A Complete Guide to Uninstalling Fortinet Security Agents from Windows and macOS

December 23, 2025.

As organizations update their cybersecurity tools or transition between security platforms, properly removing existing security agents becomes a crucial task. Fortinet's security ecosystem includes several agent-based products, each with its own uninstallation procedure. This guide consolidates official documentation for removing FortiDLP, FortiMonitor, and Fortinet Privileged Access agents from both Windows and macOS systems.

Understanding the Fortinet Agent Ecosystem

Fortinet deploys various endpoint agents for different security functions. The FortiDLP Agent prevents data loss by monitoring and controlling data transfers. The FortiMonitor Agent provides system monitoring and performance metrics. The Fortinet Privileged Access Agent (often associated with FortiPAM) manages privileged credential access. While related, each has distinct removal procedures documented across Fortinet's technical resources.

Uninstalling FortiDLP Agent from Windows

According to Fortinet's official documentation, removing the FortiDLP Agent from Windows follows a standardized process with important prerequisites and security considerations.

Prerequisites and Preparation

Before uninstalling the FortiDLP Agent, you must remove all optional components installed through third-party tools. This includes any externally managed FortiDLP Browser Extensions and the FortiDLP Email Add-in if deployed via Microsoft 365 admin center. The email add-in should be removed at least 24 hours before agent uninstallation to ensure proper cleanup.

Step-by-Step Removal Process

1. Navigate to Settings > Apps & features
2. Locate "FortiDLP Agent" in the applications list
3. Click Uninstall, then confirm by clicking Uninstall again
4. If prompted for a password, enter the uninstall password
5. Click OK in the FortiDLP Agent dialog box
6. Approve the User Account Control prompt by clicking Yes
7. Restart the device to complete removal

Important Security Note: For tenants created after November 4, 2025, password protection is enforced by default through the "base configuration" Agent configuration group. You can find this password by editing your base configuration group in the FortiDLP Console and clicking the icon next to "Password-protected Agent uninstallation."

An alternative method involves double-clicking the original MSI installation package and selecting "Remove," though this approach isn't supported when password protection is enabled.

Uninstalling FortiDLP Agent from macOS

The macOS removal process differs significantly from Windows, utilizing a dedicated accessory bundle containing uninstallation scripts.

Using the Accessory Bundle

Fortinet provides a macOS accessory bundle that simplifies removal of both the FortiDLP Agent and browser extensions. You can obtain this bundle through two methods:

• Download from FortiDLP Console: Navigate to Agents > Agent deployment tab > Installers section. Select macOS as the operating system, choose your agent version, select "Accessory bundle" from the Artifact menu, and download.
• Access locally on device: The bundle is also available at /Library/Application Support/Ava/Reveal/ on already-installed systems.

Command Line Uninstallation

After extracting the downloaded ZIP file (which creates an agent-accessory directory in Downloads), follow these steps:

# Navigate to the accessory directory cd [path-to-agent-accessory-directory]  # Remove Agent and browser extension (preserves configuration) sudo ./uninstall  # Or remove Agent, browser extension, AND configuration data sudo ./uninstall -c 

After running the appropriate command and entering the administrator password when prompted, restart the device to complete the process.

Browser Extension-Specific Removal

If you only need to remove the FortiDLP Browser Extension from macOS:

1. Go to Apple menu > System Preferences > Profiles
2. Select the installed FortiDLP profile
3. Click Remove
4. Repeat for each installed FortiDLP profile
5. Restart the device

Note that the Safari extension requires manual deletion or removal via an MDM provider, while extensions for Arc, Brave, Firefox, Google Chrome, Microsoft Edge, and Vivaldi are handled through the above methods.

Removing FortiMonitor Agent

The FortiMonitor Agent removal varies by operating system and deployment method.

Windows Uninstallation

For Windows systems, FortiMonitor provides multiple removal approaches:

• Using uninstall file: Execute uninstall.exe from the FortiMonitor Agent installation directory
• Command Line: Run uninstall.exe -q for quiet uninstallation
• Control Panel: Use Programs and Features like standard application removal

macOS Uninstallation

On macOS systems, you have two primary options:

• Terminal command: Execute /opt/fortimonitor/bin/fortimonitor-uninstall.sh
• Uninstall script: Run the provided uninstall script from the installation package

For both operating systems, Fortinet recommends deploying the uninstall file through your deployment tool for enterprise-scale removals, followed by a system restart to complete the process.

Managing Browser Extensions

FortiDLP Browser Extension on Windows

Removing the FortiDLP Browser Extension from Windows requires manual intervention:

1. Delete extension folders from:
   • C:\Program Files\Fortinet\FortiDLP\
   • C:\Program Files (x86)\Fortinet\FortiDLP\
2. Remove registry entries from:
   • HKEY_LOCAL_MACHINE\SOFTWARE\Fortinet\FortiDLP\
3. Restart the system to complete removal

Administrator privileges are required for this process, as it involves system-level directories and registry modifications.

Fortinet Privileged Access Agent

The Fortinet Privileged Access Agent (FortiPAM extension) functions as a browser extension for Chrome and Edge. According to the Chrome Web Store documentation, this extension "enables the automatic filling-in of FortiPAM usernames and passwords for critical accounts" and supports "video recording of FortiPAM user activity during web browsing sessions."

To remove this extension:

• Google Chrome: Navigate to chrome://extensions/, locate "Fortinet Privileged Access Agent," and click Remove
• Microsoft Edge: Go to edge://extensions/, find the extension, and remove it

The extension's privacy documentation states it handles user activity data but does not sell this data to third parties or use it for creditworthiness determinations.

Key Considerations for Enterprise Deployment

When planning large-scale agent removal across an organization, consider these critical factors:

1. Uninstall passwords: Newer FortiDLP deployments default to password-protected uninstallation
2. Component dependencies: Remove browser extensions and email add-ins before the main agent
3. Restart requirements: Most removal processes require a system restart to complete
4. Configuration preservation: The macOS -c flag determines whether configuration data is preserved
5. Deployment tools: Enterprise removal should leverage existing management tools (MDM, etc.)

Frequently Asked Questions

Do I always need administrator rights to remove Fortinet agents?

Yes, administrator privileges are consistently required across all Fortinet agent removal processes. This security measure prevents unauthorized removal of security software.

Can I remove Fortinet agents without restarting my computer?

No, Fortinet documentation explicitly requires a system restart after uninstalling any of their agents to ensure complete removal of drivers and system components.

What's the difference between the standard and -c flag uninstall on macOS?

The standard sudo ./uninstall removes the agent and browser extension while preserving configuration data. The sudo ./uninstall -c command removes everything including configuration data, which is preferable when decommissioning a device or performing a clean reinstall.

How do I find the uninstall password for FortiDLP Agent?

Access your FortiDLP Console, edit the "base configuration" Agent configuration group, and click the icon corresponding to the "Password-protected Agent uninstallation" option to reveal the password.

Are browser extensions removed automatically when I uninstall the main agent?

Not consistently. While the macOS accessory bundle can remove both, Windows often requires separate browser extension removal through profile management (macOS) or manual deletion of folders and registry entries (Windows).

What should I do if standard uninstall methods fail?

Consult Fortinet's enterprise support for specialized removal tools or scripts. Community resources like Reddit's Fortinet forum may also provide insights from users who encountered similar issues.