Having issues with the Evo Credential Provider and cannot access the machine in question? Using this guide, you should be able to get the credential provider off of the machine. There are a couple ways around this solution.
- Use EvoCredProSettings.ps1 to remove sole provider
- Uninstall using EvoInstall.ps1
- Rename/delete EvoCredProvider.dll
Use EvoCredProSettings.ps1 to remove sole provider
This requires two steps:
- Establish remote PowerShell session
- Run the EvoCredProSettings script
Establish Remote PowerShell Session
The first step is you have to remotely login via PowerShell to the remote computer. You establish a remote Powershell session like this
Enter-PSSession -computer SOMECOMPUTERNAME
You can use help Enter-PSSession
if you want to get help on the command. One of the common errors may be that it doesn’t like the credentials. In that case, it is necessary to use Get-Credential
command. I typically will call it this way: $creds = Get-Credential mydomain\\myusername
so that all I have to enter is the password.
Then you enter Enter-PSSession -computer SOMECOMPUTER -cred $creds
Again, you can use help Enter-PSSession
for details.
Run EvoCredProSettings
Now, second step after establishing a remote PowerShell session is to turn off Evo as the sole provider. That can be done with this command:
&'C:\\Program Files\\EvoSecurity\\EvoSecureLogin\\EvoCredProSettings.ps1' '{"OnlyEvoLoginCredential":false}'
After this is run, Evo will no longer be the sole credential provider. Evo could be turned back on by changing the false
to true
in the last command.
Use EvoInstall to uninstall
If removing Evo CredPro as the sole provider does not work, then the next step would be to uninstall the credential provider. This is done in two steps
- Establish remote PowerShell session
- Run EvoInstall script to remove the credential provider
To establish a remote PowerShell session, use the steps already outlined in the sections above. After having established the remote PowerShell session, execute the following commands in PowerShell
Invoke-WebRequest [<https://download.evosecurity.com/release/installers/evoinstall-latest.zip>](<https://download.evosecurity.com/release/installers/evoinstall-latest.zip>) -o evoinstall.zip
Expand-Archive .\\evoinstall.zip -dest .
.\\EvoInstall.ps1 -remove -product CredPro
Rename/Delete EvoCredProvider.dll
As an item of last resort, the CredPro DLL can be renamed or deleted to block the Evo CredPro from being used.
First, establish a remote PowerShell session as indicated above
Second, follow these steps in PowerShell.
cd ‘C:\\Program Files\\EvoSecurity\\EvoSecureLogin’
ren EvoCredProvider.dll EvoCredProvider.dll.bak
Restart-Computer
Renaming the DLL will cause it to not be loaded. At a later date, it could be restored to its proper name if it is determined what the issue is that is causing problems with the CredPro.
Recovery Console Boot
The above steps were taken using a remote PowerShell. If a user has physical access to the computer, sometimes it is possible to boot into the Windows Recovery Console. For that, you will generally need to go to the manufacturer’s website to determine how to do it on their machine. Often, you will need a key to access the hard disk like the BitLocker key. However, if you are able to boot into the recovery console, then you can rename or delete the EvoCredProvider.dll as mentioned in the previous section , reboot the computer, and the machine will not be using the Evo Credential Provider.