I have CTES From Absolute on my Dell laptop board and consider it Corporate spyware. This is how I defeated it. I went to C:\Windows\system32\ and grouped everything by manufacturer, made a list of everything from Absolute so I could create a .cmd file to delete it all, hey It's gonna come back right? Did the same in SysWOW64. There is 5 services to stop, CscService, Ctes Manager, CtesHostSvc, rpchdp and rpcnet. These were stopped using NET STOP in my .cmd file, before I deleted everything like this:
@Echo Off
NET STOP CscService /Y
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\services\CscService" /v "Start" /t REG_DWORD /d "4" /f
NET STOP Ctes Manager /Y
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\services\Ctes Manager" /v "Start" /t REG_DWORD /d "4" /f
NET STOP CtesHostSvc /Y
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\services\CtesHostSvc" /v "Start" /t REG_DWORD /d "4" /f
NET STOP rpchdp /Y
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\services\rpchdp" /v "Start" /t REG_DWORD /d "4" /f
NET STOP rpcnet /Y
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\services\rpcnet" /v "Start" /t REG_DWORD /d "4" /f
DEL /F /Q /A C:\Windows\SysWOW64\cshost.dll
DEL /F /Q /A C:\Windows\SysWOW64\CTLojack.dll
DEL /F /Q /A C:\Windows\SysWOW64\DIAGDLL64.DLL
DEL /F /Q /A C:\Windows\SysWOW64\identprv.dll
DEL /F /Q /A C:\Windows\SysWOW64\pkgmgr.dll
DEL /F /Q /A C:\Windows\SysWOW64\pcnet.dll
DEL /F /Q /A C:\Windows\SysWOW64\wceprv.dll
DEL /F /Q /A C:\Windows\SysWOW64\instw64.exe
DEL /F /Q /A C:\Windows\SysWOW64\pkgslv.exe
DEL /F /Q /A C:\Windows\SysWOW64\rpcnet.exe
DEL /F /Q /A C:\Windows\System32\cshost.dll
DEL /F /Q /A C:\Windows\System32\CTLojack.dll
DEL /F /Q /A C:\Windows\System32\DIAGDLL64.DLL
DEL /F /Q /A C:\Windows\System32\identprv.dll
DEL /F /Q /A C:\Windows\System32\pkgmgr.dll
DEL /F /Q /A C:\Windows\System32\pcnet.dll
DEL /F /Q /A C:\Windows\System32\wceprv.dll
DEL /F /Q /A C:\Windows\System32\instw64.exe
DEL /F /Q /A C:\Windows\System32\pkgslv.exe
DEL /F /Q /A C:\Windows\System32\rpcnet.exe
RD /S /Q C:\ProgramData\CTES
RD /S /Q C:\ProgramData\Rpcnet
PAUSE
OK services stopped, everything deleted. CTES is now off the system temporally, temporally because it's on the motherboard and it will reinstall to your system, but now you have your .cmd file you can run but that's not enough, CTES must contact a server to update itself and then upload data, and it's considerable. Go to the CTES folder and have a look at CtesPersistence.txt to get an idea of what's happening. I stopped that Internet traffic cold by blocking these servers in the hosts file:
127.0.0.1 search.namequery.com
127.0.0.1 search2.namequery.com
127.0.0.1 search64.namequery.com
127.0.0.1 eol.absolute.com
127.0.0.1 si.namequery.com
127.0.0.1 d.namequery.com
127.0.0.1 a.fc.namequery.com
127.0.0.1 fo.fc.namequery.com
127.0.0.1 resources.namequery.com
127.0.0.1 cdta.namequery.com
127.0.0.1 eum.absolute.com
127.0.0.1 api.absolute.com
127.0.0.1 ps.namequery.com
127.0.0.1 amp.namequery.com
127.0.0.1 ps.absolute.com
127.0.0.1 ctm.server.absolute.com
127.0.0.1 gcm-http.googleapis.com
127.0.0.1 bh.namequery.com
127.0.0.1 sv.symcb.com
127.0.0.1 s.symcb.com
127.0.0.1 s1.symcb.com
127.0.0.1 s2.symcb.com
127.0.0.1 crl.thawte.com
127.0.0.1 cdp.thawte.com
127.0.0.1 cacerts.thawte.com
I have effectively disabled a rather well thought out piece of Corporate Spyware. CTES service still installs because it's on my laptop board. I have Process Hacker from Source Forge, it notifies me when the CTES service installs, so I give it an hour then go to %ProgramData%\CTES and confirm that nothing was updated or uploaded.
To understand just how persistent this is, have a look at Administrator’s Guide for Absolute Agents Once the software is activated, you can only block it. And most laptops are shipped with it activated. Please note this is my system, yours may be different, but it's a jumping-off point.
So to answer the question, I will say quite definitively that this technology is not coming off that board... ever. It can only be managed.
Here's some reference:
search.namequery.com 209.53.113.223 80 and 443 Absolute agent communication for Windows and Mac
search2.namequery.com 209.53.113.19 80 Data Delete & Device Freeze
search64.namequery.com 209.53.113.224 80 Absolute Consumer agent
eol.absolute.com 209.53.113.77 443 End of Life (EOL) Data Delete
si.namequery.com 209.53.113.217 80 Absolute Persistence 2.x
d.namequery.com 209.53.113.225 80 Absolute Persistence 2.x
a.fc.namequery.com
fo.fc.namequery.com 209.53.113.5 80 Real-Time-Technology over IP (RTT-IP)
resources.namequery.com 209.53.113.51 443 Absolute 7 components
resources.namequery.com 152.195.12.32 443 Absolute 7 components delivered from Microsoft Azure Content Delivery Network
cdta.namequery.com 209.53.113.110 80 Data Transfer
eum.absolute.com
.and embedded URL 209.53.113.7 443 End User Messaging
api.absolute.com 209.53.113.121 443 Web Services API
ps.namequery.com 204.174.66.17 443 Professional Services
amp.namequery.com 209.53.113.24 443 Professional Services
ps.absolute.com 209.53.113.132 443 Professional Services
ctm.server.absolute.com 209.53.113.108 443 Absolute agent communication for Android and Chromebook
chrome.google.com 172.217.3.206 443 Absolute for Chromebooks Extension Web Store
gcm-http.googleapis.com 64.233.177.95 443 Google Cloud Messaging for Android and Chromebook
bh.namequery.com 209.53.113.221 80 Absolute holding account
sv.symcb.com 72.21.91.29 80 CRL Distribution Point
s.symcb.com 72.21.91.29 80 CRL Distribution Point
s1.symcb.com 72.21.91.29 80 CRL Distribution Point
s2.symcb.com 23.60.139.27 80 Authority Info Access - On-line Certificate Status Protocol
ts-ocsp.ws.symantec.com 23.60.139.27 80 Authority Info Access - On-line Certificate Status Protocol
ts-aia.ws.symantec.com 72.21.91.29 80 Authority Info Access Certification Authority Issuer
ts-crl.ws.symantec.com 72.21.91.29 80 CRL Distribution Point
ocsp.thawte.com 23.60.139.27 80 Authority Info Access - On-line Certificate Status Protocol
crl.thawte.com 72.21.91.29 80 CRL Distribution Point
cdp.thawte.com 72.21.91.29 80 CRL Distribution Point
cacerts.thawte.com 104.18.11.39 80 Authority Info Access Certification Authority Issuer
ocsp.digicert.com 72.21.91.29 80 Authority Info Access - On-line Certificate Status Protocol
crl3.digicert.com 72.21.91.29 80 CRL Distribution Point