For the past several days, Windows users in the US have been storming the internet with concerns over the silent, forced transition from Kaspersky’s endpoint security products to UltraAV, seeking advice on how to remove the new antivirus from their systems.

The switch was an expected one, after the US banned Kaspersky’s software in June, over fears of connections to the Russian government. The company’s products and services had been banned in federal agencies in 2017.

Following the ban and sanctions against its executives, Kaspersky announced plans to retire from the US market, where it has been present for roughly two decades. In early September, it announced a deal to transition its US customer base – estimated at roughly one million users – to UltraAV, an antivirus brand of Pango Group.

Following the announcement, which coincided with Kaspersky notifying its US users via email of the transition, scarce details were published on a dedicated page on UltraAV’s website, with a promise of “communications from UltraAV with instructions on how to activate your new account”.

That communication apparently never came and, on September 19, Kaspersky users in the US woke up to UltraAV running on their computers and no trace of Kaspersky’s products. An update was pushed to them and completely replaced their protection software.

That did not bode well with many, and they took it to online forums to complain about the lack of transparency surrounding the move. And about their lack of options.

“This morning, I turned on my PC. Never had an issue with KAV. Well, this unknown company and its software UltraAV automatically installed on my computer. I was never asked nor notified that this installation would happen. Also, I cannot uninstall it,” one unhappy user posted on Kaspersky’s forums.

“Same thing happened to me. Woke up to Kaspersky completely gone from my system with Ultra AV and UltraVPN freshly installed (not by me, just automatically while I slept). No sign of Kaspersky anywhere on my system and Ultra AV’s settings are non-existent,” another said on Reddit.

Other users have voiced similar concerns over the forced transition to UltraAV, while also complaining about the difficulty to remove the new security solution (some say it would reinstall after a reboot) or about its unexpected behavior (folders being deleted and legitimate applications being blocked).

While it is unclear how many users might have experienced issues following the transition, many are clearly unhappy with not being explicitly notified about UltraAV’s silent installation and not being offered the option to opt out.

Indeed, Kaspersky emailed its users, but many completely missed the email or ignored it, and no notification was displayed on computers before Kaspersky’s products were removed. UltraAV’s FAQ page does not explain a lot either.

“What to Expect from the Kaspersky → UltraAV transition. No action is required. By mid-September you will have access to Ultra AV & Ultra VPN on your Windows desktop. If you are a paying Kaspersky customer, when the transition is complete UltraAV protection will be active on your device and you will be able to leverage all of the additional premium features,” the FAQ page reads.

“UltraAV will be activated under your existing subscription and login information, license duration and device coverage are carried over, and there is no price increase. There’s no effort needed from your side, and your Windows apps will update automatically,” a Kaspersky employee said on the company’s forums.

Responding to disgruntled users looking to remove the unwanted UltraAV from their computers, Kaspersky’s support team could not share specific details: “Unfortunately, we don’t have any guidelines for UltraAV, nor the total force silent migration.”

It remains to be seen how many former Kaspersky users in the US will stay on UltraAV, as many said they already switched to an alternative solution, but the way one security product was completely erased from devices and another installed instead raises concerns over the level of control these applications have on customer systems, cybersecurity experts say.

“So, the tools we use to secure ourselves provide the mechanism for breaching security,” enterprise security architect Colin Renouf noted on X (formerly Twitter).

“This is why handing root-level access to Kaspersky was a huge risk. Users were ‘migrated’ – software uninstalled and a totally different product was installed automagically. They had total control of your machine,” former NSA cybersecurity director Rob Joyce pointed out.

Others also noted that Kaspersky should have handled the US market exit with more transparency, possibly providing users with the option to replace the antivirus voluntarily.

“Kaspersky, uninstalling your software from US devices is fine, but installing a different AV without warning or consent is bananas. This is not how you exit a market,” EFF cybersecurity director Eva Galperin said.

SecurityWeek has emailed both Pango Group and Kaspersky for statements on this matter and will update this article as soon as they respond.

Related: Canada Bans WeChat and Kaspersky on Government Phones

Related: Mysterious Apple SoC Feature Exploited to Hack Kaspersky Employee iPhones

Related: US Brands Russian Cybersecurity Firm Kaspersky ‘Security Threat’

Related: Kaspersky Received 105 Government, Law Enforcement Requests in H1 2021