Improvements to Kolide Device Removal

Previously, when you removed a device from Kolide, if the agent was still installed on the device, it would immediately re-enroll. Not great.

To solve this in our legacy product, we introduced the concept of a Device Tombstone to prevent this re-enrollment. Unfortunately, these tombstones were yet another thing we asked administrators to manage. If you forgot they existed for a specific device and you tried to re-install the package, the device wouldn’t show up. Also not great.

Starting today, when an administrator removes a device from Kolide, we will send a signal to our agent which will prevent it from re-enrolling. Specifically, this signal will:

• Wipe the agent’s local database and any secrets.
• Remove the agent from the operating system’s auto-start list.
• Stop the agent’s current process.

These actions are explicitly designed to prevent the device from immediately re-enrolling, while also limiting the amount of destructive actions required to obtain that outcome. If you want to fully remove all traces of the Kolide agent, you can follow the instructions outlined in our documentation.

Once the agent is disabled in this manner, if you’d like to re-enroll, simply re-install the Kolide agent package.

Over the last year, we have been investing heavily in our agent’s development. This is just one example of a simple and common sense feature that was only possible through this continuous investment.

Enjoy!