This article describes the reason why no registration password is asked to uninstall Linux collector in application mode.
Scope
FortiEDR and Linux Collector.
Solution
A registration password is normally required to uninstall FortiEDR Linux collector from endpoints.
However, if Linux collector runs application (user-space) mode only, a registration password is not required to uninstall a collector. Because there is no hardening in user-space collector.
To check if the Linux collector runs application (user-space) mode only, please run the command below:
# /opt/FortiEDRCollector/control.sh –status FortiEDR Service: Up FortiEDR Driver: Down FortiEDR Status: Running
In this example, this collector runs application (user-space) mode only and does not require a registration password for uninstallation.
To check the operation modes of Linux collector, visit the following link:
