these in drivers from windows update now.

I use this script with a Pro-Active Remediation on Intune to uninstall HP Bloatwares but got recurred runs.
Tried to uninstall HP Wolf Security but constantly got message "Fallback to MSI uninistall for HP Wolf Security initiated" and applications didn't uninstalled.

(This is the list of installed HP programs after the script run)

Modified the script on my side to disable the "Fallback attempts" parts and modified the "Remove installed programs" part to add a MSI uninstallation attempt instead of a raw GUID.
First, i've added "HP Wolf Security - Console" to the programs list to uninstall.

# List of programs to uninstall
$UninstallPrograms = @(
    "HP Client Security Manager"
    "HP Connection Optimizer"
    "HP Documentation"
    "HP MAC Address Manager"
    "HP Notifications"
    "HP Security Update Service"
    "HP System Default Settings"
    "HP Sure Click"
    "HP Sure Click Security Browser"
    "HP Sure Run"
    "HP Sure Recover"
    "HP Sure Sense"
    "HP Sure Sense Installer"
    "HP Wolf Security"
    "HP Wolf Security - Console"
    "HP Wolf Security Application Support for Sure Sense"
    "HP Wolf Security Application Support for Windows"
)

Then modified the script. Below you can find the modified part.
I validated the command lines manually but didn't validate the script for now.

# Remove installed programs
$InstalledPrograms | ForEach-Object {

    Write-Host -Object "Attempting to uninstall: [$($_.Name)]..."

    Try {
        $Null = $_ | Uninstall-Package -AllVersions -Force -ErrorAction Stop
        Write-Host -Object "Successfully uninstalled: [$($_.Name)]"
    }
    Catch {
		Write-Warning -Message "Failed to uninstall: [$($_.Name)]"
		Write-Host -Object "Attempting to uninstall MSI package: [$($_.Name)]..."
		Try {
			$product = Get-WmiObject win32_product | where { $_.name -like "$($_.Name)" }
			if ($_ -ne $null) {
				msiexec /x $product.IdentifyingNumber /quiet /noreboot
			}
			else { Write-Warning -Message "Can't find MSI package: [$($_.Name)]" }
		}
		Catch { Write-Warning -Message "Failed to uninstall MSI package: [$($_.Name)]" }
	}
}

Finally, the script indicate he have uninstalled "HP Documentation" but still present on computer. Didn't succeed to uninstall it with msiexec. I will search again when i got some time.

Author

  	$product = Get-WmiObject win32_product | where { $_.name -like "$($_.Name)" }

@CasperStekelenburg Do you know of an alternative to this? The first few results when I search on how to uninstall MSI, includes Get-WmiObject -Class Win32_Product

EDIT: I have added the changes here. If anyone can test this and provide feedback, that would be appreciated.

Remove-HPbloatware-beta.ps1

I'd try searching the registry for the uninstallstring or IdentifyingNumber.
I'd search in "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" or "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall"

I seem to have problems to reinstall "HP Support assistant" after running the script. "There was an unknown error -2"