Uninstall on Windows triggers a Cloud IOC alert

[blakerouse]

The uninstall command for the Elastic Agent performs an action at the end of the installation process that spawns a cmd.exe that uses ping to wait 2 seconds and then delete the C:\Program Files\Elastic\Agent directory. This is done because uninstall is being executed from that directory and it cannot delete the directory that it is executing from (Windows does not allow it).

See the code here: https://github.com/elastic/elastic-agent/blob/main/internal/pkg/agent/install/uninstall.go#L143

This type of process execution on Windows triggers a Cloud IOC alert. We should determine if its possible for this removal to be performed differently that doesn't trigger this type of alert.

• Version: All
• Operating System: Windows

[elasticmachine]

Pinging @elastic/elastic-agent (Team:Elastic-Agent)

[blakerouse]

I am re-opening this as the original change was reverted.