diff --git a/changes/20320-uninstall-packages b/changes/20320-uninstall-packages
new file mode 100644
index 0000000000..89ab892841
--- /dev/null
+++ b/changes/20320-uninstall-packages
@@ -0,0 +1 @@
+* Implement the ability to use Fleet to uninstall packages from hosts.
\ No newline at end of file
diff --git a/codecov.yml b/codecov.yml
index f91f1aae40..cac1d5c0d1 100644
--- a/codecov.yml
+++ b/codecov.yml
@@ -25,3 +25,4 @@ flag_management:
 
 ignore:
   - "server/mock"
+  - "server/fleet/activities.go" # mostly contains code for documentation -- not interesting for tests
diff --git a/docs/Contributing/Audit-logs.md b/docs/Contributing/Audit-logs.md
index b2fe63528b..c4baf17b74 100644
--- a/docs/Contributing/Audit-logs.md
+++ b/docs/Contributing/Audit-logs.md
@@ -1170,6 +1170,29 @@ This activity contains the following fields:
 }
 ```
 
+## uninstalled_software
+
+Generated when a software is uninstalled on a host.
+
+This activity contains the following fields:
+- "host_id": ID of the host.
+- "host_display_name": Display name of the host.
+- "software_title": Name of the software.
+- "script_execution_id": ID of the software uninstall script.
+- "status": Status of the software uninstallation.
+
+#### Example
+
+```json
+{
+  "host_id": 1,
+  "host_display_name": "Anna's MacBook Pro",
+  "software_title": "Falcon.app",
+  "script_execution_id": "ece8d99d-4313-446a-9af2-e152cd1bad1e",
+  "status": "uninstalled"
+}
+```
+
 ## added_software
 
 Generated when a software installer is uploaded to Fleet.
diff --git a/ee/server/service/software_installers.go b/ee/server/service/software_installers.go
index 281d1b05f9..abdaaf8aa0 100644
--- a/ee/server/service/software_installers.go
+++ b/ee/server/service/software_installers.go
@@ -12,9 +12,12 @@ import (
 	"net/http"
 	"net/url"
 	"path/filepath"
+	"regexp"
+	"strings"
 
 	"github.com/fleetdm/fleet/v4/pkg/file"
 	"github.com/fleetdm/fleet/v4/pkg/fleethttp"
+	"github.com/fleetdm/fleet/v4/server/authz"
 	"github.com/fleetdm/fleet/v4/server/contexts/ctxerr"
 	hostctx "github.com/fleetdm/fleet/v4/server/contexts/host"
 	"github.com/fleetdm/fleet/v4/server/contexts/viewer"
@@ -44,6 +47,7 @@ func (svc *Service) UploadSoftwareInstaller(ctx context.Context, payload *fleet.
 	// shebang when the file is directly executed.
 	payload.InstallScript = file.Dos2UnixNewlines(payload.InstallScript)
 	payload.PostInstallScript = file.Dos2UnixNewlines(payload.PostInstallScript)
+	payload.UninstallScript = file.Dos2UnixNewlines(payload.UninstallScript)
 
 	if _, err := svc.addMetadataToSoftwarePayload(ctx, payload); err != nil {
 		return ctxerr.Wrap(ctx, err, "adding metadata to payload")
@@ -56,6 +60,9 @@ func (svc *Service) UploadSoftwareInstaller(ctx context.Context, payload *fleet.
 	// TODO: basic validation of install and post-install script (e.g., supported interpreters)?
 	// TODO: any validation of pre-install query?
 
+	// Update $PACKAGE_ID in uninstall script
+	preProcessUninstallScript(payload)
+
 	installerID, err := svc.ds.MatchOrCreateSoftwareInstaller(ctx, payload)
 	if err != nil {
 		return ctxerr.Wrap(ctx, err, "matching or creating software installer")
@@ -87,6 +94,28 @@ func (svc *Service) UploadSoftwareInstaller(ctx context.Context, payload *fleet.
 	return nil
 }
 
+var packageIDRegex = regexp.MustCompile(`((("\$PACKAGE_ID")|(\$PACKAGE_ID))(?P<suffix>\W|$))|(("\${PACKAGE_ID}")|(\${PACKAGE_ID}))`)
+
+func preProcessUninstallScript(payload *fleet.UploadSoftwareInstallerPayload) {
+	// We assume that we already validated that payload.PackageIDs is not empty.
+	// Replace $PACKAGE_ID in the uninstall script with the package ID(s).
+	var packageID string
+	switch payload.Extension {
+	case "pkg":
+		var sb strings.Builder
+		_, _ = sb.WriteString("(\n")
+		for _, pkgID := range payload.PackageIDs {
+			_, _ = sb.WriteString(fmt.Sprintf("  \"%s\"\n", pkgID))
+		}
+		_, _ = sb.WriteString(")") // no ending newline
+		packageID = sb.String()
+	default:
+		packageID = fmt.Sprintf("\"%s\"", payload.PackageIDs[0])
+	}
+
+	payload.UninstallScript = packageIDRegex.ReplaceAllString(payload.UninstallScript, fmt.Sprintf("%s${suffix}", packageID))
+}
+
 func (svc *Service) DeleteSoftwareInstaller(ctx context.Context, titleID uint, teamID *uint) error {
 	if teamID == nil {
 		return fleet.NewInvalidArgumentError("team_id", "is required")
@@ -389,11 +418,12 @@ func (svc *Service) InstallSoftwareTitle(ctx context.Context, hostID uint, softw
 			if err != nil {
 				return ctxerr.Wrapf(ctx, err, "getting last install data for host %d and installer %d", host.ID, installer.InstallerID)
 			}
-			if lastInstallRequest != nil && lastInstallRequest.Status != nil && *lastInstallRequest.Status == fleet.SoftwareInstallerPending {
+			if lastInstallRequest != nil && lastInstallRequest.Status != nil &&
+				(*lastInstallRequest.Status == fleet.SoftwareInstallPending || *lastInstallRequest.Status == fleet.SoftwareUninstallPending) {
 				return &fleet.BadRequestError{
-					Message: "Couldn't install software. Host has a pending install request.",
+					Message: "Couldn't install software. Host has a pending install/uninstall request.",
 					InternalErr: ctxerr.WrapWithData(
-						ctx, err, "host already has a pending install for this installer",
+						ctx, err, "host already has a pending install/uninstall for this installer",
 						map[string]any{
 							"host_id":               host.ID,
 							"software_installer_id": installer.InstallerID,
@@ -568,6 +598,152 @@ func (svc *Service) installSoftwareTitleUsingInstaller(ctx context.Context, host
 	return ctxerr.Wrap(ctx, err, "inserting software install request")
 }
 
+func (svc *Service) UninstallSoftwareTitle(ctx context.Context, hostID uint, softwareTitleID uint) error {
+	// First check if scripts are disabled globally. If so, no need for further processing.
+	cfg, err := svc.ds.AppConfig(ctx)
+	if err != nil {
+		svc.authz.SkipAuthorization(ctx)
+		return err
+	}
+
+	if cfg.ServerSettings.ScriptsDisabled {
+		svc.authz.SkipAuthorization(ctx)
+		return fleet.NewUserMessageError(errors.New(fleet.RunScriptScriptsDisabledGloballyErrMsg), http.StatusForbidden)
+	}
+
+	// we need to use ds.Host because ds.HostLite doesn't return the orbit node key
+	host, err := svc.ds.Host(ctx, hostID)
+	if err != nil {
+		// if error is because the host does not exist, check first if the user
+		// had access to install/uninstall software (to prevent leaking valid host ids).
+		if fleet.IsNotFound(err) {
+			if err := svc.authz.Authorize(ctx, &fleet.HostSoftwareInstallerResultAuthz{}, fleet.ActionWrite); err != nil {
+				return err
+			}
+		}
+		svc.authz.SkipAuthorization(ctx)
+		return ctxerr.Wrap(ctx, err, "get host")
+	}
+
+	if host.OrbitNodeKey == nil || *host.OrbitNodeKey == "" {
+		// fleetd is required to install software so if the host is enrolled via plain osquery we return an error
+		svc.authz.SkipAuthorization(ctx)
+		return fleet.NewUserMessageError(errors.New("host does not have fleetd installed"), http.StatusUnprocessableEntity)
+	}
+
+	// If scripts are disabled (according to the last detail query), we return an error.
+	// host.ScriptsEnabled may be nil for older orbit versions.
+	if host.ScriptsEnabled != nil && !*host.ScriptsEnabled {
+		svc.authz.SkipAuthorization(ctx)
+		return fleet.NewUserMessageError(errors.New(fleet.RunScriptsOrbitDisabledErrMsg), http.StatusUnprocessableEntity)
+	}
+
+	// authorize with the host's team
+	if err := svc.authz.Authorize(ctx, &fleet.HostSoftwareInstallerResultAuthz{HostTeamID: host.TeamID}, fleet.ActionWrite); err != nil {
+		return err
+	}
+
+	installer, err := svc.ds.GetSoftwareInstallerMetadataByTeamAndTitleID(ctx, host.TeamID, softwareTitleID, false)
+	if err != nil {
+		if fleet.IsNotFound(err) {
+			return &fleet.BadRequestError{
+				Message: "Couldn't uninstall software. Software title is not available for uninstall. Please add software package to install/uninstall.",
+				InternalErr: ctxerr.WrapWithData(
+					ctx, err, "couldn't find an installer for software title",
+					map[string]any{"host_id": host.ID, "team_id": host.TeamID, "title_id": softwareTitleID},
+				),
+			}
+		}
+		return ctxerr.Wrap(ctx, err, "finding software installer for title")
+	}
+
+	lastInstallRequest, err := svc.ds.GetHostLastInstallData(ctx, host.ID, installer.InstallerID)
+	if err != nil {
+		return ctxerr.Wrapf(ctx, err, "getting last install data for host %d and installer %d", host.ID, installer.InstallerID)
+	}
+	if lastInstallRequest != nil && lastInstallRequest.Status != nil &&
+		(*lastInstallRequest.Status == fleet.SoftwareInstallPending || *lastInstallRequest.Status == fleet.SoftwareUninstallPending) {
+		return &fleet.BadRequestError{
+			Message: "Couldn't uninstall software. Host has a pending install/uninstall request.",
+			InternalErr: ctxerr.WrapWithData(
+				ctx, err, "host already has a pending install/uninstall for this installer",
+				map[string]any{
+					"host_id":               host.ID,
+					"software_installer_id": installer.InstallerID,
+					"team_id":               host.TeamID,
+					"title_id":              softwareTitleID,
+					"status":                *lastInstallRequest.Status,
+				},
+			),
+		}
+	}
+
+	// Validate platform
+	ext := filepath.Ext(installer.Name)
+	requiredPlatform := packageExtensionToPlatform(ext)
+	if requiredPlatform == "" {
+		// this should never happen
+		return ctxerr.Errorf(ctx, "software installer has unsupported type %s", ext)
+	}
+
+	if host.FleetPlatform() != requiredPlatform {
+		return &fleet.BadRequestError{
+			Message: fmt.Sprintf("Package (%s) can be uninstalled only on %s hosts.", ext, requiredPlatform),
+			InternalErr: ctxerr.NewWithData(
+				ctx, "invalid host platform for requested uninstall",
+				map[string]any{"host_id": host.ID, "team_id": host.TeamID, "title_id": installer.TitleID},
+			),
+		}
+	}
+
+	// Get the uninstall script and use the standard script infrastructure to run it.
+	contents, err := svc.ds.GetAnyScriptContents(ctx, installer.UninstallScriptContentID)
+	if err != nil {
+		if fleet.IsNotFound(err) {
+			return ctxerr.Wrap(ctx,
+				fleet.NewInvalidArgumentError("software_title_id", `No uninstall script exists for the provided "software_title_id".`).
+					WithStatus(http.StatusNotFound), "getting uninstall script contents")
+		}
+		return err
+	}
+
+	var teamID uint
+	if host.TeamID != nil {
+		teamID = *host.TeamID
+	}
+	// create the script execution request, the host will be notified of the
+	// script execution request via the orbit config's Notifications mechanism.
+	request := fleet.HostScriptRequestPayload{
+		HostID:          host.ID,
+		ScriptContents:  string(contents),
+		ScriptContentID: installer.UninstallScriptContentID,
+		TeamID:          teamID,
+	}
+	if ctxUser := authz.UserFromContext(ctx); ctxUser != nil {
+		request.UserID = &ctxUser.ID
+	}
+	scriptResult, err := svc.ds.NewHostScriptExecutionRequest(ctx, &request)
+	if err != nil {
+		return ctxerr.Wrap(ctx, err, "create script execution request")
+	}
+
+	// Update the host software installs table with the uninstall request.
+	// Pending uninstalls will automatically show up in the UI Host Details -> Activity -> Upcoming tab.
+	if err = svc.insertSoftwareUninstallRequest(ctx, scriptResult.ExecutionID, host, installer); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (svc *Service) insertSoftwareUninstallRequest(ctx context.Context, executionID string, host *fleet.Host,
+	installer *fleet.SoftwareInstaller) error {
+	if err := svc.ds.InsertSoftwareUninstallRequest(ctx, executionID, host.ID, installer.InstallerID); err != nil {
+		return ctxerr.Wrap(ctx, err, "inserting software uninstall request")
+	}
+	return nil
+}
+
 func (svc *Service) GetSoftwareInstallResults(ctx context.Context, resultUUID string) (*fleet.HostSoftwareInstallerResult, error) {
 	// Basic auth check
 	if err := svc.authz.Authorize(ctx, &fleet.Host{}, fleet.ActionList); err != nil {
@@ -656,6 +832,13 @@ func (svc *Service) addMetadataToSoftwarePayload(ctx context.Context, payload *f
 		}
 	}
 
+	if len(meta.PackageIDs) == 0 {
+		return "", &fleet.BadRequestError{
+			Message:     fmt.Sprintf("Couldn't add. Fleet couldn't read the package IDs, product code, or name from %s.", payload.Filename),
+			InternalErr: ctxerr.New(ctx, "extracting package IDs from installer metadata"),
+		}
+	}
+
 	payload.Title = meta.Name
 	if payload.Title == "" {
 		// use the filename if no title from metadata
@@ -664,6 +847,8 @@ func (svc *Service) addMetadataToSoftwarePayload(ctx context.Context, payload *f
 	payload.Version = meta.Version
 	payload.StorageID = hex.EncodeToString(meta.SHASum)
 	payload.BundleIdentifier = meta.BundleIdentifier
+	payload.PackageIDs = meta.PackageIDs
+	payload.Extension = meta.Extension
 
 	// reset the reader (it was consumed to extract metadata)
 	if _, err := payload.InstallerFile.Seek(0, 0); err != nil {
@@ -674,6 +859,10 @@ func (svc *Service) addMetadataToSoftwarePayload(ctx context.Context, payload *f
 		payload.InstallScript = file.GetInstallScript(meta.Extension)
 	}
 
+	if payload.UninstallScript == "" {
+		payload.UninstallScript = file.GetUninstallScript(meta.Extension)
+	}
+
 	source, err := fleet.SofwareInstallerSourceFromExtensionAndName(meta.Extension, meta.Name)
 	if err != nil {
 		return "", ctxerr.Wrap(ctx, err, "determining source from extension and name")
diff --git a/ee/server/service/software_installers_test.go b/ee/server/service/software_installers_test.go
new file mode 100644
index 0000000000..6abd95085e
--- /dev/null
+++ b/ee/server/service/software_installers_test.go
@@ -0,0 +1,223 @@
+package service
+
+import (
+	"context"
+	"testing"
+
+	"github.com/fleetdm/fleet/v4/server/authz"
+	"github.com/fleetdm/fleet/v4/server/contexts/viewer"
+	"github.com/fleetdm/fleet/v4/server/fleet"
+	"github.com/fleetdm/fleet/v4/server/mock"
+	"github.com/fleetdm/fleet/v4/server/ptr"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestPreProcessUninstallScript(t *testing.T) {
+	t.Parallel()
+	var input = `
+blah$PACKAGE_IDS
+pkgids=$PACKAGE_ID
+they are $PACKAGE_ID, right $MY_SECRET?
+quotes for "$PACKAGE_ID"
+blah${PACKAGE_ID}withConcat
+quotes and braces for "${PACKAGE_ID}"
+${PACKAGE_ID}`
+
+	payload := fleet.UploadSoftwareInstallerPayload{
+		Extension:       "exe",
+		UninstallScript: input,
+		PackageIDs:      []string{"com.foo"},
+	}
+
+	preProcessUninstallScript(&payload)
+	expected := `
+blah$PACKAGE_IDS
+pkgids="com.foo"
+they are "com.foo", right $MY_SECRET?
+quotes for "com.foo"
+blah"com.foo"withConcat
+quotes and braces for "com.foo"
+"com.foo"`
+	assert.Equal(t, expected, payload.UninstallScript)
+
+	payload = fleet.UploadSoftwareInstallerPayload{
+		Extension:       "pkg",
+		UninstallScript: input,
+		PackageIDs:      []string{"com.foo", "com.bar"},
+	}
+	preProcessUninstallScript(&payload)
+	expected = `
+blah$PACKAGE_IDS
+pkgids=(
+  "com.foo"
+  "com.bar"
+)
+they are (
+  "com.foo"
+  "com.bar"
+), right $MY_SECRET?
+quotes for (
+  "com.foo"
+  "com.bar"
+)
+blah(
+  "com.foo"
+  "com.bar"
+)withConcat
+quotes and braces for (
+  "com.foo"
+  "com.bar"
+)
+(
+  "com.foo"
+  "com.bar"
+)`
+	assert.Equal(t, expected, payload.UninstallScript)
+
+}
+
+func TestInstallUninstallAuth(t *testing.T) {
+	t.Parallel()
+	ds := new(mock.Store)
+	svc := newTestService(t, ds)
+
+	ds.AppConfigFunc = func(ctx context.Context) (*fleet.AppConfig, error) {
+		return &fleet.AppConfig{}, nil
+	}
+	ds.HostFunc = func(ctx context.Context, id uint) (*fleet.Host, error) {
+		return &fleet.Host{
+			OrbitNodeKey: ptr.String("orbit_key"),
+			Platform:     "darwin",
+			TeamID:       ptr.Uint(1),
+		}, nil
+	}
+	ds.GetSoftwareInstallerMetadataByTeamAndTitleIDFunc = func(ctx context.Context, teamID *uint, titleID uint,
+		withScriptContents bool) (*fleet.SoftwareInstaller, error) {
+		return &fleet.SoftwareInstaller{
+			Name:     "installer.pkg",
+			Platform: "darwin",
+			TeamID:   ptr.Uint(1),
+		}, nil
+	}
+	ds.GetHostLastInstallDataFunc = func(ctx context.Context, hostID uint, installerID uint) (*fleet.HostLastInstallData, error) {
+		return nil, nil
+	}
+	ds.InsertSoftwareInstallRequestFunc = func(ctx context.Context, hostID uint, softwareInstallerID uint, selfService bool) (string,
+		error) {
+		return "request_id", nil
+	}
+	ds.GetAnyScriptContentsFunc = func(ctx context.Context, id uint) ([]byte, error) {
+		return []byte("script"), nil
+	}
+	ds.NewHostScriptExecutionRequestFunc = func(ctx context.Context, request *fleet.HostScriptRequestPayload) (*fleet.HostScriptResult,
+		error) {
+		return &fleet.HostScriptResult{
+			ExecutionID: "execution_id",
+		}, nil
+	}
+	ds.InsertSoftwareUninstallRequestFunc = func(ctx context.Context, executionID string, hostID uint, softwareInstallerID uint) error {
+		return nil
+	}
+
+	testCases := []struct {
+		name       string
+		user       *fleet.User
+		shouldFail bool
+	}{
+		{
+			"global admin",
+			&fleet.User{GlobalRole: ptr.String(fleet.RoleAdmin)},
+			false,
+		},
+		{
+			"global maintainer",
+			&fleet.User{GlobalRole: ptr.String(fleet.RoleMaintainer)},
+			false,
+		},
+		{
+			"global observer",
+			&fleet.User{GlobalRole: ptr.String(fleet.RoleObserver)},
+			true,
+		},
+		{
+			"team admin",
+			&fleet.User{Teams: []fleet.UserTeam{{Team: fleet.Team{ID: 1}, Role: fleet.RoleAdmin}}},
+			false,
+		},
+		{
+			"team maintainer",
+			&fleet.User{Teams: []fleet.UserTeam{{Team: fleet.Team{ID: 1}, Role: fleet.RoleMaintainer}}},
+			false,
+		},
+		{
+			"team observer",
+			&fleet.User{Teams: []fleet.UserTeam{{Team: fleet.Team{ID: 1}, Role: fleet.RoleObserver}}},
+			true,
+		},
+	}
+	for _, tt := range testCases {
+		t.Run(tt.name, func(t *testing.T) {
+			ctx := viewer.NewContext(context.Background(), viewer.Viewer{User: tt.user})
+			checkAuthErr(t, tt.shouldFail, svc.InstallSoftwareTitle(ctx, 1, 10))
+			checkAuthErr(t, tt.shouldFail, svc.UninstallSoftwareTitle(ctx, 1, 10))
+		})
+	}
+}
+
+// TestUninstallSoftwareTitle is mostly tested in enterprise integration test. This test hits a few edge cases.
+func TestUninstallSoftwareTitle(t *testing.T) {
+	t.Parallel()
+	ds := new(mock.Store)
+	svc := newTestService(t, ds)
+
+	host := &fleet.Host{
+		OrbitNodeKey: ptr.String("orbit_key"),
+		Platform:     "darwin",
+		TeamID:       ptr.Uint(1),
+	}
+
+	ds.HostFunc = func(ctx context.Context, id uint) (*fleet.Host, error) {
+		return host, nil
+	}
+
+	// Scripts disabled
+	ds.AppConfigFunc = func(ctx context.Context) (*fleet.AppConfig, error) {
+		return &fleet.AppConfig{
+			ServerSettings: fleet.ServerSettings{
+				ScriptsDisabled: true,
+			},
+		}, nil
+	}
+	require.ErrorContains(t, svc.UninstallSoftwareTitle(context.Background(), 1, 10), fleet.RunScriptScriptsDisabledGloballyErrMsg)
+	ds.AppConfigFunc = func(ctx context.Context) (*fleet.AppConfig, error) {
+		return &fleet.AppConfig{}, nil
+	}
+
+	// Host scripts disabled
+	host.ScriptsEnabled = ptr.Bool(false)
+	require.ErrorContains(t, svc.UninstallSoftwareTitle(context.Background(), 1, 10), fleet.RunScriptsOrbitDisabledErrMsg)
+
+}
+
+func checkAuthErr(t *testing.T, shouldFail bool, err error) {
+	t.Helper()
+	if shouldFail {
+		require.Error(t, err)
+		var forbiddenError *authz.Forbidden
+		require.ErrorAs(t, err, &forbiddenError)
+	} else {
+		require.NoError(t, err)
+	}
+}
+
+func newTestService(t *testing.T, ds fleet.Datastore) *Service {
+	t.Helper()
+	authorizer, err := authz.NewAuthorizer()
+	require.NoError(t, err)
+	svc := &Service{
+		authz: authorizer,
+		ds:    ds,
+	}
+	return svc
+}
diff --git a/frontend/__mocks__/scriptMock.ts b/frontend/__mocks__/scriptMock.ts
index bb57b11857..ff8d635122 100644
--- a/frontend/__mocks__/scriptMock.ts
+++ b/frontend/__mocks__/scriptMock.ts
@@ -24,6 +24,7 @@ const DEFAULT_SCRIPT_RESULT_MOCK: IScriptResultResponse = {
   runtime: 0,
   host_timeout: false,
   script_id: 1,
+  created_at: "2020-01-01T00:00:00.000Z",
 };
 
 export const createMockScriptResult = (
diff --git a/frontend/__mocks__/softwareMock.ts b/frontend/__mocks__/softwareMock.ts
index 9ef0b14e9a..fb2fc313ba 100644
--- a/frontend/__mocks__/softwareMock.ts
+++ b/frontend/__mocks__/softwareMock.ts
@@ -204,8 +204,10 @@ const DEFAULT_SOFTWARE_PACKAGE_MOCK: ISoftwarePackage = {
   icon_url: null,
   status: {
     installed: 1,
-    pending: 2,
-    failed: 3,
+    pending_install: 2,
+    failed_install: 1,
+    pending_uninstall: 1,
+    failed_uninstall: 1,
   },
 };
 
diff --git a/frontend/components/ActivityDetails/InstallDetails/SoftwareInstallDetails/SoftwareInstallDetails.tsx b/frontend/components/ActivityDetails/InstallDetails/SoftwareInstallDetails/SoftwareInstallDetails.tsx
index 61c2d5f04f..42ed1d6dd3 100644
--- a/frontend/components/ActivityDetails/InstallDetails/SoftwareInstallDetails/SoftwareInstallDetails.tsx
+++ b/frontend/components/ActivityDetails/InstallDetails/SoftwareInstallDetails/SoftwareInstallDetails.tsx
@@ -1,5 +1,6 @@
 import React from "react";
 import { useQuery } from "react-query";
+import { formatDistanceToNow } from "date-fns";
 
 import { IActivityDetails } from "interfaces/activity";
 import {
@@ -29,7 +30,14 @@ export type IPackageInstallDetails = Pick<
 >;
 
 const StatusMessage = ({
-  result: { host_display_name, software_package, software_title, status },
+  result: {
+    host_display_name,
+    software_package,
+    software_title,
+    status,
+    updated_at,
+    created_at,
+  },
 }: {
   result: ISoftwareInstallResult;
 }) => {
@@ -38,13 +46,24 @@ const StatusMessage = ({
   ) : (
     "the host"
   );
+
+  const timeStamp = updated_at || created_at;
+  const displayTimeStamp = ["failed_install", "installed"].includes(
+    status || ""
+  )
+    ? ` (${formatDistanceToNow(new Date(timeStamp), {
+        includeSeconds: true,
+        addSuffix: true,
+      })})`
+    : "";
   return (
     <div className={`${baseClass}__status-message`}>
       <Icon name={INSTALL_DETAILS_STATUS_ICONS[status]} />
       <span>
         Fleet {getInstallDetailsStatusPredicate(status)} <b>{software_title}</b>{" "}
         ({software_package}) on {formattedHost}
-        {status === "pending" ? " when it comes online" : ""}.
+        {status === "pending_install" ? " when it comes online" : ""}
+        {displayTimeStamp}.
       </span>
     </div>
   );
@@ -104,7 +123,7 @@ export const SoftwareInstallDetails = ({
             result.host_display_name ? result : { ...result, host_display_name } // prefer result.host_display_name (it may be empty if the host was deleted) otherwise default to whatever we received via props
           }
         />
-        {result.status !== "pending" && (
+        {result.status !== "pending_install" && (
           <>
             {result.pre_install_query_output && (
               <Output displayKey="pre_install_query_output" result={result} />
diff --git a/frontend/components/ActivityDetails/InstallDetails/SoftwareUninstallDetailsModal/SoftwareUninstallDetailsModal.tsx b/frontend/components/ActivityDetails/InstallDetails/SoftwareUninstallDetailsModal/SoftwareUninstallDetailsModal.tsx
new file mode 100644
index 0000000000..dfb4ef13c9
--- /dev/null
+++ b/frontend/components/ActivityDetails/InstallDetails/SoftwareUninstallDetailsModal/SoftwareUninstallDetailsModal.tsx
@@ -0,0 +1,157 @@
+import Button from "components/buttons/Button";
+import DataError from "components/DataError";
+import Icon from "components/Icon";
+import Modal from "components/Modal";
+import Spinner from "components/Spinner";
+import Textarea from "components/Textarea";
+import { formatDistanceToNow } from "date-fns";
+import { IActivityDetails } from "interfaces/activity";
+import { isPendingStatus, SoftwareInstallStatus } from "interfaces/software";
+import React from "react";
+import { useQuery } from "react-query";
+import scriptsAPI, { IScriptResultResponse } from "services/entities/scripts";
+import { DEFAULT_USE_QUERY_OPTIONS } from "utilities/constants";
+import {
+  getInstallDetailsStatusPredicate,
+  INSTALL_DETAILS_STATUS_ICONS,
+} from "../constants";
+
+const baseClass = "software-uninstall-details-modal";
+
+type ISoftwareUninstallDetails = Pick<
+  IActivityDetails,
+  "script_execution_id" | "host_display_name" | "software_title" | "status"
+>;
+// TODO - rely on activity created_at for timestamp? what else?
+
+interface IUninstallStatusMessage {
+  host_display_name: string;
+  // TODO - improve status typing
+  status: string;
+  software_title: string;
+  timestamp: string;
+}
+
+const StatusMessage = ({
+  host_display_name,
+  status,
+  software_title,
+  timestamp,
+}: IUninstallStatusMessage) => {
+  const formattedHost = host_display_name ? (
+    <b>{host_display_name}</b>
+  ) : (
+    "the host"
+  );
+
+  const isPending = isPendingStatus(status);
+  const displayTimeStamp =
+    !isPending && timestamp
+      ? ` (${formatDistanceToNow(new Date(timestamp), {
+          includeSeconds: true,
+          addSuffix: true,
+        })})`
+      : "";
+  return (
+    <div className={`${baseClass}__status-message`}>
+      <Icon
+        name={INSTALL_DETAILS_STATUS_ICONS[status as SoftwareInstallStatus]}
+      />
+      <span>
+        Fleet {getInstallDetailsStatusPredicate(status)} <b>{software_title}</b>{" "}
+        from {formattedHost}
+        {isPending ? " when it comes online" : ""}
+        {displayTimeStamp}.
+      </span>
+    </div>
+  );
+};
+
+const SoftwareUninstallDetailsModal = ({
+  details,
+  onCancel,
+}: {
+  details: ISoftwareUninstallDetails;
+  onCancel: () => void;
+}) => {
+  const SoftwareUninstallDetails = ({
+    script_execution_id = "",
+    host_display_name = "",
+    software_title = "",
+    status = "",
+  }: ISoftwareUninstallDetails) => {
+    const {
+      data: scriptResult,
+      isLoading,
+      isError,
+    } = useQuery<IScriptResultResponse>(
+      ["uninstallResult", details.script_execution_id],
+      () => {
+        return scriptsAPI.getScriptResult(script_execution_id);
+      },
+      { ...DEFAULT_USE_QUERY_OPTIONS }
+    );
+
+    if (isLoading) {
+      return <Spinner />;
+    } else if (isError) {
+      return <DataError description="Close this modal and try again." />;
+    } else if (!scriptResult) {
+      // FIXME: Find a better solution for this.
+      return <DataError description="No data returned." />;
+    }
+
+    status = status === "failed" ? "failed_uninstall" : status;
+
+    return (
+      <>
+        <StatusMessage
+          host_display_name={host_display_name}
+          status={status}
+          software_title={software_title}
+          timestamp={scriptResult.created_at}
+        />
+        {!isPendingStatus(status) && scriptResult && (
+          <>
+            <div className={`${baseClass}__script-output`}>
+              Uninstall script content:
+              <Textarea className={`${baseClass}__output-textarea`}>
+                {scriptResult.script_contents}
+              </Textarea>
+            </div>
+
+            <div className={`${baseClass}__script-output`}>
+              Uninstall script output:
+              <Textarea className={`${baseClass}__output-textarea`}>
+                {scriptResult.output}
+              </Textarea>
+            </div>
+          </>
+        )}
+      </>
+    );
+  };
+
+  return (
+    <Modal
+      title="Uninstall details"
+      onExit={onCancel}
+      onEnter={onCancel}
+      width="large"
+      className={baseClass}
+    >
+      <>
+        <div className={`${baseClass}__modal-content`}>
+          <SoftwareUninstallDetails {...details} />
+        </div>
+        <div className="modal-cta-wrap">
+          <Button onClick={onCancel} variant="brand">
+            Done
+          </Button>
+        </div>
+      </>
+    </Modal>
+  );
+};
+
+export default SoftwareUninstallDetailsModal;
diff --git a/frontend/components/ActivityDetails/InstallDetails/SoftwareUninstallDetailsModal/_styles.scss b/frontend/components/ActivityDetails/InstallDetails/SoftwareUninstallDetailsModal/_styles.scss
new file mode 100644
index 0000000000..ca0ad4a2c1
--- /dev/null
+++ b/frontend/components/ActivityDetails/InstallDetails/SoftwareUninstallDetailsModal/_styles.scss
@@ -0,0 +1,23 @@
+.software-uninstall-details-modal {
+  &__modal-content {
+    display: flex;
+    flex-direction: column;
+    gap: 2rem;
+  }
+  &__status-message {
+    display: flex;
+    align-items: center;
+    gap: $pad-small;
+    margin: 0;
+    .icon {
+      align-self: flex-start;
+    }
+  }
+  &__script-output {
+    .textarea {
+      margin-top: $pad-medium;
+      overflow-wrap: break-word;
+      font-family: "SourceCodePro", $monospace;
+    }
+  }
+}
diff --git a/frontend/components/ActivityDetails/InstallDetails/SoftwareUninstallDetailsModal/index.ts b/frontend/components/ActivityDetails/InstallDetails/SoftwareUninstallDetailsModal/index.ts
new file mode 100644
index 0000000000..c57d50fe8d
--- /dev/null
+++ b/frontend/components/ActivityDetails/InstallDetails/SoftwareUninstallDetailsModal/index.ts
@@ -0,0 +1 @@
+export { default } from "./SoftwareUninstallDetailsModal";
diff --git a/frontend/components/ActivityDetails/InstallDetails/constants.ts b/frontend/components/ActivityDetails/InstallDetails/constants.ts
index c4c1ae8cb7..255b12e5fd 100644
--- a/frontend/components/ActivityDetails/InstallDetails/constants.ts
+++ b/frontend/components/ActivityDetails/InstallDetails/constants.ts
@@ -5,30 +5,36 @@ export const INSTALL_DETAILS_STATUS_ICONS: Record<
   SoftwareInstallStatus,
   IconNames
 > = {
-  pending: "pending-outline",
+  pending_install: "pending-outline",
   installed: "success-outline",
-  failed: "error-outline",
+  uninstalled: "success-outline",
+  failed_install: "error-outline",
+  pending_uninstall: "pending-outline",
+  failed_uninstall: "error-outline",
 } as const;
 
 const INSTALL_DETAILS_STATUS_PREDICATES: Record<
   SoftwareInstallStatus,
   string
 > = {
-  pending: "is installing or will install",
+  pending_install: "is installing or will install",
   installed: "installed",
-  failed: "failed to install",
+  uninstalled: "uninstalled",
+  failed_install: "failed to install",
+  pending_uninstall: "is uninstalling or will uninstall",
+  failed_uninstall: "failed to uninstall",
 } as const;
 
 export const getInstallDetailsStatusPredicate = (
   status: string | undefined
 ) => {
   if (!status) {
-    return INSTALL_DETAILS_STATUS_PREDICATES.pending;
+    return INSTALL_DETAILS_STATUS_PREDICATES.pending_install;
   }
   return (
     INSTALL_DETAILS_STATUS_PREDICATES[
       status.toLowerCase() as SoftwareInstallStatus
-    ] || INSTALL_DETAILS_STATUS_PREDICATES.pending
+    ] || INSTALL_DETAILS_STATUS_PREDICATES.pending_install
   );
 };
 
diff --git a/frontend/components/buttons/RevealButton/RevealButton.tsx b/frontend/components/buttons/RevealButton/RevealButton.tsx
index c1db68f9d9..c54d5a0010 100644
--- a/frontend/components/buttons/RevealButton/RevealButton.tsx
+++ b/frontend/components/buttons/RevealButton/RevealButton.tsx
@@ -13,6 +13,7 @@ export interface IRevealButtonProps {
   autofocus?: boolean;
   disabled?: boolean;
   tooltipContent?: React.ReactNode;
+  disabledTooltipContent?: React.ReactNode;
   onClick?:
     | ((value?: any) => void)
     | ((evt: React.MouseEvent<HTMLButtonElement>) => void);
@@ -29,6 +30,7 @@ const RevealButton = ({
   autofocus,
   disabled,
   tooltipContent,
+  disabledTooltipContent,
   onClick,
 }: IRevealButtonProps): JSX.Element => {
   const classNames = classnames(baseClass, className);
@@ -36,11 +38,12 @@ const RevealButton = ({
   const buttonContent = () => {
     const text = isShowing ? hideText : showText;
 
-    const buttonText = tooltipContent ? (
-      <TooltipWrapper tipContent={tooltipContent}>{text}</TooltipWrapper>
-    ) : (
-      text
-    );
+    const buttonText =
+      tooltipContent && !disabled ? (
+        <TooltipWrapper tipContent={tooltipContent}>{text}</TooltipWrapper>
+      ) : (
+        text
+      );
 
     return (
       <>
@@ -61,7 +64,7 @@ const RevealButton = ({
     );
   };
 
-  return (
+  const button = (
     <Button
       variant="text-icon"
       className={classNames}
@@ -72,6 +75,22 @@ const RevealButton = ({
       {buttonContent()}
     </Button>
   );
+
+  if (disabled && disabledTooltipContent) {
+    // wrap the tooltip around the Button so it works while disabled
+    return (
+      <TooltipWrapper
+        tipContent={disabledTooltipContent}
+        showArrow
+        underline={false}
+        position="right"
+        tipOffset={12}
+      >
+        {button}
+      </TooltipWrapper>
+    );
+  }
+  return button;
 };
 
 export default RevealButton;
diff --git a/frontend/interfaces/activity.ts b/frontend/interfaces/activity.ts
index c3cf09f719..5072a4a371 100644
--- a/frontend/interfaces/activity.ts
+++ b/frontend/interfaces/activity.ts
@@ -80,6 +80,7 @@ export enum ActivityType {
   AddedSoftware = "added_software",
   DeletedSoftware = "deleted_software",
   InstalledSoftware = "installed_software",
+  UninstalledSoftware = "uninstalled_software",
   EnabledVpp = "enabled_vpp",
   DisabledVpp = "disabled_vpp",
   AddedAppStoreApp = "added_app_store_app",
@@ -93,12 +94,14 @@ export type IHostPastActivityType =
   | ActivityType.LockedHost
   | ActivityType.UnlockedHost
   | ActivityType.InstalledSoftware
+  | ActivityType.UninstalledSoftware
   | ActivityType.InstalledAppStoreApp;
 
 // This is a subset of ActivityType that are shown only for the host upcoming activities
 export type IHostUpcomingActivityType =
   | ActivityType.RanScript
   | ActivityType.InstalledSoftware
+  | ActivityType.UninstalledSoftware
   | ActivityType.InstalledAppStoreApp;
 
 export interface IActivity {
diff --git a/frontend/interfaces/package_type.ts b/frontend/interfaces/package_type.ts
new file mode 100644
index 0000000000..8afb43cef3
--- /dev/null
+++ b/frontend/interfaces/package_type.ts
@@ -0,0 +1,22 @@
+const unixPackageTypes = ["pkg", "deb"] as const;
+const windowsPackageTypes = ["msi", "exe"] as const;
+export const packageTypes = [
+  ...unixPackageTypes,
+  ...windowsPackageTypes,
+] as const;
+
+export type WindowsPackageType = typeof windowsPackageTypes[number];
+export type UnixPackageType = typeof unixPackageTypes[number];
+export type PackageType = WindowsPackageType | UnixPackageType;
+
+export const isWindowsPackageType = (s: any): s is WindowsPackageType => {
+  return windowsPackageTypes.includes(s);
+};
+
+export const isUnixPackageType = (s: any): s is UnixPackageType => {
+  return unixPackageTypes.includes(s);
+};
+
+export const isPackageType = (s: any): s is PackageType => {
+  return packageTypes.includes(s);
+};
diff --git a/frontend/interfaces/software.ts b/frontend/interfaces/software.ts
index 9d6d3617b2..2818accc7c 100644
--- a/frontend/interfaces/software.ts
+++ b/frontend/interfaces/software.ts
@@ -66,8 +66,10 @@ export interface ISoftwarePackage {
   icon_url: string | null;
   status: {
     installed: number;
-    pending: number;
-    failed: number;
+    pending_install: number;
+    failed_install: number;
+    pending_uninstall: number;
+    failed_uninstall: number;
   };
 }
 
@@ -194,10 +196,19 @@ export const formatSoftwareType = ({
 /**
  * This list comprises all possible states of software install operations.
  */
+export const SOFTWARE_UNINSTALL_STATUSES = [
+  "uninstalled",
+  "pending_uninstall",
+  "failed_uninstall",
+] as const;
+
+export type SoftwareUninstallStatus = typeof SOFTWARE_UNINSTALL_STATUSES[number];
+
 export const SOFTWARE_INSTALL_STATUSES = [
-  "failed",
   "installed",
-  "pending",
+  "pending_install",
+  "failed_install",
+  ...SOFTWARE_UNINSTALL_STATUSES,
 ] as const;
 
 /*
@@ -206,26 +217,38 @@ export const SOFTWARE_INSTALL_STATUSES = [
 export type SoftwareInstallStatus = typeof SOFTWARE_INSTALL_STATUSES[number];
 
 export const isValidSoftwareInstallStatus = (
-  s: string | undefined
+  s: string | undefined | null
 ): s is SoftwareInstallStatus =>
   !!s && SOFTWARE_INSTALL_STATUSES.includes(s as SoftwareInstallStatus);
 
+export const isSoftwareUninstallStatus = (
+  s: string | undefined | null
+): s is SoftwareUninstallStatus =>
+  !!s && SOFTWARE_UNINSTALL_STATUSES.includes(s as SoftwareUninstallStatus);
+
+// not a typeguard, as above 2 functions are
+export const isPendingStatus = (s: string | undefined | null) =>
+  ["pending_install", "pending_uninstall"].includes(s || "");
+
 /**
  * ISoftwareInstallResult is the shape of a software install result object
  * returned by the Fleet API.
  */
 export interface ISoftwareInstallResult {
+  host_display_name?: string;
   install_uuid: string;
   software_title: string;
   software_title_id: number;
   software_package: string;
   host_id: number;
-  host_display_name: string;
   status: SoftwareInstallStatus;
   detail: string;
   output: string;
   pre_install_query_output: string;
   post_install_script_output: string;
+  created_at: string;
+  updated_at: string | null;
+  self_service: boolean;
 }
 
 export interface ISoftwareInstallResults {
@@ -276,16 +299,23 @@ export interface IHostSoftware {
   app_store_app: IHostAppStoreApp | null;
   source: string;
   bundle_identifier?: string;
-  status: SoftwareInstallStatus | null;
+  status: Exclude<SoftwareInstallStatus, "uninstalled"> | null;
   installed_versions: ISoftwareInstallVersion[] | null;
 }
 
 export type IDeviceSoftware = IHostSoftware;
 
-const INSTALL_STATUS_PREDICATES: Record<SoftwareInstallStatus, string> = {
-  failed: "failed to install",
+const INSTALL_STATUS_PREDICATES: Record<
+  SoftwareInstallStatus | "pending",
+  string
+> = {
+  pending: "pending",
   installed: "installed",
-  pending: "told Fleet to install",
+  uninstalled: "uninstalled",
+  pending_install: "told Fleet to install",
+  failed_install: "failed to install",
+  pending_uninstall: "told Fleet to uninstall",
+  failed_uninstall: "failed to uninstall",
 } as const;
 
 export const getInstallStatusPredicate = (status: string | undefined) => {
@@ -298,10 +328,18 @@ export const getInstallStatusPredicate = (status: string | undefined) => {
   );
 };
 
-export const INSTALL_STATUS_ICONS: Record<SoftwareInstallStatus, IconNames> = {
+export const INSTALL_STATUS_ICONS: Record<
+  SoftwareInstallStatus | "pending" | "failed",
+  IconNames
+> = {
   pending: "pending-outline",
+  pending_install: "pending-outline",
   installed: "success-outline",
+  uninstalled: "success-outline",
   failed: "error-outline",
+  failed_install: "error-outline",
+  pending_uninstall: "pending-outline",
+  failed_uninstall: "error-outline",
 } as const;
 
 type IHostSoftwarePackageWithLastInstall = IHostSoftwarePackage & {
diff --git a/frontend/pages/DashboardPage/cards/ActivityFeed/ActivityFeed.tsx b/frontend/pages/DashboardPage/cards/ActivityFeed/ActivityFeed.tsx
index c9e6b08af9..47f08d4430 100644
--- a/frontend/pages/DashboardPage/cards/ActivityFeed/ActivityFeed.tsx
+++ b/frontend/pages/DashboardPage/cards/ActivityFeed/ActivityFeed.tsx
@@ -18,6 +18,7 @@ import FleetIcon from "components/icons/FleetIcon";
 
 import { AppInstallDetailsModal } from "components/ActivityDetails/InstallDetails/AppInstallDetails";
 import { SoftwareInstallDetailsModal } from "components/ActivityDetails/InstallDetails/SoftwareInstallDetails/SoftwareInstallDetails";
+import SoftwareUninstallDetailsModal from "components/ActivityDetails/InstallDetails/SoftwareUninstallDetailsModal/SoftwareUninstallDetailsModal";
 
 import ActivityItem from "./ActivityItem";
 import ScriptDetailsModal from "./components/ScriptDetailsModal/ScriptDetailsModal";
@@ -41,6 +42,10 @@ const ActivityFeed = ({
     packageInstallDetails,
     setPackageInstallDetails,
   ] = useState<IActivityDetails | null>(null);
+  const [
+    packageUninstallDetails,
+    setPackageUninstallDetails,
+  ] = useState<IActivityDetails | null>(null);
   const [
     appInstallDetails,
     setAppInstallDetails,
@@ -106,6 +111,9 @@ const ActivityFeed = ({
       case ActivityType.InstalledSoftware:
         setPackageInstallDetails({ ...details });
         break;
+      case ActivityType.UninstalledSoftware:
+        setPackageUninstallDetails({ ...details });
+        break;
       case ActivityType.InstalledAppStoreApp:
         setAppInstallDetails({ ...details });
         break;
@@ -205,6 +213,12 @@ const ActivityFeed = ({
           onCancel={() => setPackageInstallDetails(null)}
         />
       )}
+      {packageUninstallDetails && (
+        <SoftwareUninstallDetailsModal
+          details={packageUninstallDetails}
+          onCancel={() => setPackageUninstallDetails(null)}
+        />
+      )}
       {appInstallDetails && (
         <AppInstallDetailsModal
           details={appInstallDetails}
diff --git a/frontend/pages/DashboardPage/cards/ActivityFeed/ActivityItem/ActivityItem.tsx b/frontend/pages/DashboardPage/cards/ActivityFeed/ActivityItem/ActivityItem.tsx
index 0e4bb125fa..ca521fdb9e 100644
--- a/frontend/pages/DashboardPage/cards/ActivityFeed/ActivityItem/ActivityItem.tsx
+++ b/frontend/pages/DashboardPage/cards/ActivityFeed/ActivityItem/ActivityItem.tsx
@@ -907,6 +907,40 @@ const TAGGED_TEMPLATES = {
       </>
     );
   },
+  uninstalledSoftware: (
+    activity: IActivity,
+    onDetailsClick?: (type: ActivityType, details: IActivityDetails) => void
+  ) => {
+    const { details } = activity;
+    if (!details) {
+      return TAGGED_TEMPLATES.defaultActivityTemplate(activity);
+    }
+
+    const { host_display_name: hostName, software_title: title } = details;
+    const status =
+      details.status === "failed" ? "failed_uninstall" : details.status;
+
+    const showSoftwarePackage =
+      !!details.software_package &&
+      activity.type === ActivityType.InstalledSoftware;
+
+    return (
+      <>
+        {" "}
+        {getInstallStatusPredicate(status)} software <b>{title}</b>
+        {showSoftwarePackage && ` (${details.software_package})`} from{" "}
+        <b>{hostName}</b>.{" "}
+        <Button
+          className={`${baseClass}__show-query-link`}
+          variant="text-link"
+          onClick={() => onDetailsClick?.(activity.type, details)}
+        >
+          Show details{" "}
+          <Icon className={`${baseClass}__show-query-icon`} name="eye" />
+        </Button>
+      </>
+    );
+  },
   enabledVpp: (activity: IActivity) => {
     return (
       <>
@@ -1168,6 +1202,9 @@ const getDetail = (
     case ActivityType.InstalledSoftware: {
       return TAGGED_TEMPLATES.installedSoftware(activity, onDetailsClick);
     }
+    case ActivityType.UninstalledSoftware: {
+      return TAGGED_TEMPLATES.uninstalledSoftware(activity, onDetailsClick);
+    }
     case ActivityType.AddedAppStoreApp: {
       return TAGGED_TEMPLATES.addedAppStoreApp(activity);
     }
@@ -1234,6 +1271,7 @@ const ActivityItem = ({
           DEFAULT_ACTOR_DISPLAY
         );
       case ActivityType.InstalledSoftware:
+      case ActivityType.UninstalledSoftware:
       case ActivityType.InstalledAppStoreApp:
         return activity.details?.self_service ? (
           <span>An end user</span>
diff --git a/frontend/pages/SoftwarePage/SoftwareTitleDetailsPage/SoftwarePackageCard/SoftwarePackageCard.tsx b/frontend/pages/SoftwarePage/SoftwareTitleDetailsPage/SoftwarePackageCard/SoftwarePackageCard.tsx
index 1c6a31e9d7..0229550957 100644
--- a/frontend/pages/SoftwarePage/SoftwareTitleDetailsPage/SoftwarePackageCard/SoftwarePackageCard.tsx
+++ b/frontend/pages/SoftwarePage/SoftwareTitleDetailsPage/SoftwarePackageCard/SoftwarePackageCard.tsx
@@ -86,8 +86,11 @@ interface IStatusDisplayOption {
   tooltip: React.ReactNode;
 }
 
+// "pending" and "failed" each encompass both "_install" and "_uninstall" sub-statuses
+type SoftwareInstallDisplayStatus = "installed" | "pending" | "failed";
+
 const STATUS_DISPLAY_OPTIONS: Record<
-  SoftwareInstallStatus,
+  SoftwareInstallDisplayStatus,
   IStatusDisplayOption
 > = {
   installed: {
@@ -106,16 +109,22 @@ const STATUS_DISPLAY_OPTIONS: Record<
   pending: {
     displayName: "Pending",
     iconName: "pending-outline",
-    tooltip: "Fleet is installing or will install when the host comes online.",
+    tooltip: (
+      <>
+        Fleet is installing/uninstalling or will
+        <br />
+        do so when the host comes online.
+      </>
+    ),
   },
   failed: {
     displayName: "Failed",
     iconName: "error",
     tooltip: (
       <>
-        These hosts failed to install software. Click on a host to view
+        These hosts failed to install/uninstall software.
         <br />
-        error(s).
+        Click on a host to view error(s).
       </>
     ),
   },
@@ -123,7 +132,7 @@ const STATUS_DISPLAY_OPTIONS: Record<
 
 interface IPackageStatusCountProps {
   softwareId: number;
-  status: SoftwareInstallStatus;
+  status: SoftwareInstallDisplayStatus;
   count: number;
   teamId?: number;
 }
diff --git a/frontend/pages/SoftwarePage/SoftwareTitleDetailsPage/helpers.ts b/frontend/pages/SoftwarePage/SoftwareTitleDetailsPage/helpers.ts
index 04bf2d18d4..986497d160 100644
--- a/frontend/pages/SoftwarePage/SoftwareTitleDetailsPage/helpers.ts
+++ b/frontend/pages/SoftwarePage/SoftwareTitleDetailsPage/helpers.ts
@@ -1,10 +1,16 @@
 import {
   IAppStoreApp,
+  ISoftwarePackage,
   ISoftwareTitleDetails,
   isSoftwarePackage,
 } from "interfaces/software";
 import { DEFAULT_EMPTY_CELL_VALUE } from "utilities/constants";
 
+const mergePackageStatuses = (packageStatuses: ISoftwarePackage["status"]) => ({
+  installed: packageStatuses.installed,
+  pending: packageStatuses.pending_install + packageStatuses.pending_uninstall,
+  failed: packageStatuses.failed_install + packageStatuses.failed_uninstall,
+});
 /**
  * Generates the data needed to render the package card.
  */
@@ -24,7 +30,9 @@ export const getPackageCardInfo = (softwareTitle: ISoftwareTitleDetails) => {
         ? packageData.version
         : packageData.latest_version) || DEFAULT_EMPTY_CELL_VALUE,
     uploadedAt: isSoftwarePackage(packageData) ? packageData.uploaded_at : "",
-    status: packageData.status,
+    status: isSoftwarePackage(packageData)
+      ? mergePackageStatuses(packageData.status)
+      : packageData.status,
     isSelfService: packageData.self_service,
   };
 };
diff --git a/frontend/pages/SoftwarePage/components/AddPackageAdvancedOptions/AddPackageAdvancedOptions.tsx b/frontend/pages/SoftwarePage/components/AddPackageAdvancedOptions/AddPackageAdvancedOptions.tsx
index 5d6524e8dc..26476a8e89 100644
--- a/frontend/pages/SoftwarePage/components/AddPackageAdvancedOptions/AddPackageAdvancedOptions.tsx
+++ b/frontend/pages/SoftwarePage/components/AddPackageAdvancedOptions/AddPackageAdvancedOptions.tsx
@@ -1,33 +1,160 @@
 import React, { useState } from "react";
 
+import { LEARN_MORE_ABOUT_BASE_LINK } from "utilities/constants";
+
+import {
+  isPackageType,
+  isWindowsPackageType,
+  PackageType,
+} from "interfaces/package_type";
+
 import Editor from "components/Editor";
 import CustomLink from "components/CustomLink";
 import FleetAce from "components/FleetAce";
 import RevealButton from "components/buttons/RevealButton";
+import { IAddPackageFormData } from "../AddPackageForm/AddPackageForm";
+
+const getSupportedScriptTypeText = (pkgType: PackageType) => {
+  return `Currently, ${
+    isWindowsPackageType(pkgType) ? "PowerS" : "s"
+  }hell scripts are supported.`;
+};
+
+const PKG_TYPE_TO_ID_TEXT = {
+  pkg: "package IDs",
+  deb: "package name",
+  msi: "product code",
+  exe: "software name",
+} as const;
+
+const getInstallHelpText = (pkgType: PackageType) => (
+  <>
+    Use the $INSTALLER_PATH variable to point to the installer.{" "}
+    {getSupportedScriptTypeText(pkgType)}{" "}
+    <CustomLink
+      url={`${LEARN_MORE_ABOUT_BASE_LINK}/install-scripts`}
+      text="Learn more about install scripts"
+      newTab
+    />
+  </>
+);
+
+const getPostInstallHelpText = (pkgType: PackageType) => {
+  return getSupportedScriptTypeText(pkgType);
+};
+
+const getUninstallHelpText = (pkgType: PackageType) => {
+  return (
+    <>
+      $PACKAGE_ID will be populated with the {PKG_TYPE_TO_ID_TEXT[pkgType]} from
+      the .{pkgType} file after the software is added.{" "}
+      {getSupportedScriptTypeText(pkgType)}{" "}
+      <CustomLink
+        url={`${LEARN_MORE_ABOUT_BASE_LINK}/uninstall-scripts`}
+        text="Learn more about uninstall scripts"
+        newTab
+      />
+    </>
+  );
+};
 
 const baseClass = "add-package-advanced-options";
 
 interface IAddPackageAdvancedOptionsProps {
   errors: { preInstallQuery?: string; postInstallScript?: string };
+  selectedPackage: IAddPackageFormData["software"];
   preInstallQuery?: string;
   installScript: string;
   postInstallScript?: string;
+  uninstallScript?: string;
   onChangePreInstallQuery: (value?: string) => void;
   onChangeInstallScript: (value: string) => void;
   onChangePostInstallScript: (value?: string) => void;
+  onChangeUninstallScript: (value?: string) => void;
 }
 
 const AddPackageAdvancedOptions = ({
   errors,
+  selectedPackage,
   preInstallQuery,
   installScript,
   postInstallScript,
+  uninstallScript,
   onChangePreInstallQuery,
   onChangeInstallScript,
   onChangePostInstallScript,
+  onChangeUninstallScript,
 }: IAddPackageAdvancedOptionsProps) => {
   const [showAdvancedOptions, setShowAdvancedOptions] = useState(false);
 
+  const renderAdvancedOptions = () => {
+    const name = selectedPackage?.name || "";
+    const ext = name.split(".").pop() as PackageType;
+    if (!isPackageType(ext)) {
+      // this should never happen
+      return null;
+    }
+    return (
+      <div className={`${baseClass}__input-fields`}>
+        <FleetAce
+          className="form-field"
+          focus
+          error={errors.preInstallQuery}
+          value={preInstallQuery}
+          placeholder="SELECT * FROM osquery_info WHERE start_time > 1"
+          label="Pre-install query"
+          name="preInstallQuery"
+          maxLines={10}
+          onChange={onChangePreInstallQuery}
+          helpText={
+            <>
+              Software will be installed only if the{" "}
+              <CustomLink
+                className={`${baseClass}__table-link`}
+                text="query returns results"
+                url="https://fleetdm.com/tables"
+                newTab
+              />
+            </>
+          }
+        />
+        <Editor
+          wrapEnabled
+          maxLines={10}
+          name="install-script"
+          onChange={onChangeInstallScript}
+          value={installScript}
+          helpText={getInstallHelpText(ext)}
+          label="Install script"
+          isFormField
+        />
+        <Editor
+          label="Post-install script"
+          focus
+          error={errors.postInstallScript}
+          wrapEnabled
+          name="post-install-script-editor"
+          maxLines={10}
+          onChange={onChangePostInstallScript}
+          value={postInstallScript}
+          helpText={getPostInstallHelpText(ext)}
+          isFormField
+        />
+        <Editor
+          label="Uninstall script"
+          focus
+          wrapEnabled
+          name="uninstall-script-editor"
+          maxLines={20}
+          onChange={onChangeUninstallScript}
+          value={uninstallScript}
+          helpText={getUninstallHelpText(ext)}
+          isFormField
+        />
+      </div>
+    );
+  };
+
   return (
     <div className={baseClass}>
       <RevealButton
@@ -37,63 +164,14 @@ const AddPackageAdvancedOptions = ({
         hideText="Advanced options"
         caretPosition="after"
         onClick={() => setShowAdvancedOptions(!showAdvancedOptions)}
+        disabled={!selectedPackage}
+        disabledTooltipContent={
+          selectedPackage
+            ? "Choose a file to modify advanced options."
+            : undefined
+        }
       />
-      {showAdvancedOptions && (
-        <div className={`${baseClass}__input-fields`}>
-          <FleetAce
-            className="form-field"
-            focus
-            error={errors.preInstallQuery}
-            value={preInstallQuery}
-            placeholder="SELECT * FROM osquery_info WHERE start_time > 1"
-            label="Pre-install query"
-            name="preInstallQuery"
-            maxLines={10}
-            onChange={onChangePreInstallQuery}
-            helpText={
-              <>
-                Software will be installed only if the{" "}
-                <CustomLink
-                  className={`${baseClass}__table-link`}
-                  text="query returns results"
-                  url="https://fleetdm.com/tables"
-                  newTab
-                />
-              </>
-            }
-          />
-          <Editor
-            wrapEnabled
-            maxLines={10}
-            name="install-script"
-            onChange={onChangeInstallScript}
-            value={installScript}
-            helpText="Shell (macOS and Linux) or PowerShell (Windows)."
-            label="Install script"
-            labelTooltip={
-              <>
-                Fleet will run this script on hosts to install software. Use the
-                <br />
-                $INSTALLER_PATH variable to point to the installer.
-              </>
-            }
-            isFormField
-          />
-          <Editor
-            label="Post-install script"
-            labelTooltip="Fleet will run this script after install."
-            focus
-            error={errors.postInstallScript}
-            wrapEnabled
-            name="post-install-script-editor"
-            maxLines={10}
-            onChange={onChangePostInstallScript}
-            value={postInstallScript}
-            helpText="Shell (macOS and Linux) or PowerShell (Windows)."
-            isFormField
-          />
-        </div>
-      )}
+      {showAdvancedOptions && !!selectedPackage && renderAdvancedOptions()}
     </div>
   );
 };
diff --git a/frontend/pages/SoftwarePage/components/AddPackageForm/AddPackageForm.tsx b/frontend/pages/SoftwarePage/components/AddPackageForm/AddPackageForm.tsx
index cf3802b3f6..3fe7922fbb 100644
--- a/frontend/pages/SoftwarePage/components/AddPackageForm/AddPackageForm.tsx
+++ b/frontend/pages/SoftwarePage/components/AddPackageForm/AddPackageForm.tsx
@@ -2,7 +2,8 @@ import React, { useContext, useState } from "react";
 
 import { NotificationContext } from "context/notification";
 import { getFileDetails } from "utilities/file/fileUtils";
-import getInstallScript from "utilities/software_install_scripts";
+import getDefaultInstallScript from "utilities/software_install_scripts";
+import getDefaultUninstallScript from "utilities/software_uninstall_scripts";
 
 import Button from "components/buttons/Button";
 import Checkbox from "components/forms/fields/Checkbox";
@@ -30,9 +31,10 @@ const UploadingSoftware = () => {
 
 export interface IAddPackageFormData {
   software: File | null;
-  installScript: string;
   preInstallQuery?: string;
+  installScript: string;
   postInstallScript?: string;
+  uninstallScript?: string;
   selfService: boolean;
 }
 
@@ -59,9 +61,10 @@ const AddPackageForm = ({
 
   const [formData, setFormData] = useState<IAddPackageFormData>({
     software: null,
-    installScript: "",
     preInstallQuery: undefined,
+    installScript: "",
     postInstallScript: undefined,
+    uninstallScript: undefined,
     selfService: false,
   });
   const [formValidation, setFormValidation] = useState<IFormValidation>({
@@ -69,13 +72,21 @@ const AddPackageForm = ({
     software: { isValid: false },
   });
 
-  const onFileUpload = (files: FileList | null) => {
+  const onFileSelect = (files: FileList | null) => {
     if (files && files.length > 0) {
       const file = files[0];
 
-      let installScript: string;
+      let defaultInstallScript: string;
       try {
-        installScript = getInstallScript(file.name);
+        defaultInstallScript = getDefaultInstallScript(file.name);
+      } catch (e) {
+        renderFlash("error", `${e}`);
+        return;
+      }
+
+      let defaultUninstallScript: string;
+      try {
+        defaultUninstallScript = getDefaultUninstallScript(file.name);
       } catch (e) {
         renderFlash("error", `${e}`);
         return;
@@ -84,7 +95,8 @@ const AddPackageForm = ({
       const newData = {
         ...formData,
         software: file,
-        installScript,
+        installScript: defaultInstallScript,
+        uninstallScript: defaultUninstallScript,
       };
       setFormData(newData);
       setFormValidation(generateFormValidation(newData));
@@ -112,6 +124,12 @@ const AddPackageForm = ({
     setFormValidation(generateFormValidation(newData));
   };
 
+  const onChangeUninstallScript = (value?: string) => {
+    const newData = { ...formData, uninstallScript: value };
+    setFormData(newData);
+    setFormValidation(generateFormValidation(newData));
+  };
+
   const onToggleSelfServiceCheckbox = (value: boolean) => {
     const newData = { ...formData, selfService: value };
     setFormData(newData);
@@ -130,7 +148,7 @@ const AddPackageForm = ({
             graphicName={"file-pkg"}
             accept=".pkg,.msi,.exe,.deb"
             message=".pkg, .msi, .exe, or .deb"
-            onFileUpload={onFileUpload}
+            onFileUpload={onFileSelect}
             buttonMessage="Choose file"
             buttonType="link"
             className={`${baseClass}__file-uploader`}
@@ -156,16 +174,19 @@ const AddPackageForm = ({
             </TooltipWrapper>
           </Checkbox>
           <AddPackageAdvancedOptions
+            selectedPackage={formData.software}
             errors={{
               preInstallQuery: formValidation.preInstallQuery?.message,
               postInstallScript: formValidation.postInstallScript?.message,
             }}
             preInstallQuery={formData.preInstallQuery}
+            installScript={formData.installScript}
             postInstallScript={formData.postInstallScript}
+            uninstallScript={formData.uninstallScript}
             onChangePreInstallQuery={onChangePreInstallQuery}
             onChangeInstallScript={onChangeInstallScript}
             onChangePostInstallScript={onChangePostInstallScript}
-            installScript={formData.installScript}
+            onChangeUninstallScript={onChangeUninstallScript}
           />
           <div className="modal-cta-wrap">
             <Button type="submit" variant="brand" disabled={isSubmitDisabled}>
diff --git a/frontend/pages/SoftwarePage/components/AddPackageForm/helpers.ts b/frontend/pages/SoftwarePage/components/AddPackageForm/helpers.ts
index d527049c14..76a9c87867 100644
--- a/frontend/pages/SoftwarePage/components/AddPackageForm/helpers.ts
+++ b/frontend/pages/SoftwarePage/components/AddPackageForm/helpers.ts
@@ -1,5 +1,3 @@
-import validator from "validator";
-
 // @ts-ignore
 import validateQuery from "components/forms/validators/validate_query";
 
@@ -7,7 +5,7 @@ import { IAddPackageFormData, IFormValidation } from "./AddPackageForm";
 
 type IAddPackageFormValidatorKey = Exclude<
   keyof IAddPackageFormData,
-  "installScript"
+  "installScript" | "uninstallScript"
 >;
 
 type IMessageFunc = (formData: IAddPackageFormData) => string;
diff --git a/frontend/pages/hosts/details/DeviceUserPage/DeviceUserPage.tsx b/frontend/pages/hosts/details/DeviceUserPage/DeviceUserPage.tsx
index 1a03eeeecf..2393f128ed 100644
--- a/frontend/pages/hosts/details/DeviceUserPage/DeviceUserPage.tsx
+++ b/frontend/pages/hosts/details/DeviceUserPage/DeviceUserPage.tsx
@@ -415,7 +415,7 @@ const DeviceUserPage = ({
                     <SoftwareCard
                       id={deviceAuthToken}
                       softwareUpdatedAt={host.software_updated_at}
-                      hostCanInstallSoftware={!!host.orbit_version}
+                      hostCanWriteSoftware={!!host.orbit_version}
                       router={router}
                       pathname={location.pathname}
                       queryParams={parseHostSoftwareQueryParams(location.query)}
diff --git a/frontend/pages/hosts/details/HostDetailsPage/HostDetailsPage.tsx b/frontend/pages/hosts/details/HostDetailsPage/HostDetailsPage.tsx
index 172b6e4bd9..5c627edb9a 100644
--- a/frontend/pages/hosts/details/HostDetailsPage/HostDetailsPage.tsx
+++ b/frontend/pages/hosts/details/HostDetailsPage/HostDetailsPage.tsx
@@ -68,6 +68,7 @@ import {
   SoftwareInstallDetailsModal,
   IPackageInstallDetails,
 } from "components/ActivityDetails/InstallDetails/SoftwareInstallDetails/SoftwareInstallDetails";
+import SoftwareUninstallDetailsModal from "components/ActivityDetails/InstallDetails/SoftwareUninstallDetailsModal";
 
 import HostSummaryCard from "../cards/HostSummary";
 import AboutCard from "../cards/About";
@@ -181,6 +182,10 @@ const HostDetailsPage = ({
     packageInstallDetails,
     setPackageInstallDetails,
   ] = useState<IPackageInstallDetails | null>(null);
+  const [
+    packageUninstallDetails,
+    setPackageUninstallDetails,
+  ] = useState<IPackageInstallDetails | null>(null);
   const [
     appInstallDetails,
     setAppInstallDetails,
@@ -602,6 +607,13 @@ const HostDetailsPage = ({
               host?.display_name || details?.host_display_name || "",
           });
           break;
+        case "uninstalled_software":
+          setPackageUninstallDetails({
+            ...details,
+            host_display_name:
+              host?.display_name || details?.host_display_name || "",
+          });
+          break;
         case "installed_app_store_app":
           setAppInstallDetails({
             ...details,
@@ -933,9 +945,7 @@ const HostDetailsPage = ({
                 id={host.id}
                 platform={host.platform}
                 softwareUpdatedAt={host.software_updated_at}
-                hostCanInstallSoftware={
-                  !!host.orbit_version || isIosOrIpadosHost
-                }
+                hostCanWriteSoftware={!!host.orbit_version || isIosOrIpadosHost}
                 isSoftwareEnabled={featuresConfig?.enable_software_inventory}
                 router={router}
                 queryParams={parseHostSoftwareQueryParams(location.query)}
@@ -1065,6 +1075,12 @@ const HostDetailsPage = ({
             onCancel={onCancelSoftwareInstallDetailsModal}
           />
         )}
+        {packageUninstallDetails && (
+          <SoftwareUninstallDetailsModal
+            details={packageUninstallDetails}
+            onCancel={() => setPackageUninstallDetails(null)}
+          />
+        )}
         {!!appInstallDetails && (
           <AppInstallDetailsModal
             details={appInstallDetails}
diff --git a/frontend/pages/hosts/details/cards/Activity/ActivityConfig.tsx b/frontend/pages/hosts/details/cards/Activity/ActivityConfig.tsx
index 24802d95a5..f877ceb63d 100644
--- a/frontend/pages/hosts/details/cards/Activity/ActivityConfig.tsx
+++ b/frontend/pages/hosts/details/cards/Activity/ActivityConfig.tsx
@@ -36,6 +36,7 @@ export const pastActivityComponentMap: Record<
   [ActivityType.LockedHost]: LockedHostActivityItem,
   [ActivityType.UnlockedHost]: UnlockedHostActivityItem,
   [ActivityType.InstalledSoftware]: InstalledSoftwareActivityItem,
+  [ActivityType.UninstalledSoftware]: InstalledSoftwareActivityItem,
   [ActivityType.InstalledAppStoreApp]: InstalledSoftwareActivityItem,
 };
 
@@ -46,5 +47,6 @@ export const upcomingActivityComponentMap: Record<
 > = {
   [ActivityType.RanScript]: RanScriptActivityItem,
   [ActivityType.InstalledSoftware]: InstalledSoftwareActivityItem,
+  [ActivityType.UninstalledSoftware]: InstalledSoftwareActivityItem,
   [ActivityType.InstalledAppStoreApp]: InstalledSoftwareActivityItem,
 };
diff --git a/frontend/pages/hosts/details/cards/Activity/ActivityItems/InstalledSoftwareActivityItem/InstalledSoftwareActivityItem.tsx b/frontend/pages/hosts/details/cards/Activity/ActivityItems/InstalledSoftwareActivityItem/InstalledSoftwareActivityItem.tsx
index 5d474d4d8b..c3c6384944 100644
--- a/frontend/pages/hosts/details/cards/Activity/ActivityItems/InstalledSoftwareActivityItem/InstalledSoftwareActivityItem.tsx
+++ b/frontend/pages/hosts/details/cards/Activity/ActivityItems/InstalledSoftwareActivityItem/InstalledSoftwareActivityItem.tsx
@@ -13,7 +13,9 @@ const InstalledSoftwareActivityItem = ({
   onShowDetails,
 }: IHostActivityItemComponentPropsWithShowDetails) => {
   const { actor_full_name: actorName, details } = activity;
-  const { self_service, status, software_title: title } = details;
+  const { self_service, software_title: title } = details;
+  const status =
+    details.status === "failed" ? "failed_uninstall" : details.status;
 
   const actorDisplayName = self_service ? (
     <span>An end user</span>
diff --git a/frontend/pages/hosts/details/cards/HostSummary/HostSummary.tsx b/frontend/pages/hosts/details/cards/HostSummary/HostSummary.tsx
index 2a1c13b98b..63caddf9e0 100644
--- a/frontend/pages/hosts/details/cards/HostSummary/HostSummary.tsx
+++ b/frontend/pages/hosts/details/cards/HostSummary/HostSummary.tsx
@@ -441,7 +441,6 @@ const HostSummary = ({
   };
 
   const renderSummary = () => {
-    console.log(hostMdmProfiles);
     // for windows hosts we have to manually add a profile for disk encryption
     // as this is not currently included in the `profiles` value from the API
     // response for windows hosts.
diff --git a/frontend/pages/hosts/details/cards/Software/HostSoftware.tsx b/frontend/pages/hosts/details/cards/Software/HostSoftware.tsx
index a8a7c70284..1c56843986 100644
--- a/frontend/pages/hosts/details/cards/Software/HostSoftware.tsx
+++ b/frontend/pages/hosts/details/cards/Software/HostSoftware.tsx
@@ -37,7 +37,7 @@ interface IHostSoftwareProps {
   id: number | string;
   platform?: HostPlatform;
   softwareUpdatedAt?: string;
-  hostCanInstallSoftware: boolean;
+  hostCanWriteSoftware: boolean;
   router: InjectedRouter;
   queryParams: ReturnType<typeof parseHostSoftwareQueryParams>;
   pathname: string;
@@ -86,7 +86,7 @@ const HostSoftware = ({
   id,
   platform,
   softwareUpdatedAt,
-  hostCanInstallSoftware,
+  hostCanWriteSoftware,
   router,
   queryParams,
   pathname,
@@ -105,7 +105,8 @@ const HostSoftware = ({
     isTeamMaintainer,
   } = useContext(AppContext);
 
-  const [installingSoftwareId, setInstallingSoftwareId] = useState<
+  // disables install/uninstall actions after click
+  const [softwareIdActionPending, setSoftwareIdActionPending] = useState<
     number | null
   >(null);
 
@@ -175,13 +176,13 @@ const HostSoftware = ({
     [isMyDevicePage, refetchDeviceSoftware, refetchHostSoftware]
   );
 
-  const userHasSWInstallPermission = Boolean(
+  const userHasSWWritePermission = Boolean(
     isGlobalAdmin || isGlobalMaintainer || isTeamAdmin || isTeamMaintainer
   );
 
   const installHostSoftwarePackage = useCallback(
     async (softwareId: number) => {
-      setInstallingSoftwareId(softwareId);
+      setSoftwareIdActionPending(softwareId);
       try {
         await hostAPI.installHostSoftwarePackage(id as number, softwareId);
         renderFlash(
@@ -191,7 +192,28 @@ const HostSoftware = ({
       } catch (e) {
         renderFlash("error", getErrorMessage(e));
       }
-      setInstallingSoftwareId(null);
+      setSoftwareIdActionPending(null);
+      refetchSoftware();
+    },
+    [id, renderFlash, refetchSoftware]
+  );
+
+  const uninstallHostSoftwarePackage = useCallback(
+    async (softwareId: number) => {
+      setSoftwareIdActionPending(softwareId);
+      try {
+        await hostAPI.uninstallHostSoftwarePackage(id as number, softwareId);
+        renderFlash(
+          "success",
+          <>
+            Software is uninstalling or will uninstall when the host comes
+            online. To see details, go to <b>Details &gt; Activity</b>.
+          </>
+        );
+      } catch (e) {
+        renderFlash("error", "Couldn't uninstall. Please try again.");
+      }
+      setSoftwareIdActionPending(null);
       refetchSoftware();
     },
     [id, renderFlash, refetchSoftware]
@@ -203,6 +225,9 @@ const HostSoftware = ({
         case "install":
           installHostSoftwarePackage(software.id);
           break;
+        case "uninstall":
+          uninstallHostSoftwarePackage(software.id);
+          break;
         case "showDetails":
           onShowSoftwareDetails?.(software);
           break;
@@ -210,7 +235,11 @@ const HostSoftware = ({
           break;
       }
     },
-    [installHostSoftwarePackage, onShowSoftwareDetails]
+    [
+      installHostSoftwarePackage,
+      onShowSoftwareDetails,
+      uninstallHostSoftwarePackage,
+    ]
   );
 
   const tableConfig = useMemo(() => {
@@ -218,20 +247,20 @@ const HostSoftware = ({
       ? generateDeviceSoftwareTableConfig()
       : generateHostSoftwareTableConfig({
           router,
-          installingSoftwareId,
-          userHasSWInstallPermission,
+          softwareIdActionPending,
+          userHasSWWritePermission,
           onSelectAction,
           teamId: hostTeamId,
-          hostCanInstallSoftware,
+          hostCanWriteSoftware,
         });
   }, [
     isMyDevicePage,
     router,
-    installingSoftwareId,
-    userHasSWInstallPermission,
+    softwareIdActionPending,
+    userHasSWWritePermission,
     onSelectAction,
     hostTeamId,
-    hostCanInstallSoftware,
+    hostCanWriteSoftware,
   ]);
 
   const isLoading = isMyDevicePage
diff --git a/frontend/pages/hosts/details/cards/Software/HostSoftwareTableConfig.tsx b/frontend/pages/hosts/details/cards/Software/HostSoftwareTableConfig.tsx
index 31c8a03a21..dd4aef833e 100644
--- a/frontend/pages/hosts/details/cards/Software/HostSoftwareTableConfig.tsx
+++ b/frontend/pages/hosts/details/cards/Software/HostSoftwareTableConfig.tsx
@@ -33,6 +33,7 @@ import InstallStatusCell from "./InstallStatusCell";
 const DEFAULT_ACTION_OPTIONS: IDropdownOption[] = [
   { value: "showDetails", label: "Show details", disabled: false },
   { value: "install", label: "Install", disabled: false },
+  { value: "uninstall", label: "Uninstall", disabled: false },
 ];
 
 type ISoftwareTableConfig = Column<IHostSoftware>;
@@ -50,17 +51,18 @@ type IInstalledVersionsCellProps = CellProps<
 type IVulnerabilitiesCellProps = IInstalledVersionsCellProps;
 
 const generateActions = ({
-  userHasSWInstallPermission,
-  hostCanInstallSoftware,
-  installingSoftwareId,
+  userHasSWWritePermission,
+  // Commenting below in case there is a quick decision to use these conditions after all
+  // hostCanWriteSoftware,
+  // software_package,
+  softwareIdActionPending,
   softwareId,
   status,
-  software_package,
   app_store_app,
 }: {
-  userHasSWInstallPermission: boolean;
-  hostCanInstallSoftware: boolean;
-  installingSoftwareId: number | null;
+  userHasSWWritePermission: boolean;
+  hostCanWriteSoftware: boolean;
+  softwareIdActionPending: number | null;
   softwareId: number;
   status: SoftwareInstallStatus | null;
   software_package: IHostSoftwarePackage | null;
@@ -76,39 +78,44 @@ const generateActions = ({
     // error to fail loudly so that we know to update this function
     throw new Error("Install action not found in default actions");
   }
+  const indexUninstallAction = actions.findIndex(
+    (a) => a.value === "uninstall"
+  );
+  if (indexUninstallAction === -1) {
+    // this should never happen unless the default actions change, but if it does we'll throw an
+    // error to fail loudly so that we know to update this function
+    throw new Error("Uninstall action not found in default actions");
+  }
 
-  const hasSoftwareToInstall = !!software_package || !!app_store_app;
-  // remove install if there is no package to install or if the software is already installed
-  if (
-    !hasSoftwareToInstall ||
-    !userHasSWInstallPermission ||
-    status === "installed"
-  ) {
+  if (!userHasSWWritePermission) {
     actions.splice(indexInstallAction, 1);
-    return actions;
+    actions.splice(indexUninstallAction, 1);
+  } else {
+    // user has software write permission for host
+    const pendingStatuses = ["pending_install", "pending_uninstall"];
+
+    if (
+      // if locally pending (waiting for API response) or pending install/uninstall, disable both
+      // install and uninstall
+      softwareId === softwareIdActionPending ||
+      pendingStatuses.includes(status || "")
+    ) {
+      actions[indexInstallAction].disabled = true;
+      actions[indexUninstallAction].disabled = true;
+    }
   }
 
-  // disable install option if not a fleetd, iPad, or iOS host
-  if (!hostCanInstallSoftware) {
-    actions[indexInstallAction].disabled = true;
-    actions[indexInstallAction].tooltipContent =
-      "To install software on this host, deploy the fleetd agent with --enable-scripts and refetch host vitals.";
-    return actions;
+  if (app_store_app) {
+    // remove uninstall for VPP apps
+    actions.splice(indexUninstallAction, 1);
   }
-
-  // disable install option if software is already installing
-  if (softwareId === installingSoftwareId || status === "pending") {
-    actions[indexInstallAction].disabled = true;
-    return actions;
-  }
-
   return actions;
 };
 
 interface ISoftwareTableHeadersProps {
-  userHasSWInstallPermission: boolean;
-  hostCanInstallSoftware: boolean;
-  installingSoftwareId: number | null;
+  userHasSWWritePermission: boolean;
+  hostCanWriteSoftware: boolean;
+  softwareIdActionPending: number | null;
   router: InjectedRouter;
   teamId: number;
   onSelectAction: (software: IHostSoftware, action: string) => void;
@@ -117,9 +124,9 @@ interface ISoftwareTableHeadersProps {
 // NOTE: cellProps come from react-table
 // more info here https://react-table.tanstack.com/docs/api/useTable#cell-properties
 export const generateSoftwareTableHeaders = ({
-  userHasSWInstallPermission,
-  hostCanInstallSoftware,
-  installingSoftwareId,
+  userHasSWWritePermission,
+  hostCanWriteSoftware,
+  softwareIdActionPending,
   router,
   teamId,
   onSelectAction,
@@ -209,9 +216,9 @@ export const generateSoftwareTableHeaders = ({
           <DropdownCell
             placeholder="Actions"
             options={generateActions({
-              userHasSWInstallPermission,
-              hostCanInstallSoftware,
-              installingSoftwareId,
+              userHasSWWritePermission,
+              hostCanWriteSoftware,
+              softwareIdActionPending,
               softwareId,
               status,
               software_package,
diff --git a/frontend/pages/hosts/details/cards/Software/InstallStatusCell/InstallStatusCell.tsx b/frontend/pages/hosts/details/cards/Software/InstallStatusCell/InstallStatusCell.tsx
index ef5ac1b737..bd7982a066 100644
--- a/frontend/pages/hosts/details/cards/Software/InstallStatusCell/InstallStatusCell.tsx
+++ b/frontend/pages/hosts/details/cards/Software/InstallStatusCell/InstallStatusCell.tsx
@@ -30,7 +30,7 @@ export type IStatusDisplayConfig = {
 };
 
 export const INSTALL_STATUS_DISPLAY_OPTIONS: Record<
-  IStatusValue | "selfService",
+  Exclude<IStatusValue, "uninstalled"> | "selfService",
   IStatusDisplayConfig
 > = {
   installed: {
@@ -39,20 +39,42 @@ export const INSTALL_STATUS_DISPLAY_OPTIONS: Record<
     tooltip: () =>
       "Software is installed (install script finished with exit code 0).",
   },
-  pending: {
+  pending_install: {
     iconName: "pending-outline",
-    displayText: "Pending",
+    displayText: "Installing (pending)",
     tooltip: () =>
       "Fleet is installing or will install when the host comes online.",
   },
-  failed: {
-    iconName: "error",
-    displayText: "Failed",
+  pending_uninstall: {
+    iconName: "pending-outline",
+    displayText: "Uninstalling (pending)",
     tooltip: () => (
       <>
-        The host failed to install software. To view errors, select
+        Fleet is uninstalling or will uninstall
         <br />
-        <b>Actions &gt; Show details</b>.
+        software when the host comes online.
+      </>
+    ),
+  },
+  failed_install: {
+    iconName: "error",
+    displayText: "Install (failed)",
+    tooltip: () => (
+      <>
+        The host failed to install software.
+        <br />
+        Select <b>Actions &gt; Show details</b> view errors.
+      </>
+    ),
+  },
+  failed_uninstall: {
+    iconName: "error",
+    displayText: "Uninstall (failed)",
+    tooltip: () => (
+      <>
+        The host failed to uninstall software.
+        <br />
+        Select <b>Details &gt; Activity</b> to view errors.
       </>
     ),
   },
diff --git a/frontend/pages/hosts/details/cards/Software/SelfService/SelfService.tests.tsx b/frontend/pages/hosts/details/cards/Software/SelfService/SelfService.tests.tsx
index a7ca5e5cdd..2b96a578c3 100644
--- a/frontend/pages/hosts/details/cards/Software/SelfService/SelfService.tests.tsx
+++ b/frontend/pages/hosts/details/cards/Software/SelfService/SelfService.tests.tsx
@@ -112,13 +112,13 @@ describe("SelfService", () => {
     ).toHaveTextContent("Reinstall");
   });
 
-  it("renders 'Retry' action button with 'Failed' status", async () => {
+  it("renders 'Retry' action button with 'failed_install' status", async () => {
     mockServer.use(
       customDeviceSoftwareHandler({
         software: [
           createMockDeviceSoftware({
             name: "test-software",
-            status: "failed",
+            status: "failed_install",
           }),
         ],
       })
@@ -166,13 +166,13 @@ describe("SelfService", () => {
     ).toHaveTextContent("Install");
   });
 
-  it("renders no action button with 'Pending' status", async () => {
+  it("renders no action button with 'pending_install' status", async () => {
     mockServer.use(
       customDeviceSoftwareHandler({
         software: [
           createMockDeviceSoftware({
             name: "test-software",
-            status: "pending",
+            status: "pending_install",
           }),
         ],
       })
diff --git a/frontend/pages/hosts/details/cards/Software/SelfService/SelfServiceItem/SelfServiceItem.tsx b/frontend/pages/hosts/details/cards/Software/SelfService/SelfServiceItem/SelfServiceItem.tsx
index 3d817c9d16..f2907e693f 100644
--- a/frontend/pages/hosts/details/cards/Software/SelfService/SelfServiceItem/SelfServiceItem.tsx
+++ b/frontend/pages/hosts/details/cards/Software/SelfService/SelfServiceItem/SelfServiceItem.tsx
@@ -21,24 +21,30 @@ import { IStatusDisplayConfig } from "../../InstallStatusCell/InstallStatusCell"
 
 const baseClass = "self-service-item";
 
-const STATUS_CONFIG: Record<SoftwareInstallStatus, IStatusDisplayConfig> = {
+const STATUS_CONFIG: Record<
+  Exclude<
+    SoftwareInstallStatus,
+    "pending_uninstall" | "failed_uninstall" | "uninstalled"
+  >,
+  IStatusDisplayConfig
+> = {
   installed: {
     iconName: "success",
     displayText: "Installed",
     tooltip: ({ lastInstalledAt }) =>
       `Software is installed (${dateAgo(lastInstalledAt as string)}).`,
   },
-  pending: {
+  pending_install: {
     iconName: "pending-outline",
     displayText: "Pending",
     tooltip: () => "Fleet is installing software.",
   },
-  failed: {
+  failed_install: {
     iconName: "error",
     displayText: "Failed",
     tooltip: ({ lastInstalledAt = "" }) => (
       <>
-        Software failed to install{" "}
+        Software failed to install
         {lastInstalledAt ? ` (${dateAgo(lastInstalledAt)})` : ""}. Select{" "}
         <b>Retry</b> to install again, or contact your IT department.
       </>
@@ -134,7 +140,7 @@ const getInstallButtonText = (status: SoftwareInstallStatus | null) => {
   switch (status) {
     case null:
       return "Install";
-    case "failed":
+    case "failed_install":
       return "Retry";
     case "installed":
       return "Reinstall";
@@ -163,7 +169,7 @@ const InstallerStatusAction = ({
 
   // if the localStatus is "failed", we don't want our tooltip to include the old installed_at date so we
   // set this to null, which tells the tooltip to omit the parenthetical date
-  const lastInstall = localStatus === "failed" ? null : last_install;
+  const lastInstall = localStatus === "failed_install" ? null : last_install;
 
   const isMountedRef = useRef(false);
   useEffect(() => {
@@ -174,7 +180,7 @@ const InstallerStatusAction = ({
   }, []);
 
   const onClick = useCallback(async () => {
-    setLocalStatus("pending");
+    setLocalStatus("pending_install");
     try {
       await deviceApi.installSelfServiceSoftware(deviceToken, id);
       if (isMountedRef.current) {
@@ -183,7 +189,7 @@ const InstallerStatusAction = ({
     } catch (error) {
       renderFlash("error", "Couldn't install. Please try again.");
       if (isMountedRef.current) {
-        setLocalStatus("failed");
+        setLocalStatus("failed_install");
       }
     }
   }, [deviceToken, id, onInstall, renderFlash]);
@@ -200,7 +206,7 @@ const InstallerStatusAction = ({
             type="button"
             className={`${baseClass}__item-action-button`}
             onClick={onClick}
-            disabled={localStatus === "pending"}
+            disabled={localStatus === "pending_install"}
           >
             <span data-testid={`${baseClass}__item-action-button--test`}>
               {installButtonText}
diff --git a/frontend/services/entities/hosts.ts b/frontend/services/entities/hosts.ts
index ba7e0dc7ab..eca209aab4 100644
--- a/frontend/services/entities/hosts.ts
+++ b/frontend/services/entities/hosts.ts
@@ -590,4 +590,11 @@ export default {
       HOST_SOFTWARE_PACKAGE_INSTALL(hostId, softwareId)
     );
   },
+  uninstallHostSoftwarePackage: (hostId: number, softwareId: number) => {
+    const { HOST_SOFTWARE_PACKAGE_UNINSTALL } = endpoints;
+    return sendRequest(
+      "POST",
+      HOST_SOFTWARE_PACKAGE_UNINSTALL(hostId, softwareId)
+    );
+  },
 };
diff --git a/frontend/services/entities/scripts.ts b/frontend/services/entities/scripts.ts
index 8ed35f9a17..6f5792cd25 100644
--- a/frontend/services/entities/scripts.ts
+++ b/frontend/services/entities/scripts.ts
@@ -39,6 +39,7 @@ export interface IScriptResultResponse {
   message: string;
   runtime: number;
   host_timeout: boolean;
+  created_at: string;
 }
 
 /**
diff --git a/frontend/services/entities/software.ts b/frontend/services/entities/software.ts
index 2db7880932..94e1da1cb6 100644
--- a/frontend/services/entities/software.ts
+++ b/frontend/services/entities/software.ts
@@ -219,6 +219,8 @@ export default {
     formData.append("software", data.software);
     formData.append("self_service", data.selfService.toString());
     data.installScript && formData.append("install_script", data.installScript);
+    data.uninstallScript &&
+      formData.append("uninstall_script", data.uninstallScript);
     data.preInstallQuery &&
       formData.append("pre_install_query", data.preInstallQuery);
     data.postInstallScript &&
diff --git a/frontend/styles/var/mixins.scss b/frontend/styles/var/mixins.scss
index df8714f0ce..31bb7259bd 100644
--- a/frontend/styles/var/mixins.scss
+++ b/frontend/styles/var/mixins.scss
@@ -132,6 +132,9 @@ $max-width: 2560px;
   font-size: $xx-small;
   font-weight: $regular;
   @include grey-text;
+  .custom-link {
+    font-size: inherit;
+  }
 }
 
 @mixin link {
diff --git a/frontend/utilities/endpoints.ts b/frontend/utilities/endpoints.ts
index 2abe094de1..0eadb2d2c8 100644
--- a/frontend/utilities/endpoints.ts
+++ b/frontend/utilities/endpoints.ts
@@ -52,7 +52,9 @@ export default {
     `/${API_VERSION}/fleet/hosts/${hostId}/configuration_profiles/resend/${profileUUID}`,
   HOST_SOFTWARE: (id: number) => `/${API_VERSION}/fleet/hosts/${id}/software`,
   HOST_SOFTWARE_PACKAGE_INSTALL: (hostId: number, softwareId: number) =>
-    `/${API_VERSION}/fleet/hosts/${hostId}/software/install/${softwareId}`,
+    `/${API_VERSION}/fleet/hosts/${hostId}/software/${softwareId}/install`,
+  HOST_SOFTWARE_PACKAGE_UNINSTALL: (hostId: number, softwareId: number) =>
+    `/${API_VERSION}/fleet/hosts/${hostId}/software/${softwareId}/uninstall`,
 
   INVITES: `/${API_VERSION}/fleet/invites`,
 
@@ -165,7 +167,7 @@ export default {
   SOFTWARE_PACKAGE_TOKEN: (id: number) =>
     `/${API_VERSION}/fleet/software/titles/${id}/package/token`,
   SOFTWARE_INSTALL_RESULTS: (uuid: string) =>
-    `/${API_VERSION}/fleet/software/install/results/${uuid}`,
+    `/${API_VERSION}/fleet/software/install/${uuid}/results`,
   SOFTWARE_PACKAGE_INSTALL: (id: number) =>
     `/${API_VERSION}/fleet/software/packages/${id}`,
   SOFTWARE_AVAILABLE_FOR_INSTALL: (id: number) =>
diff --git a/frontend/utilities/software_install_scripts.ts b/frontend/utilities/software_install_scripts.ts
index 5bc59c6763..5c21e8a1f4 100644
--- a/frontend/utilities/software_install_scripts.ts
+++ b/frontend/utilities/software_install_scripts.ts
@@ -11,7 +11,7 @@ import installDeb from "../../pkg/file/scripts/install_deb.sh";
  * getInstallScript returns a string with a script to install the
  * provided software.
  * */
-const getInstallScript = (fileName: string): string => {
+const getDefaultInstallScript = (fileName: string): string => {
   const extension = fileName.split(".").pop();
   switch (extension) {
     case "pkg":
@@ -27,4 +27,4 @@ const getInstallScript = (fileName: string): string => {
   }
 };
 
-export default getInstallScript;
+export default getDefaultInstallScript;
diff --git a/frontend/utilities/software_uninstall_scripts.ts b/frontend/utilities/software_uninstall_scripts.ts
new file mode 100644
index 0000000000..041d2519c4
--- /dev/null
+++ b/frontend/utilities/software_uninstall_scripts.ts
@@ -0,0 +1,30 @@
+// @ts-ignore
+import uninstallPkg from "../../pkg/file/scripts/uninstall_pkg.sh";
+// @ts-ignore
+import uninstallMsi from "../../pkg/file/scripts/uninstall_msi.ps1";
+// @ts-ignore
+import uninstallExe from "../../pkg/file/scripts/uninstall_exe.ps1";
+// @ts-ignore
+import uninstallDeb from "../../pkg/file/scripts/uninstall_deb.sh";
+
+/*
+ * getUninstallScript returns a string with a script to uninstall the
+ * provided software.
+ * */
+const getDefaultUninstallScript = (fileName: string): string => {
+  const extension = fileName.split(".").pop();
+  switch (extension) {
+    case "pkg":
+      return uninstallPkg;
+    case "msi":
+      return uninstallMsi;
+    case "deb":
+      return uninstallDeb;
+    case "exe":
+      return uninstallExe;
+    default:
+      throw new Error(`unsupported file extension: ${extension}`);
+  }
+};
+
+export default getDefaultUninstallScript;
diff --git a/go.mod b/go.mod
index 82d9ea538b..0dd27931fb 100644
--- a/go.mod
+++ b/go.mod
@@ -3,7 +3,7 @@ module github.com/fleetdm/fleet/v4
 go 1.23.1
 
 require (
-	cloud.google.com/go/pubsub v1.36.1
+	cloud.google.com/go/pubsub v1.37.0
 	fyne.io/systray v1.10.1-0.20240111184411-11c585fff98d
 	github.com/AbGuthrie/goquery/v2 v2.0.1
 	github.com/DATA-DOG/go-sqlmock v1.5.0
@@ -90,7 +90,7 @@ require (
 	github.com/rs/zerolog v1.32.0
 	github.com/russellhaering/goxmldsig v1.2.0
 	github.com/saferwall/pe v1.5.2
-	github.com/sassoftware/relic/v7 v7.6.2
+	github.com/sassoftware/relic/v8 v8.0.1
 	github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9
 	github.com/sethvargo/go-password v0.3.0
 	github.com/shirou/gopsutil/v3 v3.24.3
@@ -103,7 +103,7 @@ require (
 	github.com/theupdateframework/go-tuf v0.5.2
 	github.com/throttled/throttled/v2 v2.8.0
 	github.com/tj/assert v0.0.3
-	github.com/ulikunitz/xz v0.5.11
+	github.com/ulikunitz/xz v0.5.12
 	github.com/urfave/cli/v2 v2.23.5
 	github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8
 	github.com/ziutek/mymysql v1.5.4
@@ -126,7 +126,7 @@ require (
 	golang.org/x/sys v0.21.0
 	golang.org/x/text v0.16.0
 	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d
-	google.golang.org/api v0.169.0
+	google.golang.org/api v0.178.0
 	google.golang.org/grpc v1.64.1
 	gopkg.in/guregu/null.v3 v3.5.0
 	gopkg.in/ini.v1 v1.67.0
@@ -137,11 +137,13 @@ require (
 )
 
 require (
-	cloud.google.com/go v0.112.1 // indirect
+	cloud.google.com/go v0.112.2 // indirect
+	cloud.google.com/go/auth v0.3.0 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect
 	cloud.google.com/go/compute/metadata v0.3.0 // indirect
-	cloud.google.com/go/iam v1.1.6 // indirect
-	cloud.google.com/go/kms v1.15.7 // indirect
-	cloud.google.com/go/storage v1.38.0 // indirect
+	cloud.google.com/go/iam v1.1.8 // indirect
+	cloud.google.com/go/kms v1.15.9 // indirect
+	cloud.google.com/go/storage v1.39.1 // indirect
 	code.gitea.io/sdk/gitea v0.15.0 // indirect
 	dario.cat/mergo v1.0.0 // indirect
 	github.com/AlekSi/pointer v1.2.0 // indirect
@@ -167,7 +169,7 @@ require (
 	github.com/Masterminds/sprig v2.22.0+incompatible // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/OneOfOne/xxhash v1.2.8 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect
+	github.com/ProtonMail/go-crypto v1.0.0 // indirect
 	github.com/agnivade/levenshtein v1.1.1 // indirect
 	github.com/akavel/rsrc v0.10.2 // indirect
 	github.com/alecthomas/jsonschema v0.0.0-20211022214203-8b29eab41725 // indirect
@@ -175,20 +177,20 @@ require (
 	github.com/apache/thrift v0.18.1 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/atc0005/go-teams-notify/v2 v2.6.0 // indirect
-	github.com/aws/aws-sdk-go-v2 v1.24.1 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.26.6 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.16.16 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect
-	github.com/aws/aws-sdk-go-v2/service/kms v1.27.9 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect
-	github.com/aws/smithy-go v1.19.0 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.26.1 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.27.11 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.11 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/kms v1.31.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 // indirect
+	github.com/aws/smithy-go v1.20.2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/c-bata/go-prompt v0.2.3 // indirect
 	github.com/caarlos0/ctrlc v1.0.0 // indirect
@@ -197,7 +199,7 @@ require (
 	github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e // indirect
 	github.com/cespare/xxhash v1.1.0 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/cloudflare/circl v1.3.7 // indirect
+	github.com/cloudflare/circl v1.3.8 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect
 	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
@@ -236,7 +238,7 @@ require (
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/google/wire v0.5.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
-	github.com/googleapis/gax-go/v2 v2.12.2 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.4 // indirect
 	github.com/goreleaser/chglog v0.1.2 // indirect
 	github.com/goreleaser/fileglob v1.2.0 // indirect
 	github.com/gorilla/schema v1.4.1 // indirect
@@ -257,7 +259,7 @@ require (
 	github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901 // indirect
 	github.com/jonboulle/clockwork v0.2.2 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
-	github.com/klauspost/compress v1.17.7 // indirect
+	github.com/klauspost/compress v1.17.8 // indirect
 	github.com/kolide/kit v0.0.0-20221107170827-fb85e3d59eab // indirect
 	github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
 	github.com/magiconair/properties v1.8.5 // indirect
@@ -272,7 +274,7 @@ require (
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/docker-image-spec v1.3.1 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0-rc6 // indirect
+	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/oschwald/maxminddb-golang v1.10.0 // indirect
 	github.com/pelletier/go-toml v1.9.4 // indirect
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
@@ -321,7 +323,7 @@ require (
 	golang.org/x/term v0.21.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
-	google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect
+	google.golang.org/genproto v0.0.0-20240506185236-b8a5c65736ae // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect
 	google.golang.org/protobuf v1.34.2 // indirect
diff --git a/go.sum b/go.sum
index 68586039a4..f6cb680a80 100644
--- a/go.sum
+++ b/go.sum
@@ -31,8 +31,12 @@ cloud.google.com/go v0.92.2/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+Y
 cloud.google.com/go v0.92.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI=
 cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI=
 cloud.google.com/go v0.94.0/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4=
-cloud.google.com/go v0.112.1 h1:uJSeirPke5UNZHIb4SxfZklVSiWWVqW4oXlETwZziwM=
-cloud.google.com/go v0.112.1/go.mod h1:+Vbu+Y1UU+I1rjmzeMOb/8RfkKJK2Gyxi1X6jJCZLo4=
+cloud.google.com/go v0.112.2 h1:ZaGT6LiG7dBzi6zNOvVZwacaXlmf3lRqnC4DQzqyRQw=
+cloud.google.com/go v0.112.2/go.mod h1:iEqjp//KquGIJV/m+Pk3xecgKNhV+ry+vVTsy4TbDms=
+cloud.google.com/go/auth v0.3.0 h1:PRyzEpGfx/Z9e8+lHsbkoUVXD0gnu4MNmm7Gp8TQNIs=
+cloud.google.com/go/auth v0.3.0/go.mod h1:lBv6NKTWp8E3LPzmO1TbiiRKc4drLOfHsgmlH9ogv5w=
+cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4=
+cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
@@ -45,19 +49,19 @@ cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
 cloud.google.com/go/firestore v1.5.0/go.mod h1:c4nNYR1qdq7eaZ+jSc5fonrQN2k3M7sWATcYTiakjEo=
-cloud.google.com/go/iam v1.1.6 h1:bEa06k05IO4f4uJonbB5iAgKTPpABy1ayxaIZV/GHVc=
-cloud.google.com/go/iam v1.1.6/go.mod h1:O0zxdPeGBoFdWW3HWmBxJsk0pfvNM/p/qa82rWOGTwI=
+cloud.google.com/go/iam v1.1.8 h1:r7umDwhj+BQyz0ScZMp4QrGXjSTI3ZINnpgU2nlB/K0=
+cloud.google.com/go/iam v1.1.8/go.mod h1:GvE6lyMmfxXauzNq8NbgJbeVQNspG+tcdL/W8QO1+zE=
 cloud.google.com/go/kms v0.1.0/go.mod h1:8Qp8PCAypHg4FdmlyW1QRAv09BGQ9Uzh7JnmIZxPk+c=
-cloud.google.com/go/kms v1.15.7 h1:7caV9K3yIxvlQPAcaFffhlT7d1qpxjB1wHBtjWa13SM=
-cloud.google.com/go/kms v1.15.7/go.mod h1:ub54lbsa6tDkUwnu4W7Yt1aAIFLnspgh0kPGToDukeI=
+cloud.google.com/go/kms v1.15.9 h1:ouZjTxCqDNEdxWfaAAbRzG22s/2iewRw6JPARQL+0vc=
+cloud.google.com/go/kms v1.15.9/go.mod h1:5v/R/RRuBUVO+eJioGcqENr3syh8ZqNn1y1Wc9DjM+4=
 cloud.google.com/go/monitoring v0.1.0/go.mod h1:Hpm3XfzJv+UTiXzCG5Ffp0wijzHTC7Cv4eR7o3x/fEE=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
 cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
 cloud.google.com/go/pubsub v1.16.0/go.mod h1:6A8EfoWZ/lUvCWStKGwAWauJZSiuV0Mkmu6WilK/TxQ=
-cloud.google.com/go/pubsub v1.36.1 h1:dfEPuGCHGbWUhaMCTHUFjfroILEkx55iUmKBZTP5f+Y=
-cloud.google.com/go/pubsub v1.36.1/go.mod h1:iYjCa9EzWOoBiTdd4ps7QoMtMln5NwaZQpK1hbRfBDE=
+cloud.google.com/go/pubsub v1.37.0 h1:0uEEfaB1VIJzabPpwpZf44zWAKAme3zwKKxHk7vJQxQ=
+cloud.google.com/go/pubsub v1.37.0/go.mod h1:YQOQr1uiUM092EXwKs56OPT650nwnawc+8/IjoUeGzQ=
 cloud.google.com/go/secretmanager v0.1.0/go.mod h1:3nGKHvnzDUVit7U0S9KAKJ4aOsO1xtwRG+7ey5LK1bM=
 cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
 cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
@@ -65,8 +69,8 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 cloud.google.com/go/storage v1.16.1/go.mod h1:LaNorbty3ehnU3rEjXSNV/NRgQA0O8Y+uh6bPe5UOk4=
-cloud.google.com/go/storage v1.38.0 h1:Az68ZRGlnNTpIBbLjSMIV2BDcwwXYlRlQzis0llkpJg=
-cloud.google.com/go/storage v1.38.0/go.mod h1:tlUADB0mAb9BgYls9lq+8MGkfzOXuLrnHXlpHmvFJoY=
+cloud.google.com/go/storage v1.39.1 h1:MvraqHKhogCOTXTlct/9C3K3+Uy2jBmFYb3/Sp6dVtY=
+cloud.google.com/go/storage v1.39.1/go.mod h1:xK6xZmxZmo+fyP7+DEF6FhNc24/JAe95OLyOHCXFH1o=
 cloud.google.com/go/trace v0.1.0/go.mod h1:wxEwsoeRVPbeSkt7ZC9nWCgmoKQRAoySN7XHW2AmI7g=
 code.gitea.io/gitea-vet v0.2.1/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFjGGfE=
 code.gitea.io/sdk/gitea v0.15.0 h1:tsNhxDM/2N1Ohv1Xq5UWrht/esg0WmtRj4wsHVHriTg=
@@ -174,8 +178,8 @@ github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8=
 github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q=
-github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 h1:kkhsdkhsCvIsutKu5zLMgWtgh9YxGCNAw8Ad8hjwfYg=
-github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
+github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78=
+github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
 github.com/ProtonMail/go-mime v0.0.0-20190923161245-9b5a4261663a h1:W6RrgN/sTxg1msqzFFb+G80MFmpjMw61IU+slm+wln4=
 github.com/ProtonMail/go-mime v0.0.0-20190923161245-9b5a4261663a/go.mod h1:NYt+V3/4rEeDuaev/zw1zCq8uqVEuPHzDPo3OZrlGJ4=
 github.com/ProtonMail/gopenpgp/v2 v2.2.2 h1:u2m7xt+CZWj88qK1UUNBoXeJCFJwJCZ/Ff4ymGoxEXs=
@@ -243,45 +247,45 @@ github.com/aws/aws-sdk-go v1.40.34/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm
 github.com/aws/aws-sdk-go v1.44.288 h1:Ln7fIao/nl0ACtelgR1I4AiEw/GLNkKcXfCaHupUW5Q=
 github.com/aws/aws-sdk-go v1.44.288/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/aws/aws-sdk-go-v2 v1.9.0/go.mod h1:cK/D0BBs0b/oWPIcX/Z/obahJK1TT7IPVjy53i/mX/4=
-github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU=
-github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4=
+github.com/aws/aws-sdk-go-v2 v1.26.1 h1:5554eUqIYVWpU0YmeeYZ0wU64H2VLBs8TlhRB2L+EkA=
+github.com/aws/aws-sdk-go-v2 v1.26.1/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
 github.com/aws/aws-sdk-go-v2/config v1.7.0/go.mod h1:w9+nMZ7soXCe5nT46Ri354SNhXDQ6v+V5wqDjnZE+GY=
-github.com/aws/aws-sdk-go-v2/config v1.26.6 h1:Z/7w9bUqlRI0FFQpetVuFYEsjzE3h7fpU6HuGmfPL/o=
-github.com/aws/aws-sdk-go-v2/config v1.26.6/go.mod h1:uKU6cnDmYCvJ+pxO9S4cWDb2yWWIH5hra+32hVh1MI4=
+github.com/aws/aws-sdk-go-v2/config v1.27.11 h1:f47rANd2LQEYHda2ddSCKYId18/8BhSRM4BULGmfgNA=
+github.com/aws/aws-sdk-go-v2/config v1.27.11/go.mod h1:SMsV78RIOYdve1vf36z8LmnszlRWkwMQtomCAI0/mIE=
 github.com/aws/aws-sdk-go-v2/credentials v1.4.0/go.mod h1:dgGR+Qq7Wjcd4AOAW5Rf5Tnv3+x7ed6kETXyS9WCuAY=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.16 h1:8q6Rliyv0aUFAVtzaldUEcS+T5gbadPbWdV1WcAddK8=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.16/go.mod h1:UHVZrdUsv63hPXFo1H7c5fEneoVo9UXiz36QG1GEPi0=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.11 h1:YuIB1dJNf1Re822rriUOTxopaHHvIq0l/pX3fwO+Tzs=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.11/go.mod h1:AQtFPsDH9bI2O+71anW6EKL+NcD7LG3dpKGMV4SShgo=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.5.0/go.mod h1:CpNzHK9VEFUCknu50kkB8z58AH2B5DvPP7ea1LHve/Y=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 h1:c5I5iH+DZcH3xOIMlz3/tCKJDaHFwYEmxvlh2fAcFo8=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11/go.mod h1:cRrYDYAMUohBJUtUnOhydaMHtiK/1NZ0Otc9lIb6O0Y=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 h1:vF+Zgd9s+H4vOXd5BMaPWykta2a6Ih0AKLq/X6NYKn4=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10/go.mod h1:6BkRjejp/GR4411UGqkX8+wFMbFbqsUIimfK4XjOKR4=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 h1:nYPe006ktcqUji8S2mqXf9c/7NdiKriOwMvWQHgYztw=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10/go.mod h1:6UV4SZkVvmODfXKql4LCbaZUpF7HO2BX38FgBf9ZOLw=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 h1:FVJ0r5XTHSmIHJV6KuDmdYhEpvlHpiSd38RQWhut5J4=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1/go.mod h1:zusuAeqezXzAB24LGuzuekqMAEgWkVYukBec3kr3jUg=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 h1:aw39xVGeRWlWx9EzGVnhOR4yOjQDHPQ6o6NmBlscyQg=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5/go.mod h1:FSaRudD0dXiMPK2UjknVwwTYyZMRsHv3TtkabsZih5I=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 h1:PG1F3OD1szkuQPzDw3CIQsRIrtTlUC3lP84taWzHlq0=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5/go.mod h1:jU1li6RFryMz+so64PpKtudI+QzbKoIEivqdf6LNpOc=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.2.2/go.mod h1:BQV0agm+JEhqR+2RT5e1XTFIDcAAV0eW6z2trp+iduw=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 h1:n3GDfwqF2tzEkXlv5cuy4iy7LpKDtqDMcNLfZDu9rls=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.3.0/go.mod h1:R1KK+vY8AfalhG1AOu5e35pOD2SdoPKQCFLTvnxiohk=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 h1:DBYTXwIGQSGs9w4jKm60F5dmCQ3EEruxdc0MFh+3EY4=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10/go.mod h1:wohMUQiFdzo0NtxbBg0mSRGZ4vL3n0dKjLTINdcIino=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 h1:ogRAwT1/gxJBcSWDMZlgyFUM962F51A5CRhDLbxLdmo=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7/go.mod h1:YCsIZhXfRPLFFCl5xxY+1T9RKzOKjCut+28JSX2DnAk=
 github.com/aws/aws-sdk-go-v2/service/kms v1.5.0/go.mod h1:w7JuP9Oq1IKMFQPkNe3V6s9rOssXzOVEMNEqK1L1bao=
-github.com/aws/aws-sdk-go-v2/service/kms v1.27.9 h1:W9PbZAZAEcelhhjb7KuwUtf+Lbc+i7ByYJRuWLlnxyQ=
-github.com/aws/aws-sdk-go-v2/service/kms v1.27.9/go.mod h1:2tFmR7fQnOdQlM2ZCEPpFnBIQD1U8wmXmduBgZbOag0=
+github.com/aws/aws-sdk-go-v2/service/kms v1.31.0 h1:yl7wcqbisxPzknJVfWTLnK83McUvXba+pz2+tPbIUmQ=
+github.com/aws/aws-sdk-go-v2/service/kms v1.31.0/go.mod h1:2snWQJQUKsbN66vAawJuOGX7dr37pfOq9hb0tZDGIqQ=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.6.0/go.mod h1:B+7C5UKdVq1ylkI/A6O8wcurFtaux0R1njePNPtKwoA=
 github.com/aws/aws-sdk-go-v2/service/ssm v1.10.0/go.mod h1:4dXS5YNqI3SNbetQ7X7vfsMlX6ZnboJA2dulBwJx7+g=
 github.com/aws/aws-sdk-go-v2/service/sso v1.4.0/go.mod h1:+1fpWnL96DL23aXPpMGbsmKe8jLTEfbjuQoA4WS1VaA=
-github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 h1:eajuO3nykDPdYicLlP3AGgOyVN3MOlFmZv7WGTuJPow=
-github.com/aws/aws-sdk-go-v2/service/sso v1.18.7/go.mod h1:+mJNDdF+qiUlNKNC3fxn74WWNN+sOiGOEImje+3ScPM=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 h1:QPMJf+Jw8E1l7zqhZmMlFw6w1NmfkfiSK8mS4zOx3BA=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7/go.mod h1:ykf3COxYI0UJmxcfcxcVuz7b6uADi1FkiUz6Eb7AgM8=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 h1:vN8hEbpRnL7+Hopy9dzmRle1xmDc7o8tmY0klsr175w=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.5/go.mod h1:qGzynb/msuZIE8I75DVRCUXw3o3ZyBmUvMwQ2t/BrGM=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 h1:Jux+gDDyi1Lruk+KHF91tK2KCuY61kzoCpvtvJJBtOE=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4/go.mod h1:mUYPBhaF2lGiukDEjJX2BLRRKTmoUSitGDUgM4tRxak=
 github.com/aws/aws-sdk-go-v2/service/sts v1.7.0/go.mod h1:0qcSMCyASQPN2sk/1KQLQ2Fh6yq8wm0HSDAimPhzCoM=
-github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 h1:NzO4Vrau795RkUdSHKEwiR01FaGzGOH1EETJ+5QHnm0=
-github.com/aws/aws-sdk-go-v2/service/sts v1.26.7/go.mod h1:6h2YuIoxaMSCFf5fi1EgZAwdfkGMgDY+DVfa61uLe4U=
+github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 h1:cwIxeBttqPN3qkaAjcEcsh8NYr8n2HZPkcKgPAi1phU=
+github.com/aws/aws-sdk-go-v2/service/sts v1.28.6/go.mod h1:FZf1/nKNEkHdGGJP/cI2MoIMquumuRK6ol3QQJNDxmw=
 github.com/aws/smithy-go v1.8.0/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAmR5n+E=
-github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM=
-github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
+github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q=
+github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
 github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I=
 github.com/beevik/etree v1.1.0/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A=
 github.com/beevik/etree v1.3.0 h1:hQTc+pylzIKDb23yYprodCWWTt+ojFfUZyzU09a/hmU=
@@ -336,8 +340,8 @@ github.com/clbanning/mxj v1.8.4 h1:HuhwZtbyvyOw+3Z1AowPkU87JkJUSv751ELWaiTpj8I=
 github.com/clbanning/mxj v1.8.4/go.mod h1:BVjHeAH+rl9rs6f+QIpeRl0tfu10SXn1pUSa5PVGJng=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
-github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
-github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
+github.com/cloudflare/circl v1.3.8 h1:j+V8jJt09PoeMFIu2uh5JUyEaIHTXVOHslFoLNAKqwI=
+github.com/cloudflare/circl v1.3.8/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
@@ -668,8 +672,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksP
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
-github.com/googleapis/gax-go/v2 v2.12.2 h1:mhN09QQW1jEWeMF74zGR81R30z4VJzjZsfkUhuHF+DA=
-github.com/googleapis/gax-go/v2 v2.12.2/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc=
+github.com/googleapis/gax-go/v2 v2.12.4 h1:9gWcmF85Wvq4ryPFvGFaOgPIs1AQX0d0bcbGw4Z96qg=
+github.com/googleapis/gax-go/v2 v2.12.4/go.mod h1:KYEYLorsnIGDi/rPC8b5TdlB9kbKoFubselGIoBMCwI=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/goreleaser/chglog v0.1.2 h1:tdzAb/ILeMnphzI9zQ7Nkq+T8R9qyXli8GydD8plFRY=
 github.com/goreleaser/chglog v0.1.2/go.mod h1:tTZsFuSZK4epDXfjMkxzcGbrIOXprf0JFp47BjIr3B8=
@@ -805,8 +809,8 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o
 github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
 github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
-github.com/klauspost/compress v1.17.7 h1:ehO88t2UGzQK66LMdE8tibEd1ErmzZjNEqWkjLAKQQg=
-github.com/klauspost/compress v1.17.7/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
+github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU=
+github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
 github.com/kolide/kit v0.0.0-20221107170827-fb85e3d59eab h1:KVR7cs+oPyy85i+8t1ZaNSy1bymCy5FuWyt51pdrXu4=
 github.com/kolide/kit v0.0.0-20221107170827-fb85e3d59eab/go.mod h1:OYYulo9tUqRadRLwB0+LE914sa1ui2yL7OrcU3Q/1XY=
 github.com/kolide/launcher v1.0.12 h1:f2uT1kKYGIbj/WVsHDc10f7MIiwu8MpmgwaGaT7D09k=
@@ -944,8 +948,8 @@ github.com/open-policy-agent/opa v0.44.0/go.mod h1:YpJaFIk5pq89n/k72c1lVvfvR5uop
 github.com/opencensus-integrations/ocsql v0.1.1/go.mod h1:ozPYpNVBHZsX33jfoQPO5TlI5lqh0/3R36kirEqJKAM=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.1.0-rc6 h1:XDqvyKsJEbRtATzkgItUqBA7QHk58yxX1Ov9HERHNqU=
-github.com/opencontainers/image-spec v1.1.0-rc6/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
+github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
+github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
 github.com/oschwald/geoip2-golang v1.8.0 h1:KfjYB8ojCEn/QLqsDU0AzrJ3R5Qa9vFlx3z6SLNcKTs=
 github.com/oschwald/geoip2-golang v1.8.0/go.mod h1:R7bRvYjOeaoenAp9sKRS8GX5bJWcZ0laWO5+DauEktw=
 github.com/oschwald/maxminddb-golang v1.10.0 h1:Xp1u0ZhqkSuopaKmk1WwHtjF0H9Hd9181uj2MQ5Vndg=
@@ -1024,8 +1028,8 @@ github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/saferwall/pe v1.5.2 h1:h5lLtLsyxGHQ9dN6cd8EfeLEBEo5gdqJpkuw4o4vTMY=
 github.com/saferwall/pe v1.5.2/go.mod h1:SNzv3cdgk8SBI0UwHfyTcdjawfdnN+nbydnEL7GZ25s=
-github.com/sassoftware/relic/v7 v7.6.2 h1:rS44Lbv9G9eXsukknS4mSjIAuuX+lMq/FnStgmZlUv4=
-github.com/sassoftware/relic/v7 v7.6.2/go.mod h1:kjmP0IBVkJZ6gXeAu35/KCEfca//+PKM6vTAsyDPY+k=
+github.com/sassoftware/relic/v8 v8.0.1 h1:uYUoaoTQMs67up8/46NgrSxSftgfY4VWBusDVg56k7I=
+github.com/sassoftware/relic/v8 v8.0.1/go.mod h1:s/MwugRcovgYcNJNOyvLfqRHDX7iArHtFtUR9kEodz8=
 github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9 h1:rc/CcqLH3lh8n+csdOuDfP+NuykE0U6AeYSJJHKDgSg=
 github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9/go.mod h1:a/83NAfUXvEuLpmxDssAXxgUgrEy12MId3Wd7OTs76s=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
@@ -1142,8 +1146,8 @@ github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVM
 github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
 github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
 github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
-github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8=
-github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
+github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc=
+github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/urfave/cli/v2 v2.23.5 h1:xbrU7tAYviSpqeR3X4nEFWUdB/uDZ6DE+HxmRU7Xtyw=
 github.com/urfave/cli/v2 v2.23.5/go.mod h1:GHupkWPMM0M/sj1a2b4wUrWBPzazNrIjouW6fmdJLxc=
 github.com/vartanbeno/go-reddit/v2 v2.0.0 h1:fxYMqx5lhbmJ3yYRN1nnQC/gecRB3xpUS2BbG7GLpsk=
@@ -1655,8 +1659,8 @@ google.golang.org/api v0.52.0/go.mod h1:Him/adpjt0sxtkWViy0b6xyKW/SD71CwdJ7HqJo7
 google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k=
 google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
 google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
-google.golang.org/api v0.169.0 h1:QwWPy71FgMWqJN/l6jVlFHUa29a7dcUy02I8o799nPY=
-google.golang.org/api v0.169.0/go.mod h1:gpNOiMA2tZ4mf5R9Iwf4rK/Dcz0fbdIgWYWVoxmsyLg=
+google.golang.org/api v0.178.0 h1:yoW/QMI4bRVCHF+NWOTa4cL8MoWL3Jnuc7FlcFF91Ok=
+google.golang.org/api v0.178.0/go.mod h1:84/k2v8DFpDRebpGcooklv/lais3MEfqpaBLA12gl2U=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -1726,8 +1730,8 @@ google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEc
 google.golang.org/genproto v0.0.0-20210825212027-de86158e7fda/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
 google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
 google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y=
-google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s=
+google.golang.org/genproto v0.0.0-20240506185236-b8a5c65736ae h1:HjgkYCl6cWQEKSHkpUp4Q8VB74swzyBwTz1wtTzahm0=
+google.golang.org/genproto v0.0.0-20240506185236-b8a5c65736ae/go.mod h1:i4np6Wrjp8EujFAUn0CM0SH+iZhY1EbrfzEIJbFkHFM=
 google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 h1:0+ozOGcrp+Y8Aq8TLNN2Aliibms5LEzsq99ZZmAGYm0=
 google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094/go.mod h1:fJ/e3If/Q67Mj99hin0hMhiNyCRmt6BQ2aWIJshUSJw=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA=
diff --git a/pkg/file/deb.go b/pkg/file/deb.go
index 81351e23d3..35d5881342 100644
--- a/pkg/file/deb.go
+++ b/pkg/file/deb.go
@@ -33,9 +33,9 @@ func ExtractDebMetadata(r io.Reader) (*InstallerMetadata, error) {
 			return nil, fmt.Errorf("failed to advance to next file in archive: %w", err)
 		}
 
-		name := path.Clean(hdr.Name)
-		if strings.HasPrefix(name, "control.tar") {
-			ext := filepath.Ext(name)
+		filename := path.Clean(hdr.Name)
+		if strings.HasPrefix(filename, "control.tar") {
+			ext := filepath.Ext(filename)
 			if ext == ".tar" {
 				ext = ""
 			}
@@ -49,9 +49,10 @@ func ExtractDebMetadata(r io.Reader) (*InstallerMetadata, error) {
 				return nil, fmt.Errorf("failed to read all content: %w", err)
 			}
 			return &InstallerMetadata{
-				Name:    name,
-				Version: version,
-				SHASum:  h.Sum(nil),
+				Name:       name,
+				Version:    version,
+				PackageIDs: []string{name},
+				SHASum:     h.Sum(nil),
 			}, nil
 		}
 	}
diff --git a/pkg/file/file.go b/pkg/file/file.go
index 5b061bcf07..7abd79169f 100644
--- a/pkg/file/file.go
+++ b/pkg/file/file.go
@@ -25,6 +25,7 @@ type InstallerMetadata struct {
 	BundleIdentifier string
 	SHASum           []byte
 	Extension        string
+	PackageIDs       []string
 }
 
 // ExtractInstallerMetadata extracts the software name and version from the
diff --git a/pkg/file/management.go b/pkg/file/management.go
index f5f981d840..f16a79fe23 100644
--- a/pkg/file/management.go
+++ b/pkg/file/management.go
@@ -61,3 +61,32 @@ func GetRemoveScript(extension string) string {
 		return ""
 	}
 }
+
+//go:embed scripts/uninstall_exe.ps1
+var uninstallExeScript string
+
+//go:embed scripts/uninstall_pkg.sh
+var uninstallPkgScript string
+
+//go:embed scripts/uninstall_msi.ps1
+var uninstallMsiScript string
+
+//go:embed scripts/uninstall_deb.sh
+var uninstallDebScript string
+
+// GetUninstallScript returns a script that can be used to uninstall a
+// software item with the given extension.
+func GetUninstallScript(extension string) string {
+	switch extension {
+	case "msi":
+		return uninstallMsiScript
+	case "deb":
+		return uninstallDebScript
+	case "pkg":
+		return uninstallPkgScript
+	case "exe":
+		return uninstallExeScript
+	default:
+		return ""
+	}
+}
diff --git a/pkg/file/management_test.go b/pkg/file/management_test.go
index 422bb637a6..8b5d8608c5 100644
--- a/pkg/file/management_test.go
+++ b/pkg/file/management_test.go
@@ -7,6 +7,7 @@ import (
 	"path/filepath"
 	"testing"
 
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
@@ -19,35 +20,43 @@ func TestMain(m *testing.M) {
 	os.Exit(m.Run())
 }
 
-// Note: to update the goldens, run the tests with `-update`:
+// Note: to update the goldens, delete testdata/scripts/* and run the tests with `-update`:
 //
 // go test ./pkg/file/... -update
 func TestGetInstallAndRemoveScript(t *testing.T) {
-	scriptsByType := map[string][2]string{
+	t.Parallel()
+	scriptsByType := map[string]map[string]string{
 		"msi": {
-			"./scripts/install_msi.ps1",
-			"./scripts/remove_msi.ps1",
+			"install":   "./scripts/install_msi.ps1",
+			"remove":    "./scripts/remove_msi.ps1",
+			"uninstall": "./scripts/uninstall_msi.ps1",
 		},
 		"pkg": {
-			"./scripts/install_pkg.sh",
-			"./scripts/remove_pkg.sh",
+			"install":   "./scripts/install_pkg.sh",
+			"remove":    "./scripts/remove_pkg.sh",
+			"uninstall": "./scripts/uninstall_pkg.sh",
 		},
 		"deb": {
-			"./scripts/install_deb.sh",
-			"./scripts/remove_deb.sh",
+			"install":   "./scripts/install_deb.sh",
+			"remove":    "./scripts/remove_deb.sh",
+			"uninstall": "./scripts/uninstall_deb.sh",
 		},
 		"exe": {
-			"./scripts/install_exe.ps1",
-			"./scripts/remove_exe.ps1",
+			"install":   "./scripts/install_exe.ps1",
+			"remove":    "./scripts/remove_exe.ps1",
+			"uninstall": "./scripts/uninstall_exe.ps1",
 		},
 	}
 
 	for itype, scripts := range scriptsByType {
 		gotScript := GetInstallScript(itype)
-		assertGoldenMatches(t, scripts[0], gotScript, *update)
+		assertGoldenMatches(t, scripts["install"], gotScript, *update)
 
 		gotScript = GetRemoveScript(itype)
-		assertGoldenMatches(t, scripts[1], gotScript, *update)
+		assertGoldenMatches(t, scripts["remove"], gotScript, *update)
+
+		gotScript = GetUninstallScript(itype)
+		assertGoldenMatches(t, scripts["uninstall"], gotScript, *update)
 	}
 }
 
@@ -67,5 +76,5 @@ func assertGoldenMatches(t *testing.T, goldenFile string, actual string, update
 
 	content, err := io.ReadAll(f)
 	require.NoError(t, err)
-	require.Equal(t, string(content), actual)
+	assert.Equal(t, string(content), actual)
 }
diff --git a/pkg/file/msi.go b/pkg/file/msi.go
index 885c28a79b..2568261e64 100644
--- a/pkg/file/msi.go
+++ b/pkg/file/msi.go
@@ -9,7 +9,7 @@ import (
 	"io"
 	"strings"
 
-	"github.com/sassoftware/relic/v7/lib/comdoc"
+	"github.com/sassoftware/relic/v8/lib/comdoc"
 )
 
 func ExtractMSIMetadata(r io.Reader) (*InstallerMetadata, error) {
@@ -77,10 +77,12 @@ func ExtractMSIMetadata(r io.Reader) (*InstallerMetadata, error) {
 		return nil, err
 	}
 
+	// MSI installer product information properties: https://learn.microsoft.com/en-us/windows/win32/msi/property-reference#product-information-properties
 	return &InstallerMetadata{
-		Name:    strings.TrimSpace(props["ProductName"]),
-		Version: strings.TrimSpace(props["ProductVersion"]),
-		SHASum:  h.Sum(nil),
+		Name:       strings.TrimSpace(props["ProductName"]),
+		Version:    strings.TrimSpace(props["ProductVersion"]),
+		PackageIDs: []string{strings.TrimSpace(props["ProductCode"])},
+		SHASum:     h.Sum(nil),
 	}, nil
 }
 
diff --git a/pkg/file/pe.go b/pkg/file/pe.go
index 1b0e053c09..70d2596ec0 100644
--- a/pkg/file/pe.go
+++ b/pkg/file/pe.go
@@ -50,10 +50,12 @@ func ExtractPEMetadata(r io.Reader) (*InstallerMetadata, error) {
 	if err != nil {
 		return nil, fmt.Errorf("error parsing PE version resources: %w", err)
 	}
+	name := strings.TrimSpace(v["ProductName"])
 	return applySpecialCases(&InstallerMetadata{
-		Name:    strings.TrimSpace(v["ProductName"]),
-		Version: strings.TrimSpace(v["ProductVersion"]),
-		SHASum:  h.Sum(nil),
+		Name:       name,
+		Version:    strings.TrimSpace(v["ProductVersion"]),
+		PackageIDs: []string{name},
+		SHASum:     h.Sum(nil),
 	}, v), nil
 }
 
diff --git a/pkg/file/pe_test.go b/pkg/file/pe_test.go
new file mode 100644
index 0000000000..0bfd0776aa
--- /dev/null
+++ b/pkg/file/pe_test.go
@@ -0,0 +1,21 @@
+package file
+
+import (
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestExtractPEMetadata(t *testing.T) {
+	t.Parallel()
+	file, err := os.Open("testdata/software-installers/hello-world-installer.exe")
+	require.NoError(t, err)
+	meta, err := ExtractPEMetadata(file)
+	require.NoError(t, err)
+	require.NotNil(t, meta)
+	assert.Equal(t, "Hello world", meta.Name)
+	assert.Equal(t, "1.0.0", meta.Version)
+	assert.Equal(t, []string{"Hello world"}, meta.PackageIDs)
+}
diff --git a/pkg/file/scripts/install_exe.ps1 b/pkg/file/scripts/install_exe.ps1
index f9d762b318..1b5b388262 100644
--- a/pkg/file/scripts/install_exe.ps1
+++ b/pkg/file/scripts/install_exe.ps1
@@ -1,16 +1,20 @@
+# Learn more about .exe install scripts: http://fleetdm.com/learn-more-about/exe-install-scripts
+
 $exeFilePath = "${env:INSTALLER_PATH}"
 
-# extract the name of the executable to use as the sub-directory name
-$exeName = [System.IO.Path]::GetFileName($exeFilePath)
-$subDir = [System.IO.Path]::GetFileNameWithoutExtension($exeFilePath)
-
-$destinationPath = Join-Path -Path $env:ProgramFiles -ChildPath $subDir
-
-# check if the directory does not exist, and create it if necessary
-if (-not (Test-Path -Path $destinationPath)) {
-    New-Item -ItemType Directory -Path $destinationPath
+# Add argument to install silently
+# Argument to make install silent depends on installer,
+# each installer might use different argument (usually it's "/S" or "/s")
+$processOptions = @{
+  FilePath = "$exeFilePath"
+  ArgumentList = "/S"
+  PassThru = $true
+  Wait = $true
 }
+    
+# Start process and track exit code
+$process = Start-Process @processOptions
+$exitCode = $process.ExitCode
 
-# copy the .exe file to the new sub-directory
-$destinationExePath = Join-Path -Path $destinationPath -ChildPath $exeName
-Copy-Item -Path $exeFilePath -Destination $destinationExePath
+# Prints the exit code
+Write-Host "Install exit code: $exitCode"
diff --git a/pkg/file/scripts/uninstall_deb.sh b/pkg/file/scripts/uninstall_deb.sh
new file mode 100644
index 0000000000..f7f623f2ca
--- /dev/null
+++ b/pkg/file/scripts/uninstall_deb.sh
@@ -0,0 +1,4 @@
+package_name=$PACKAGE_ID
+
+# Fleet uninstalls app using product name that's extracted on upload
+apt remove "$package_name" -y
diff --git a/pkg/file/scripts/uninstall_exe.ps1 b/pkg/file/scripts/uninstall_exe.ps1
new file mode 100644
index 0000000000..5534056ac1
--- /dev/null
+++ b/pkg/file/scripts/uninstall_exe.ps1
@@ -0,0 +1,17 @@
+# Fleet extracts name from installer (EXE) and saves it to package ID variable
+$softwareName = $PACKAGE_ID
+
+# Get the list of subkeys under the Uninstall registry path
+$uninstallKeys = Get-ChildItem "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall" | ForEach-Object { Get-ItemProperty $_.PSPath }
+
+# Loop through each registry key to find the one containing "$softwareName" in DisplayName and run uninstall command from UninstallString
+foreach ($key in $uninstallKeys) {
+    if ($key.DisplayName -like "*$softwareName*") {
+        # Get the uninstall command
+        $uninstallCommand = if ($key.QuietUninstallString) { $key.QuietUninstallString } else { $key.UninstallString }
+
+        # Run the uninstall command with arguments using the call operator &
+        & $uninstallCommand
+        break # Exit the loop once the software is found and uninstalled
+    }
+}
diff --git a/pkg/file/scripts/uninstall_msi.ps1 b/pkg/file/scripts/uninstall_msi.ps1
new file mode 100644
index 0000000000..8235d0bcb3
--- /dev/null
+++ b/pkg/file/scripts/uninstall_msi.ps1
@@ -0,0 +1,4 @@
+$product_code = $PACKAGE_ID
+
+# Fleet uninstalls app using product code that's extracted on upload
+msiexec /quiet /x $product_code
diff --git a/pkg/file/scripts/uninstall_pkg.sh b/pkg/file/scripts/uninstall_pkg.sh
new file mode 100644
index 0000000000..473cff971b
--- /dev/null
+++ b/pkg/file/scripts/uninstall_pkg.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+# Fleet extracts and saves package IDs.
+pkg_ids=$PACKAGE_ID
+
+# Get all files associated with package and remove them
+for pkg_id in "${pkg_ids[@]}"
+do
+  # Get volume and location of package
+  volume=$(pkgutil --pkg-info "$pkg_id" | grep -i "volume" | awk '{for (i=2; i<NF; i++) printf $i " "; print $NF}')
+  location=$(pkgutil --pkg-info "$pkg_id" | grep -i "location" | awk '{for (i=2; i<NF; i++) printf $i " "; print $NF}')
+  # Check if this package id corresponds to a valid/installed package
+  if [[ ! -z "$volume" && ! -z "$location" ]]; then
+    # Remove individual files/directories belonging to package
+    pkgutil --files "$pkg_id" | sed -e 's@^@'"$volume""$location"'/@' | tr '\n' '\0' | xargs -n 1 -0 rm -rf
+    # Remove receipts
+    pkgutil --forget "$pkg_id"
+  else
+    echo "WARNING: volume or location are empty for package ID $pkg_id"
+  fi
+done
diff --git a/pkg/file/testdata/distribution/test-zero-installkbytes.xml b/pkg/file/testdata/distribution/test-zero-installkbytes.xml
new file mode 100644
index 0000000000..5e8b36380a
--- /dev/null
+++ b/pkg/file/testdata/distribution/test-zero-installkbytes.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="utf-8" standalone="yes"?>
+<installer-gui-script minSpecVersion="2">
+    <pkg-ref id="com.bozo.zeroinstallsize" installKBytes="0" packageIdentifier="com.bozo.zeroinstallsize.app">
+        <bundle-version>
+            <bundle CFBundleShortVersionString="1.2.3" CFBundleVersion="8.10.34.234040" id="com.bozo.zeroinstallsize" path="ZeroInstallSize.app"/>
+        </bundle-version>
+    </pkg-ref>
+    <product id="com.bozo.zeroinstallsize" version="1.2.3"/>
+    <title>ZeroInstallSize</title>
+</installer-gui-script>
diff --git a/pkg/file/testdata/scripts/install_exe.ps1.golden b/pkg/file/testdata/scripts/install_exe.ps1.golden
index f9d762b318..1b5b388262 100644
--- a/pkg/file/testdata/scripts/install_exe.ps1.golden
+++ b/pkg/file/testdata/scripts/install_exe.ps1.golden
@@ -1,16 +1,20 @@
+# Learn more about .exe install scripts: http://fleetdm.com/learn-more-about/exe-install-scripts
+
 $exeFilePath = "${env:INSTALLER_PATH}"
 
-# extract the name of the executable to use as the sub-directory name
-$exeName = [System.IO.Path]::GetFileName($exeFilePath)
-$subDir = [System.IO.Path]::GetFileNameWithoutExtension($exeFilePath)
-
-$destinationPath = Join-Path -Path $env:ProgramFiles -ChildPath $subDir
-
-# check if the directory does not exist, and create it if necessary
-if (-not (Test-Path -Path $destinationPath)) {
-    New-Item -ItemType Directory -Path $destinationPath
+# Add argument to install silently
+# Argument to make install silent depends on installer,
+# each installer might use different argument (usually it's "/S" or "/s")
+$processOptions = @{
+  FilePath = "$exeFilePath"
+  ArgumentList = "/S"
+  PassThru = $true
+  Wait = $true
 }
+    
+# Start process and track exit code
+$process = Start-Process @processOptions
+$exitCode = $process.ExitCode
 
-# copy the .exe file to the new sub-directory
-$destinationExePath = Join-Path -Path $destinationPath -ChildPath $exeName
-Copy-Item -Path $exeFilePath -Destination $destinationExePath
+# Prints the exit code
+Write-Host "Install exit code: $exitCode"
diff --git a/pkg/file/testdata/scripts/uninstall_deb.sh.golden b/pkg/file/testdata/scripts/uninstall_deb.sh.golden
new file mode 100644
index 0000000000..f7f623f2ca
--- /dev/null
+++ b/pkg/file/testdata/scripts/uninstall_deb.sh.golden
@@ -0,0 +1,4 @@
+package_name=$PACKAGE_ID
+
+# Fleet uninstalls app using product name that's extracted on upload
+apt remove "$package_name" -y
diff --git a/pkg/file/testdata/scripts/uninstall_exe.ps1.golden b/pkg/file/testdata/scripts/uninstall_exe.ps1.golden
new file mode 100644
index 0000000000..5534056ac1
--- /dev/null
+++ b/pkg/file/testdata/scripts/uninstall_exe.ps1.golden
@@ -0,0 +1,17 @@
+# Fleet extracts name from installer (EXE) and saves it to package ID variable
+$softwareName = $PACKAGE_ID
+
+# Get the list of subkeys under the Uninstall registry path
+$uninstallKeys = Get-ChildItem "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall" | ForEach-Object { Get-ItemProperty $_.PSPath }
+
+# Loop through each registry key to find the one containing "$softwareName" in DisplayName and run uninstall command from UninstallString
+foreach ($key in $uninstallKeys) {
+    if ($key.DisplayName -like "*$softwareName*") {
+        # Get the uninstall command
+        $uninstallCommand = if ($key.QuietUninstallString) { $key.QuietUninstallString } else { $key.UninstallString }
+
+        # Run the uninstall command with arguments using the call operator &
+        & $uninstallCommand
+        break # Exit the loop once the software is found and uninstalled
+    }
+}
diff --git a/pkg/file/testdata/scripts/uninstall_msi.ps1.golden b/pkg/file/testdata/scripts/uninstall_msi.ps1.golden
new file mode 100644
index 0000000000..8235d0bcb3
--- /dev/null
+++ b/pkg/file/testdata/scripts/uninstall_msi.ps1.golden
@@ -0,0 +1,4 @@
+$product_code = $PACKAGE_ID
+
+# Fleet uninstalls app using product code that's extracted on upload
+msiexec /quiet /x $product_code
diff --git a/pkg/file/testdata/scripts/uninstall_pkg.sh.golden b/pkg/file/testdata/scripts/uninstall_pkg.sh.golden
new file mode 100644
index 0000000000..473cff971b
--- /dev/null
+++ b/pkg/file/testdata/scripts/uninstall_pkg.sh.golden
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+# Fleet extracts and saves package IDs.
+pkg_ids=$PACKAGE_ID
+
+# Get all files associated with package and remove them
+for pkg_id in "${pkg_ids[@]}"
+do
+  # Get volume and location of package
+  volume=$(pkgutil --pkg-info "$pkg_id" | grep -i "volume" | awk '{for (i=2; i<NF; i++) printf $i " "; print $NF}')
+  location=$(pkgutil --pkg-info "$pkg_id" | grep -i "location" | awk '{for (i=2; i<NF; i++) printf $i " "; print $NF}')
+  # Check if this package id corresponds to a valid/installed package
+  if [[ ! -z "$volume" && ! -z "$location" ]]; then
+    # Remove individual files/directories belonging to package
+    pkgutil --files "$pkg_id" | sed -e 's@^@'"$volume""$location"'/@' | tr '\n' '\0' | xargs -n 1 -0 rm -rf
+    # Remove receipts
+    pkgutil --forget "$pkg_id"
+  else
+    echo "WARNING: volume or location are empty for package ID $pkg_id"
+  fi
+done
diff --git a/pkg/file/testdata/software-installers/README.md b/pkg/file/testdata/software-installers/README.md
new file mode 100644
index 0000000000..d655ba739a
--- /dev/null
+++ b/pkg/file/testdata/software-installers/README.md
@@ -0,0 +1 @@
+- `hello-world-installer.exe` is an installer with a text file. It was created using [Inno Setup](https://jrsoftware.org/isinfo.php) on Windows.
diff --git a/pkg/file/testdata/software-installers/hello-world-installer.exe b/pkg/file/testdata/software-installers/hello-world-installer.exe
new file mode 100755
index 0000000000..48ab4d1444
Binary files /dev/null and b/pkg/file/testdata/software-installers/hello-world-installer.exe differ
diff --git a/pkg/file/xar.go b/pkg/file/xar.go
index e4d75f9b5c..4bbbd3ebfb 100644
--- a/pkg/file/xar.go
+++ b/pkg/file/xar.go
@@ -123,6 +123,7 @@ type distributionPkgRef struct {
 	BundleVersions    []distributionBundleVersion `xml:"bundle-version"`
 	MustClose         distributionMustClose       `xml:"must-close"`
 	PackageIdentifier string                      `xml:"packageIdentifier,attr"`
+	InstallKBytes     string                      `xml:"installKBytes,attr"`
 }
 
 // distributionBundleVersion represents the bundle-version element
@@ -223,21 +224,55 @@ func parseDistributionFile(rawXML []byte) (*InstallerMetadata, error) {
 		return nil, fmt.Errorf("unmarshal Distribution XML: %w", err)
 	}
 
-	name, identifier, version := getDistributionInfo(&distXML)
+	name, identifier, version, packageIDs := getDistributionInfo(&distXML)
 	return &InstallerMetadata{
 		Name:             name,
 		Version:          version,
 		BundleIdentifier: identifier,
+		PackageIDs:       packageIDs,
 	}, nil
 
 }
 
 // getDistributionInfo gets the name, bundle identifier and version of a PKG distribution file
-func getDistributionInfo(d *distributionXML) (name string, identifier string, version string) {
+func getDistributionInfo(d *distributionXML) (name string, identifier string, version string, packageIDs []string) {
 	var appVersion string
 
+	// find the package ids that have an installation size
+	var packageIDSet = make(map[string]struct{}, 1)
+	for _, pkg := range d.PkgRefs {
+		if pkg.InstallKBytes != "" && pkg.InstallKBytes != "0" {
+			var id string
+			if pkg.PackageIdentifier != "" {
+				id = pkg.PackageIdentifier
+			} else if pkg.ID != "" {
+				id = pkg.ID
+			}
+			if id != "" {
+				packageIDSet[id] = struct{}{}
+			}
+		}
+	}
+	if len(packageIDSet) == 0 {
+		// if we didn't find any package IDs with installation size, then grab all of them
+		for _, pkg := range d.PkgRefs {
+			var id string
+			if pkg.PackageIdentifier != "" {
+				id = pkg.PackageIdentifier
+			} else if pkg.ID != "" {
+				id = pkg.ID
+			}
+			if id != "" {
+				packageIDSet[id] = struct{}{}
+			}
+		}
+	}
+	for id := range packageIDSet {
+		packageIDs = append(packageIDs, id)
+	}
+
 out:
-	// first, look in all the bundle versions for one that has a `path` attribute
+	// look in all the bundle versions for one that has a `path` attribute
 	// that is not nested, this is generally the case for packages that distribute
 	// `.app` files, which are ultimately picked up as an installed app by osquery
 	for _, pkg := range d.PkgRefs {
@@ -284,6 +319,11 @@ out:
 		identifier = d.Product.ID
 	}
 
+	// if package IDs are still empty, use the identifier as the package ID
+	if len(packageIDs) == 0 && identifier != "" {
+		packageIDs = append(packageIDs, identifier)
+	}
+
 	// for the name, try to use the title and fallback to the bundle
 	// identifier
 	if name == "" && d.Title != "" {
@@ -296,7 +336,7 @@ out:
 	// for the version, try to use the top-level product version, if not,
 	// fallback to any version definition alongside the name or the first
 	// version in a pkg-ref we find.
-	if version == "" && d.Product.Version != "" {
+	if d.Product.Version != "" {
 		version = d.Product.Version
 	}
 	if version == "" && appVersion != "" {
@@ -310,7 +350,7 @@ out:
 		}
 	}
 
-	return name, identifier, version
+	return name, identifier, version, packageIDs
 }
 
 // isValidAppFilePath checks if the given input is a file name ending with .app
diff --git a/pkg/file/xar_test.go b/pkg/file/xar_test.go
index cef5230fb9..be1cc7d278 100644
--- a/pkg/file/xar_test.go
+++ b/pkg/file/xar_test.go
@@ -8,6 +8,7 @@ import (
 	"path/filepath"
 	"testing"
 
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
@@ -52,113 +53,147 @@ func TestCheckPKGSignature(t *testing.T) {
 }
 
 func TestParseRealDistributionFiles(t *testing.T) {
+	t.Parallel()
 	tests := []struct {
-		file             string
-		expectedName     string
-		expectedVersion  string
-		expectedBundleID string
+		file               string
+		expectedName       string
+		expectedVersion    string
+		expectedBundleID   string
+		expectedPackageIDs []string
 	}{
 		{
-			file:             "distribution-1password.xml",
-			expectedName:     "1Password.app",
-			expectedVersion:  "8.10.34",
-			expectedBundleID: "com.1password.1password",
+			file:               "distribution-1password.xml",
+			expectedName:       "1Password.app",
+			expectedVersion:    "8.10.34",
+			expectedBundleID:   "com.1password.1password",
+			expectedPackageIDs: []string{"com.1password.1password"},
 		},
 		{
-			file:             "distribution-chrome.xml",
-			expectedName:     "Google Chrome.app",
-			expectedVersion:  "126.0.6478.62",
-			expectedBundleID: "com.google.Chrome",
+			file:               "distribution-chrome.xml",
+			expectedName:       "Google Chrome.app",
+			expectedVersion:    "126.0.6478.62",
+			expectedBundleID:   "com.google.Chrome",
+			expectedPackageIDs: []string{"com.google.Chrome"},
 		},
 		{
-			file:             "distribution-edge.xml",
-			expectedName:     "Microsoft Edge.app",
-			expectedVersion:  "126.0.2592.56",
-			expectedBundleID: "com.microsoft.edgemac",
+			file:               "distribution-edge.xml",
+			expectedName:       "Microsoft Edge.app",
+			expectedVersion:    "126.0.2592.56",
+			expectedBundleID:   "com.microsoft.edgemac",
+			expectedPackageIDs: []string{"com.microsoft.edgemac"},
 		},
 		{
-			file:             "distribution-firefox.xml",
-			expectedName:     "Firefox.app",
-			expectedVersion:  "99.0",
-			expectedBundleID: "org.mozilla.firefox",
+			file:               "distribution-firefox.xml",
+			expectedName:       "Firefox.app",
+			expectedVersion:    "99.0",
+			expectedBundleID:   "org.mozilla.firefox",
+			expectedPackageIDs: []string{"org.mozilla.firefox"},
 		},
 		{
-			file:             "distribution-fleet.xml",
-			expectedName:     "Fleet osquery",
-			expectedVersion:  "42.0.0",
-			expectedBundleID: "com.fleetdm.orbit",
+			file:               "distribution-fleet.xml",
+			expectedName:       "Fleet osquery",
+			expectedVersion:    "42.0.0",
+			expectedBundleID:   "com.fleetdm.orbit",
+			expectedPackageIDs: []string{"com.fleetdm.orbit.base.pkg"},
 		},
 		{
-			file:             "distribution-go.xml",
-			expectedName:     "Go",
-			expectedVersion:  "go1.22.4",
-			expectedBundleID: "org.golang.go",
+			file:               "distribution-go.xml",
+			expectedName:       "Go",
+			expectedVersion:    "go1.22.4",
+			expectedBundleID:   "org.golang.go",
+			expectedPackageIDs: []string{"org.golang.go"},
 		},
 		{
 			file:             "distribution-microsoft-teams.xml",
 			expectedName:     "Microsoft Teams.app",
 			expectedVersion:  "24124.1412.2911.3341",
 			expectedBundleID: "com.microsoft.teams2",
+			expectedPackageIDs: []string{"com.microsoft.teams2", "com.microsoft.package.Microsoft_AutoUpdate.app",
+				"com.microsoft.MSTeamsAudioDevice"},
 		},
 		{
-			file:             "distribution-zoom.xml",
-			expectedName:     "zoom.us.app",
-			expectedVersion:  "6.0.11.35001",
-			expectedBundleID: "us.zoom.xos",
+			file:               "distribution-zoom.xml",
+			expectedName:       "zoom.us.app",
+			expectedVersion:    "6.0.11.35001",
+			expectedBundleID:   "us.zoom.xos",
+			expectedPackageIDs: []string{"us.zoom.pkg.videomeeting"},
 		},
 		{
 			file:             "distribution-acrobatreader.xml",
 			expectedName:     "Adobe Acrobat Reader.app",
 			expectedVersion:  "24.002.20857",
 			expectedBundleID: "com.adobe.Reader",
+			expectedPackageIDs: []string{"com.adobe.acrobat.DC.reader.app.pkg.MUI", "com.adobe.acrobat.DC.reader.appsupport.pkg.MUI",
+				"com.adobe.acrobat.reader.DC.reader.app.pkg.MUI", "com.adobe.armdc.app.pkg"},
 		},
 		{
-			file:             "distribution-airtame.xml",
-			expectedName:     "Airtame.app",
-			expectedVersion:  "4.10.1",
-			expectedBundleID: "com.airtame.airtame-application",
+			file:               "distribution-airtame.xml",
+			expectedName:       "Airtame.app",
+			expectedVersion:    "4.10.1",
+			expectedBundleID:   "com.airtame.airtame-application",
+			expectedPackageIDs: []string{"com.airtame.airtame-application"},
 		},
 		{
 			file:             "distribution-boxdrive.xml",
 			expectedName:     "Box.app",
 			expectedVersion:  "2.38.173",
 			expectedBundleID: "com.box.desktop",
+			expectedPackageIDs: []string{"com.box.desktop.installer.desktop", "com.box.desktop.installer.local.appsupport",
+				"com.box.desktop.installer.autoupdater", "com.box.desktop.installer.osxfuse"},
 		},
 		{
 			file:             "distribution-iriunwebcam.xml",
 			expectedName:     "IriunWebcam.app",
 			expectedVersion:  "2.8.8",
 			expectedBundleID: "com.iriun.macwebcam",
+			// Note: "com.iriun.pkg.multicam" is part of the installer package, but it is not actually installed by default.
+			// We can't reliably determine which packages are installed by the installer, so we just list all of them.
+			expectedPackageIDs: []string{"com.iriun.pkg.webcam.tmp", "com.iriun.pkg.multicam"},
 		},
 		{
 			file:             "distribution-microsoftexcel.xml",
 			expectedName:     "Microsoft Excel.app",
 			expectedVersion:  "16.86",
 			expectedBundleID: "com.microsoft.Excel",
+			expectedPackageIDs: []string{"com.microsoft.package.Microsoft_Excel.app", "com.microsoft.package.Microsoft_AutoUpdate.app",
+				"com.microsoft.pkg.licensing"},
 		},
 		{
 			file:             "distribution-microsoftword.xml",
 			expectedName:     "Microsoft Word.app",
 			expectedVersion:  "16.86",
 			expectedBundleID: "com.microsoft.Word",
+			expectedPackageIDs: []string{"com.microsoft.package.Microsoft_Word.app", "com.microsoft.package.Microsoft_AutoUpdate.app",
+				"com.microsoft.pkg.licensing"},
 		},
 		{
 			file:             "distribution-miscrosoftpowerpoint.xml",
 			expectedName:     "Microsoft PowerPoint.app",
 			expectedVersion:  "16.86",
 			expectedBundleID: "com.microsoft.Powerpoint",
+			expectedPackageIDs: []string{"com.microsoft.package.Microsoft_PowerPoint.app", "com.microsoft.package.Microsoft_AutoUpdate.app",
+				"com.microsoft.pkg.licensing"},
 		},
 		{
-			file:             "distribution-ringcentral.xml",
-			expectedName:     "RingCentral.app",
-			expectedVersion:  "24.1.32.9774",
-			expectedBundleID: "com.ringcentral.glip",
+			file:               "distribution-ringcentral.xml",
+			expectedName:       "RingCentral.app",
+			expectedVersion:    "24.1.32.9774",
+			expectedBundleID:   "com.ringcentral.glip",
+			expectedPackageIDs: []string{"com.ringcentral.glip"},
 		},
 		{
-			file:             "distribution-zoom-full.xml",
-			expectedName:     "Zoom Workplace",
-			expectedVersion:  "6.1.1.36333",
-			expectedBundleID: "us.zoom.xos",
+			file:               "distribution-zoom-full.xml",
+			expectedName:       "Zoom Workplace",
+			expectedVersion:    "6.1.1.36333",
+			expectedBundleID:   "us.zoom.xos",
+			expectedPackageIDs: []string{"us.zoom.pkg.videomeeting"},
+		},
+		{
+			file:               "test-zero-installkbytes.xml",
+			expectedName:       "ZeroInstallSize.app",
+			expectedVersion:    "1.2.3",
+			expectedBundleID:   "com.bozo.zeroinstallsize",
+			expectedPackageIDs: []string{"com.bozo.zeroinstallsize.app"},
 		},
 	}
 
@@ -168,6 +203,7 @@ func TestParseRealDistributionFiles(t *testing.T) {
 			require.NoError(t, err)
 			metadata, err := parseDistributionFile(rawXML)
 			require.NoError(t, err)
+			assert.ElementsMatch(t, tt.expectedPackageIDs, metadata.PackageIDs)
 			require.Equal(t, tt.expectedName, metadata.Name)
 			require.Equal(t, tt.expectedVersion, metadata.Version)
 			require.Equal(t, tt.expectedBundleID, metadata.BundleIdentifier)
diff --git a/server/authz/policy.rego b/server/authz/policy.rego
index a5455c2e8b..11a9a07c59 100644
--- a/server/authz/policy.rego
+++ b/server/authz/policy.rego
@@ -677,7 +677,7 @@ allow {
 # Host software installs
 ##
 
-# Global admins and maintainers can write (install) software on hosts (not
+# Global admins and maintainers can write (install/uninstall) software on hosts (not
 # gitops as this is not something that relates to fleetctl apply).
 allow {
   object.type == "host_software_installer_result"
@@ -685,7 +685,7 @@ allow {
   action == write
 }
 
-# Team admin and maintainers can write (install) software on hosts for their
+# Team admin and maintainers can write (install/uninstall) software on hosts for their
 # teams (not gitops as this is not something that relates to fleetctl apply).
 allow {
   object.type == "host_software_installer_result"
@@ -937,7 +937,7 @@ allow {
   action == write
 }
 
-# Global admins, maintainers, observer_plus and observers can read scripts.
+# Global admins, maintainers, observer_plus and observers can read script results, including software uninstall results.
 allow {
   object.type == "host_script_result"
   subject.global_role == [admin, maintainer, observer, observer_plus][_]
@@ -953,7 +953,7 @@ allow {
   action == write
 }
 
-# Team admins, maintainers, observer_plus and observers can read scripts for their teams.
+# Team admins, maintainers, observer_plus and observers can read script results for their teams, including software uninstall results.
 allow {
   object.type == "host_script_result"
   not is_null(object.team_id)
diff --git a/server/datastore/mysql/activities.go b/server/datastore/mysql/activities.go
index 09a71a6f22..356f608ef3 100644
--- a/server/datastore/mysql/activities.go
+++ b/server/datastore/mysql/activities.go
@@ -242,15 +242,22 @@ func (ds *Datastore) ListHostUpcomingActivities(ctx context.Context, hostID uint
 		`SELECT
 			COUNT(*) c
 			FROM host_script_results hsr
+			LEFT OUTER JOIN
+		    	host_software_installs hsi ON hsi.execution_id = hsr.execution_id
 			WHERE hsr.host_id = :host_id AND
 						exit_code IS NULL AND
-						(sync_request = 0 OR created_at >= DATE_SUB(NOW(), INTERVAL :max_wait_time SECOND))`,
+						hsi.execution_id IS NULL AND
+						(sync_request = 0 OR hsr.created_at >= DATE_SUB(NOW(), INTERVAL :max_wait_time SECOND))`,
 		`SELECT
 			COUNT(*) c
 			FROM host_software_installs hsi
 			WHERE hsi.host_id = :host_id AND
-						pre_install_query_output IS NULL AND
-						install_script_exit_code IS NULL`,
+				hsi.status = :software_status_install_pending`,
+		`SELECT
+			COUNT(*) c
+			FROM host_software_installs hsi
+			WHERE hsi.host_id = :host_id AND
+				hsi.status = :software_status_uninstall_pending`,
 		`
 		SELECT
 			COUNT(*) c
@@ -265,8 +272,10 @@ func (ds *Datastore) ListHostUpcomingActivities(ctx context.Context, hostID uint
 
 	seconds := int(scripts.MaxServerWaitTime.Seconds())
 	countStmt, args, err := sqlx.Named(countStmt, map[string]any{
-		"host_id":       hostID,
-		"max_wait_time": seconds,
+		"host_id":                           hostID,
+		"max_wait_time":                     seconds,
+		"software_status_install_pending":   fleet.SoftwareInstallPending,
+		"software_status_uninstall_pending": fleet.SoftwareUninstallPending,
 	})
 	if err != nil {
 		return nil, nil, ctxerr.Wrap(ctx, err, "build count query from named args")
@@ -305,13 +314,16 @@ func (ds *Datastore) ListHostUpcomingActivities(ctx context.Context, hostID uint
 			host_display_names hdn ON hdn.host_id = hsr.host_id
 		LEFT OUTER JOIN
 			scripts scr ON scr.id = hsr.script_id
+		LEFT OUTER JOIN
+		    host_software_installs hsi ON hsi.execution_id = hsr.execution_id
 		WHERE
 			hsr.host_id = :host_id AND
 			hsr.exit_code IS NULL AND
 			(
 				hsr.sync_request = 0 OR
 				hsr.created_at >= DATE_SUB(NOW(), INTERVAL :max_wait_time SECOND)
-			)
+			) AND
+			hsi.execution_id IS NULL
 `,
 		// list pending software installs
 		fmt.Sprintf(`SELECT
@@ -330,7 +342,7 @@ func (ds *Datastore) ListHostUpcomingActivities(ctx context.Context, hostID uint
 				'software_title', COALESCE(st.name, ''),
 				'software_package', si.filename,
 				'install_uuid', hsi.execution_id,
-				'status', CAST(%s AS CHAR),
+				'status', CAST(hsi.status AS CHAR),
 				'self_service', si.self_service IS TRUE
 			) as details
 		FROM
@@ -347,9 +359,42 @@ func (ds *Datastore) ListHostUpcomingActivities(ctx context.Context, hostID uint
 			host_display_names hdn ON hdn.host_id = hsi.host_id
 		WHERE
 			hsi.host_id = :host_id AND
-			hsi.pre_install_query_output IS NULL AND
-			hsi.install_script_exit_code IS NULL
-		`, softwareInstallerHostStatusNamedQuery("hsi", "")),
+			hsi.status = :software_status_install_pending
+		`),
+		// list pending software uninstalls
+		fmt.Sprintf(`SELECT
+			hsi.execution_id as uuid,
+			-- policies with automatic installers generate a host_software_installs with (user_id=NULL,self_service=0),
+			-- thus the user_id for the upcoming activity needs to be the user that uploaded the software installer.
+			IF(hsi.user_id IS NULL AND NOT hsi.self_service, u2.name, u.name) AS name,
+			IF(hsi.user_id IS NULL AND NOT hsi.self_service, u2.id, u.id) as user_id,
+			IF(hsi.user_id IS NULL AND NOT hsi.self_service, u2.gravatar_url, u.gravatar_url) as gravatar_url,
+			IF(hsi.user_id IS NULL AND NOT hsi.self_service, u2.email, u.email) AS user_email,
+			:uninstalled_software_type as activity_type,
+			hsi.created_at as created_at,
+			JSON_OBJECT(
+				'host_id', hsi.host_id,
+				'host_display_name', COALESCE(hdn.display_name, ''),
+				'software_title', COALESCE(st.name, ''),
+				'script_execution_id', hsi.execution_id,
+				'status', CAST(hsi.status AS CHAR)
+			) as details
+		FROM
+			host_software_installs hsi
+		INNER JOIN
+			software_installers si ON si.id = hsi.software_installer_id
+		LEFT OUTER JOIN
+			software_titles st ON st.id = si.title_id
+		LEFT OUTER JOIN
+			users u ON u.id = hsi.user_id
+		LEFT OUTER JOIN
+			users u2 ON u2.id = si.user_id
+		LEFT OUTER JOIN
+			host_display_names hdn ON hdn.host_id = hsi.host_id
+		WHERE
+			hsi.host_id = :host_id AND
+			hsi.status = :software_status_uninstall_pending
+		`),
 		`
 SELECT
 	hvsi.command_uuid AS uuid,
@@ -367,7 +412,7 @@ SELECT
 		'command_uuid', hvsi.command_uuid,
 		'self_service', hvsi.self_service IS TRUE,
 		-- status is always pending because only pending MDM commands are upcoming.
-		'status', :software_status_pending
+		'status', :software_status_install_pending
 	) AS details
 FROM
 	host_vpp_software_installs hvsi
@@ -399,14 +444,14 @@ WHERE
 			details
 		FROM ( ` + strings.Join(listStmts, " UNION ALL ") + ` ) AS upcoming `
 	listStmt, args, err = sqlx.Named(listStmt, map[string]any{
-		"host_id":                      hostID,
-		"ran_script_type":              fleet.ActivityTypeRanScript{}.ActivityName(),
-		"installed_software_type":      fleet.ActivityTypeInstalledSoftware{}.ActivityName(),
-		"installed_app_store_app_type": fleet.ActivityInstalledAppStoreApp{}.ActivityName(),
-		"max_wait_time":                seconds,
-		"software_status_failed":       string(fleet.SoftwareInstallerFailed),
-		"software_status_installed":    string(fleet.SoftwareInstallerInstalled),
-		"software_status_pending":      string(fleet.SoftwareInstallerPending),
+		"host_id":                           hostID,
+		"ran_script_type":                   fleet.ActivityTypeRanScript{}.ActivityName(),
+		"installed_software_type":           fleet.ActivityTypeInstalledSoftware{}.ActivityName(),
+		"uninstalled_software_type":         fleet.ActivityTypeUninstalledSoftware{}.ActivityName(),
+		"installed_app_store_app_type":      fleet.ActivityInstalledAppStoreApp{}.ActivityName(),
+		"max_wait_time":                     seconds,
+		"software_status_install_pending":   fleet.SoftwareInstallPending,
+		"software_status_uninstall_pending": fleet.SoftwareUninstallPending,
 	})
 	if err != nil {
 		return nil, nil, ctxerr.Wrap(ctx, err, "build list query from named args")
diff --git a/server/datastore/mysql/activities_test.go b/server/datastore/mysql/activities_test.go
index e56f5b0737..17bd72e6ee 100644
--- a/server/datastore/mysql/activities_test.go
+++ b/server/datastore/mysql/activities_test.go
@@ -508,7 +508,8 @@ func testListHostUpcomingActivities(t *testing.T, ds *Datastore) {
 	h2A := hsr.ExecutionID
 	hsr, err = ds.NewHostScriptExecutionRequest(ctx, &fleet.HostScriptRequestPayload{HostID: h2.ID, ScriptContents: "F", UserID: &u.ID})
 	require.NoError(t, err)
-	_, err = ds.SetHostScriptExecutionResult(ctx, &fleet.HostScriptResultPayload{HostID: h2.ID, ExecutionID: hsr.ExecutionID, Output: "ok", ExitCode: 0})
+	_, _, err = ds.SetHostScriptExecutionResult(ctx,
+		&fleet.HostScriptResultPayload{HostID: h2.ID, ExecutionID: hsr.ExecutionID, Output: "ok", ExitCode: 0})
 	require.NoError(t, err)
 	h2F := hsr.ExecutionID
 	// add a pending software install request for h2
diff --git a/server/datastore/mysql/migrations/tables/20240905200000_UninstallPackages.go b/server/datastore/mysql/migrations/tables/20240905200000_UninstallPackages.go
new file mode 100644
index 0000000000..8bb4f0c008
--- /dev/null
+++ b/server/datastore/mysql/migrations/tables/20240905200000_UninstallPackages.go
@@ -0,0 +1,145 @@
+package tables
+
+import (
+	"database/sql"
+	"fmt"
+
+	"github.com/jmoiron/sqlx"
+	"github.com/jmoiron/sqlx/reflectx"
+)
+
+func init() {
+	MigrationClient.AddMigration(Up_20240905200000, Down_20240905200000)
+}
+
+const placeholderUninstallScript = "# This script will be automatically updated within the next hour\nexit 1"
+const placeholderUninstallScriptWindows = "# This script will be automatically updated within the next hour\nExit 1"
+
+func Up_20240905200000(tx *sql.Tx) error {
+	if _, err := tx.Exec(`
+ALTER TABLE software_installers 
+ADD COLUMN package_ids TEXT COLLATE utf8mb4_unicode_ci NOT NULL,
+ADD COLUMN uninstall_script_content_id int unsigned NOT NULL,
+MODIFY COLUMN uploaded_at TIMESTAMP(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6)
+		`); err != nil {
+		return fmt.Errorf("failed to alter software_installers: %w", err)
+	}
+
+	txx := sqlx.Tx{Tx: tx, Mapper: reflectx.NewMapperFunc("db", sqlx.NameMapper)}
+
+	// Add dummy uninstall scripts if needed -- these will be updated later by a cron job
+	var result []int
+	if err := txx.Select(&result, `SELECT 1 FROM software_installers WHERE platform IN ('linux', 'darwin')`); err != nil {
+		return fmt.Errorf("failed to check software installers for linux or darwin: %w", err)
+	}
+	if len(result) > 0 {
+		linuxScriptID, err := getOrInsertScript(txx, placeholderUninstallScript)
+		if err != nil {
+			return err
+		}
+		// Update software installers with the scripts
+		if _, err := tx.Exec(`UPDATE software_installers SET uninstall_script_content_id = ? WHERE platform IN ('linux', 'darwin')`,
+			linuxScriptID); err != nil {
+			return fmt.Errorf("failed to update software installers: %w", err)
+		}
+	}
+
+	if err := txx.Select(&result, `SELECT 1 FROM software_installers WHERE platform IN ('windows')`); err != nil {
+		return fmt.Errorf("failed to check software installers for windows: %w", err)
+	}
+	if len(result) > 0 {
+		windowsScriptID, err := getOrInsertScript(txx, placeholderUninstallScriptWindows)
+		if err != nil {
+			return err
+		}
+		// Update software installers with the scripts
+		if _, err := tx.Exec(`UPDATE software_installers SET uninstall_script_content_id = ? WHERE platform IN ('windows')`,
+			windowsScriptID); err != nil {
+			return fmt.Errorf("failed to update windows software installers: %w", err)
+		}
+	}
+
+	// Add foreign key
+	if _, err := tx.Exec(`
+ALTER TABLE software_installers
+ADD CONSTRAINT fk_uninstall_script_content_id 
+	FOREIGN KEY (uninstall_script_content_id)
+	REFERENCES script_contents(id)
+	ON DELETE RESTRICT ON UPDATE CASCADE`); err != nil {
+		return fmt.Errorf("failed to add foreign key to software_installers: %w", err)
+	}
+
+	if _, err := tx.Exec(`
+ALTER TABLE host_software_installs
+ADD COLUMN uninstall_script_output TEXT COLLATE utf8mb4_unicode_ci,
+ADD COLUMN uninstall_script_exit_code INT DEFAULT NULL,
+ADD COLUMN uninstall TINYINT UNSIGNED NOT NULL DEFAULT 0,
+ADD COLUMN status ENUM('pending_install', 'failed_install', 'installed', 'pending_uninstall', 'failed_uninstall')
+GENERATED ALWAYS AS (
+CASE
+	WHEN removed = 1 THEN NULL
+
+	WHEN post_install_script_exit_code IS NOT NULL AND
+		post_install_script_exit_code = 0 THEN 'installed'
+
+	WHEN post_install_script_exit_code IS NOT NULL AND
+		post_install_script_exit_code != 0 THEN 'failed_install'
+
+	WHEN install_script_exit_code IS NOT NULL AND
+		install_script_exit_code = 0 THEN 'installed'
+
+	WHEN install_script_exit_code IS NOT NULL AND
+		install_script_exit_code != 0 THEN 'failed_install'
+
+	WHEN pre_install_query_output IS NOT NULL AND
+		pre_install_query_output = '' THEN 'failed_install'
+
+	WHEN host_id IS NOT NULL AND uninstall = 0 THEN 'pending_install'
+
+	WHEN uninstall_script_exit_code IS NOT NULL AND
+		uninstall_script_exit_code != 0 THEN 'failed_uninstall'
+
+	WHEN uninstall_script_exit_code IS NOT NULL AND
+		uninstall_script_exit_code = 0 THEN NULL -- available for install again
+
+	WHEN host_id IS NOT NULL AND uninstall = 1 THEN 'pending_uninstall'
+
+	ELSE NULL -- not installed from Fleet installer or successfully uninstalled
+END
+) STORED NULL,
+MODIFY COLUMN created_at TIMESTAMP(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6),
+MODIFY COLUMN updated_at TIMESTAMP(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6) ON UPDATE CURRENT_TIMESTAMP(6),
+MODIFY COLUMN host_deleted_at TIMESTAMP(6) NULL DEFAULT NULL
+		`); err != nil {
+		return fmt.Errorf("failed to alter host_software_installs: %w", err)
+	}
+
+	return nil
+}
+
+func getOrInsertScript(txx sqlx.Tx, script string) (int64, error) {
+	var ids []int64
+	// check is script already exists
+	csum := md5ChecksumScriptContent(script)
+	if err := txx.Select(&ids, `SELECT id FROM script_contents WHERE md5_checksum = UNHEX(?)`, csum); err != nil {
+		return 0, fmt.Errorf("failed to find script contents: %w", err)
+	}
+	var scriptID int64
+	if len(ids) > 0 {
+		scriptID = ids[0]
+	} else {
+		// create new script
+		var result sql.Result
+		var err error
+		if result, err = txx.Exec(`INSERT INTO script_contents (md5_checksum, contents) VALUES (UNHEX(?), ?)`, csum,
+			script); err != nil {
+			return 0, fmt.Errorf("failed to insert script contents: %w", err)
+		}
+		scriptID, _ = result.LastInsertId()
+	}
+	return scriptID, nil
+}
+
+func Down_20240905200000(_ *sql.Tx) error {
+	return nil
+}
diff --git a/server/datastore/mysql/migrations/tables/20240905200000_UninstallPackages_test.go b/server/datastore/mysql/migrations/tables/20240905200000_UninstallPackages_test.go
new file mode 100644
index 0000000000..e4402341b7
--- /dev/null
+++ b/server/datastore/mysql/migrations/tables/20240905200000_UninstallPackages_test.go
@@ -0,0 +1,101 @@
+package tables
+
+import (
+	"testing"
+
+	"github.com/jmoiron/sqlx"
+	"github.com/jmoiron/sqlx/reflectx"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestUp_20240905200000(t *testing.T) {
+	db := applyUpToPrev(t)
+
+	// Create host
+	insertHostStmt := `
+		INSERT INTO hosts (
+			hostname, uuid, platform, osquery_version, os_version, build, platform_like, code_name,
+			cpu_type, cpu_subtype, cpu_brand, hardware_vendor, hardware_model, hardware_version,
+			hardware_serial, computer_name, team_id
+		) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+	`
+	hostName := "Dummy Hostname"
+	hostUUID := "12345678-1234-1234-1234-123456789012"
+	hostPlatform := "darwin"
+	osqueryVer := "5.9.1"
+	osVersion := "Windows 10"
+	buildVersion := "10.0.19042.1234"
+	platformLike := "apple"
+	codeName := "20H2"
+	cpuType := "x86_64"
+	cpuSubtype := "x86_64"
+	cpuBrand := "Intel"
+	hwVendor := "Dell Inc."
+	hwModel := "OptiPlex 7090"
+	hwVersion := "1.0"
+	hwSerial := "ABCDEFGHIJ"
+	computerName := "DESKTOP-TEST"
+
+	hostID1 := execNoErrLastID(t, db, insertHostStmt, hostName, hostUUID, hostPlatform, osqueryVer,
+		osVersion, buildVersion, platformLike, codeName, cpuType, cpuSubtype, cpuBrand, hwVendor, hwModel, hwVersion, hwSerial,
+		computerName, nil)
+
+	dataStmts := `
+	  INSERT INTO script_contents (id, md5_checksum, contents) VALUES
+	    (1, 'checksum', 'script content');
+
+	  INSERT INTO software_titles (id, name, source, browser) VALUES
+	    (1, 'Foo.app', 'apps', ''),
+	    (2, 'Go', 'deb_packages', ''),
+	    (3, 'Microsoft Teams.exe', 'programs', '');
+
+	  INSERT INTO software_installers
+	    (id, title_id, filename, version, platform, install_script_content_id, storage_id)
+	  VALUES
+	    (1, 1, 'foo-installer.pkg', '1.1', 'darwin', 1, 'storage-id'),
+	    (2, 2, 'go-installer.deb', '2.2', 'linux', 1, 'storage-id'),
+	    (3, 3, 'teams-installer.exe', '3.3', 'windows', 1, 'storage-id');
+	`
+	_, err := db.Exec(dataStmts)
+	require.NoError(t, err)
+
+	tx, err := db.Begin()
+	require.NoError(t, err)
+	txx := sqlx.Tx{Tx: tx, Mapper: reflectx.NewMapperFunc("db", sqlx.NameMapper)}
+	scriptID, err := getOrInsertScript(txx, placeholderUninstallScript)
+	require.NoError(t, err)
+	err = tx.Commit()
+	require.NoError(t, err)
+
+	hsiStmt := `
+	INSERT INTO host_software_installs (
+		host_id,
+		execution_id,
+		software_installer_id,
+		install_script_exit_code
+	) VALUES (?, ?, ?, ?)`
+	hsi1 := execNoErrLastID(t, db, hsiStmt, hostID1, "execution-id1", 1, 0)
+
+	// Apply current migration.
+	applyNext(t, db)
+
+	var scriptIDs []int64
+	err = db.Select(&scriptIDs, "SELECT uninstall_script_content_id FROM software_installers WHERE id IN (1, 2)")
+	require.NoError(t, err)
+	require.ElementsMatch(t, []int64{scriptID, scriptID}, scriptIDs)
+
+	var windowsScript string
+	err = db.Get(&windowsScript, `
+		SELECT contents FROM script_contents sc
+		INNER JOIN software_installers si ON sc.id = si.uninstall_script_content_id
+		WHERE si.id = 3`)
+	require.NoError(t, err)
+	assert.Equal(t, placeholderUninstallScriptWindows, windowsScript)
+
+	var status string
+	err = db.Get(&status, "SELECT status FROM host_software_installs WHERE id = ?", hsi1)
+	require.NoError(t, err)
+	assert.Equal(t, "installed", status)
+
+}
diff --git a/server/datastore/mysql/schema.sql b/server/datastore/mysql/schema.sql
index 595878a839..d30b3f12ef 100644
--- a/server/datastore/mysql/schema.sql
+++ b/server/datastore/mysql/schema.sql
@@ -553,11 +553,15 @@ CREATE TABLE `host_software_installs` (
   `post_install_script_output` text CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci,
   `post_install_script_exit_code` int DEFAULT NULL,
   `user_id` int unsigned DEFAULT NULL,
-  `created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
-  `updated_at` timestamp NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+  `created_at` timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6),
+  `updated_at` timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6) ON UPDATE CURRENT_TIMESTAMP(6),
   `self_service` tinyint(1) NOT NULL DEFAULT '0',
-  `host_deleted_at` timestamp NULL DEFAULT NULL,
+  `host_deleted_at` timestamp(6) NULL DEFAULT NULL,
   `removed` tinyint NOT NULL DEFAULT '0',
+  `uninstall_script_output` text CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci,
+  `uninstall_script_exit_code` int DEFAULT NULL,
+  `uninstall` tinyint unsigned NOT NULL DEFAULT '0',
+  `status` enum('pending_install','failed_install','installed','pending_uninstall','failed_uninstall') COLLATE utf8mb4_unicode_ci GENERATED ALWAYS AS ((case when (`removed` = 1) then NULL when ((`post_install_script_exit_code` is not null) and (`post_install_script_exit_code` = 0)) then _utf8mb4'installed' when ((`post_install_script_exit_code` is not null) and (`post_install_script_exit_code` <> 0)) then _utf8mb4'failed_install' when ((`install_script_exit_code` is not null) and (`install_script_exit_code` = 0)) then _utf8mb4'installed' when ((`install_script_exit_code` is not null) and (`install_script_exit_code` <> 0)) then _utf8mb4'failed_install' when ((`pre_install_query_output` is not null) and (`pre_install_query_output` = _utf8mb4'')) then _utf8mb4'failed_install' when ((`host_id` is not null) and (`uninstall` = 0)) then _utf8mb4'pending_install' when ((`uninstall_script_exit_code` is not null) and (`uninstall_script_exit_code` <> 0)) then _utf8mb4'failed_uninstall' when ((`uninstall_script_exit_code` is not null) and (`uninstall_script_exit_code` = 0)) then NULL when ((`host_id` is not null) and (`uninstall` = 1)) then _utf8mb4'pending_uninstall' else NULL end)) STORED,
   PRIMARY KEY (`id`),
   UNIQUE KEY `idx_host_software_installs_execution_id` (`execution_id`),
   KEY `fk_host_software_installs_installer_id` (`software_installer_id`),
@@ -1034,9 +1038,9 @@ CREATE TABLE `migration_status_tables` (
   `tstamp` timestamp NULL DEFAULT CURRENT_TIMESTAMP,
   PRIMARY KEY (`id`),
   UNIQUE KEY `id` (`id`)
-) /*!50100 TABLESPACE `innodb_system` */ ENGINE=InnoDB AUTO_INCREMENT=311 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+) /*!50100 TABLESPACE `innodb_system` */ ENGINE=InnoDB AUTO_INCREMENT=312 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
 /*!40101 SET character_set_client = @saved_cs_client */;
-INSERT INTO `migration_status_tables` VALUES (1,0,1,'2020-01-01 01:01:01'),(2,20161118193812,1,'2020-01-01 01:01:01'),(3,20161118211713,1,'2020-01-01 01:01:01'),(4,20161118212436,1,'2020-01-01 01:01:01'),(5,20161118212515,1,'2020-01-01 01:01:01'),(6,20161118212528,1,'2020-01-01 01:01:01'),(7,20161118212538,1,'2020-01-01 01:01:01'),(8,20161118212549,1,'2020-01-01 01:01:01'),(9,20161118212557,1,'2020-01-01 01:01:01'),(10,20161118212604,1,'2020-01-01 01:01:01'),(11,20161118212613,1,'2020-01-01 01:01:01'),(12,20161118212621,1,'2020-01-01 01:01:01'),(13,20161118212630,1,'2020-01-01 01:01:01'),(14,20161118212641,1,'2020-01-01 01:01:01'),(15,20161118212649,1,'2020-01-01 01:01:01'),(16,20161118212656,1,'2020-01-01 01:01:01'),(17,20161118212758,1,'2020-01-01 01:01:01'),(18,20161128234849,1,'2020-01-01 01:01:01'),(19,20161230162221,1,'2020-01-01 01:01:01'),(20,20170104113816,1,'2020-01-01 01:01:01'),(21,20170105151732,1,'2020-01-01 01:01:01'),(22,20170108191242,1,'2020-01-01 01:01:01'),(23,20170109094020,1,'2020-01-01 01:01:01'),(24,20170109130438,1,'2020-01-01 01:01:01'),(25,20170110202752,1,'2020-01-01 01:01:01'),(26,20170111133013,1,'2020-01-01 01:01:01'),(27,20170117025759,1,'2020-01-01 01:01:01'),(28,20170118191001,1,'2020-01-01 01:01:01'),(29,20170119234632,1,'2020-01-01 01:01:01'),(30,20170124230432,1,'2020-01-01 01:01:01'),(31,20170127014618,1,'2020-01-01 01:01:01'),(32,20170131232841,1,'2020-01-01 01:01:01'),(33,20170223094154,1,'2020-01-01 01:01:01'),(34,20170306075207,1,'2020-01-01 01:01:01'),(35,20170309100733,1,'2020-01-01 01:01:01'),(36,20170331111922,1,'2020-01-01 01:01:01'),(37,20170502143928,1,'2020-01-01 01:01:01'),(38,20170504130602,1,'2020-01-01 01:01:01'),(39,20170509132100,1,'2020-01-01 01:01:01'),(40,20170519105647,1,'2020-01-01 01:01:01'),(41,20170519105648,1,'2020-01-01 01:01:01'),(42,20170831234300,1,'2020-01-01 01:01:01'),(43,20170831234301,1,'2020-01-01 01:01:01'),(44,20170831234303,1,'2020-01-01 01:01:01'),(45,20171116163618,1,'2020-01-01 01:01:01'),(46,20171219164727,1,'2020-01-01 01:01:01'),(47,20180620164811,1,'2020-01-01 01:01:01'),(48,20180620175054,1,'2020-01-01 01:01:01'),(49,20180620175055,1,'2020-01-01 01:01:01'),(50,20191010101639,1,'2020-01-01 01:01:01'),(51,20191010155147,1,'2020-01-01 01:01:01'),(52,20191220130734,1,'2020-01-01 01:01:01'),(53,20200311140000,1,'2020-01-01 01:01:01'),(54,20200405120000,1,'2020-01-01 01:01:01'),(55,20200407120000,1,'2020-01-01 01:01:01'),(56,20200420120000,1,'2020-01-01 01:01:01'),(57,20200504120000,1,'2020-01-01 01:01:01'),(58,20200512120000,1,'2020-01-01 01:01:01'),(59,20200707120000,1,'2020-01-01 01:01:01'),(60,20201011162341,1,'2020-01-01 01:01:01'),(61,20201021104586,1,'2020-01-01 01:01:01'),(62,20201102112520,1,'2020-01-01 01:01:01'),(63,20201208121729,1,'2020-01-01 01:01:01'),(64,20201215091637,1,'2020-01-01 01:01:01'),(65,20210119174155,1,'2020-01-01 01:01:01'),(66,20210326182902,1,'2020-01-01 01:01:01'),(67,20210421112652,1,'2020-01-01 01:01:01'),(68,20210506095025,1,'2020-01-01 01:01:01'),(69,20210513115729,1,'2020-01-01 01:01:01'),(70,20210526113559,1,'2020-01-01 01:01:01'),(71,20210601000001,1,'2020-01-01 01:01:01'),(72,20210601000002,1,'2020-01-01 01:01:01'),(73,20210601000003,1,'2020-01-01 01:01:01'),(74,20210601000004,1,'2020-01-01 01:01:01'),(75,20210601000005,1,'2020-01-01 01:01:01'),(76,20210601000006,1,'2020-01-01 01:01:01'),(77,20210601000007,1,'2020-01-01 01:01:01'),(78,20210601000008,1,'2020-01-01 01:01:01'),(79,20210606151329,1,'2020-01-01 01:01:01'),(80,20210616163757,1,'2020-01-01 01:01:01'),(81,20210617174723,1,'2020-01-01 01:01:01'),(82,20210622160235,1,'2020-01-01 01:01:01'),(83,20210623100031,1,'2020-01-01 01:01:01'),(84,20210623133615,1,'2020-01-01 01:01:01'),(85,20210708143152,1,'2020-01-01 01:01:01'),(86,20210709124443,1,'2020-01-01 01:01:01'),(87,20210712155608,1,'2020-01-01 01:01:01'),(88,20210714102108,1,'2020-01-01 01:01:01'),(89,20210719153709,1,'2020-01-01 01:01:01'),(90,20210721171531,1,'2020-01-01 01:01:01'),(91,20210723135713,1,'2020-01-01 01:01:01'),(92,20210802135933,1,'2020-01-01 01:01:01'),(93,20210806112844,1,'2020-01-01 01:01:01'),(94,20210810095603,1,'2020-01-01 01:01:01'),(95,20210811150223,1,'2020-01-01 01:01:01'),(96,20210818151827,1,'2020-01-01 01:01:01'),(97,20210818151828,1,'2020-01-01 01:01:01'),(98,20210818182258,1,'2020-01-01 01:01:01'),(99,20210819131107,1,'2020-01-01 01:01:01'),(100,20210819143446,1,'2020-01-01 01:01:01'),(101,20210903132338,1,'2020-01-01 01:01:01'),(102,20210915144307,1,'2020-01-01 01:01:01'),(103,20210920155130,1,'2020-01-01 01:01:01'),(104,20210927143115,1,'2020-01-01 01:01:01'),(105,20210927143116,1,'2020-01-01 01:01:01'),(106,20211013133706,1,'2020-01-01 01:01:01'),(107,20211013133707,1,'2020-01-01 01:01:01'),(108,20211102135149,1,'2020-01-01 01:01:01'),(109,20211109121546,1,'2020-01-01 01:01:01'),(110,20211110163320,1,'2020-01-01 01:01:01'),(111,20211116184029,1,'2020-01-01 01:01:01'),(112,20211116184030,1,'2020-01-01 01:01:01'),(113,20211202092042,1,'2020-01-01 01:01:01'),(114,20211202181033,1,'2020-01-01 01:01:01'),(115,20211207161856,1,'2020-01-01 01:01:01'),(116,20211216131203,1,'2020-01-01 01:01:01'),(117,20211221110132,1,'2020-01-01 01:01:01'),(118,20220107155700,1,'2020-01-01 01:01:01'),(119,20220125105650,1,'2020-01-01 01:01:01'),(120,20220201084510,1,'2020-01-01 01:01:01'),(121,20220208144830,1,'2020-01-01 01:01:01'),(122,20220208144831,1,'2020-01-01 01:01:01'),(123,20220215152203,1,'2020-01-01 01:01:01'),(124,20220223113157,1,'2020-01-01 01:01:01'),(125,20220307104655,1,'2020-01-01 01:01:01'),(126,20220309133956,1,'2020-01-01 01:01:01'),(127,20220316155700,1,'2020-01-01 01:01:01'),(128,20220323152301,1,'2020-01-01 01:01:01'),(129,20220330100659,1,'2020-01-01 01:01:01'),(130,20220404091216,1,'2020-01-01 01:01:01'),(131,20220419140750,1,'2020-01-01 01:01:01'),(132,20220428140039,1,'2020-01-01 01:01:01'),(133,20220503134048,1,'2020-01-01 01:01:01'),(134,20220524102918,1,'2020-01-01 01:01:01'),(135,20220526123327,1,'2020-01-01 01:01:01'),(136,20220526123328,1,'2020-01-01 01:01:01'),(137,20220526123329,1,'2020-01-01 01:01:01'),(138,20220608113128,1,'2020-01-01 01:01:01'),(139,20220627104817,1,'2020-01-01 01:01:01'),(140,20220704101843,1,'2020-01-01 01:01:01'),(141,20220708095046,1,'2020-01-01 01:01:01'),(142,20220713091130,1,'2020-01-01 01:01:01'),(143,20220802135510,1,'2020-01-01 01:01:01'),(144,20220818101352,1,'2020-01-01 01:01:01'),(145,20220822161445,1,'2020-01-01 01:01:01'),(146,20220831100036,1,'2020-01-01 01:01:01'),(147,20220831100151,1,'2020-01-01 01:01:01'),(148,20220908181826,1,'2020-01-01 01:01:01'),(149,20220914154915,1,'2020-01-01 01:01:01'),(150,20220915165115,1,'2020-01-01 01:01:01'),(151,20220915165116,1,'2020-01-01 01:01:01'),(152,20220928100158,1,'2020-01-01 01:01:01'),(153,20221014084130,1,'2020-01-01 01:01:01'),(154,20221027085019,1,'2020-01-01 01:01:01'),(155,20221101103952,1,'2020-01-01 01:01:01'),(156,20221104144401,1,'2020-01-01 01:01:01'),(157,20221109100749,1,'2020-01-01 01:01:01'),(158,20221115104546,1,'2020-01-01 01:01:01'),(159,20221130114928,1,'2020-01-01 01:01:01'),(160,20221205112142,1,'2020-01-01 01:01:01'),(161,20221216115820,1,'2020-01-01 01:01:01'),(162,20221220195934,1,'2020-01-01 01:01:01'),(163,20221220195935,1,'2020-01-01 01:01:01'),(164,20221223174807,1,'2020-01-01 01:01:01'),(165,20221227163855,1,'2020-01-01 01:01:01'),(166,20221227163856,1,'2020-01-01 01:01:01'),(167,20230202224725,1,'2020-01-01 01:01:01'),(168,20230206163608,1,'2020-01-01 01:01:01'),(169,20230214131519,1,'2020-01-01 01:01:01'),(170,20230303135738,1,'2020-01-01 01:01:01'),(171,20230313135301,1,'2020-01-01 01:01:01'),(172,20230313141819,1,'2020-01-01 01:01:01'),(173,20230315104937,1,'2020-01-01 01:01:01'),(174,20230317173844,1,'2020-01-01 01:01:01'),(175,20230320133602,1,'2020-01-01 01:01:01'),(176,20230330100011,1,'2020-01-01 01:01:01'),(177,20230330134823,1,'2020-01-01 01:01:01'),(178,20230405232025,1,'2020-01-01 01:01:01'),(179,20230408084104,1,'2020-01-01 01:01:01'),(180,20230411102858,1,'2020-01-01 01:01:01'),(181,20230421155932,1,'2020-01-01 01:01:01'),(182,20230425082126,1,'2020-01-01 01:01:01'),(183,20230425105727,1,'2020-01-01 01:01:01'),(184,20230501154913,1,'2020-01-01 01:01:01'),(185,20230503101418,1,'2020-01-01 01:01:01'),(186,20230515144206,1,'2020-01-01 01:01:01'),(187,20230517140952,1,'2020-01-01 01:01:01'),(188,20230517152807,1,'2020-01-01 01:01:01'),(189,20230518114155,1,'2020-01-01 01:01:01'),(190,20230520153236,1,'2020-01-01 01:01:01'),(191,20230525151159,1,'2020-01-01 01:01:01'),(192,20230530122103,1,'2020-01-01 01:01:01'),(193,20230602111827,1,'2020-01-01 01:01:01'),(194,20230608103123,1,'2020-01-01 01:01:01'),(195,20230629140529,1,'2020-01-01 01:01:01'),(196,20230629140530,1,'2020-01-01 01:01:01'),(197,20230711144622,1,'2020-01-01 01:01:01'),(198,20230721135421,1,'2020-01-01 01:01:01'),(199,20230721161508,1,'2020-01-01 01:01:01'),(200,20230726115701,1,'2020-01-01 01:01:01'),(201,20230807100822,1,'2020-01-01 01:01:01'),(202,20230814150442,1,'2020-01-01 01:01:01'),(203,20230823122728,1,'2020-01-01 01:01:01'),(204,20230906152143,1,'2020-01-01 01:01:01'),(205,20230911163618,1,'2020-01-01 01:01:01'),(206,20230912101759,1,'2020-01-01 01:01:01'),(207,20230915101341,1,'2020-01-01 01:01:01'),(208,20230918132351,1,'2020-01-01 01:01:01'),(209,20231004144339,1,'2020-01-01 01:01:01'),(210,20231009094541,1,'2020-01-01 01:01:01'),(211,20231009094542,1,'2020-01-01 01:01:01'),(212,20231009094543,1,'2020-01-01 01:01:01'),(213,20231009094544,1,'2020-01-01 01:01:01'),(214,20231016091915,1,'2020-01-01 01:01:01'),(215,20231024174135,1,'2020-01-01 01:01:01'),(216,20231025120016,1,'2020-01-01 01:01:01'),(217,20231025160156,1,'2020-01-01 01:01:01'),(218,20231031165350,1,'2020-01-01 01:01:01'),(219,20231106144110,1,'2020-01-01 01:01:01'),(220,20231107130934,1,'2020-01-01 01:01:01'),(221,20231109115838,1,'2020-01-01 01:01:01'),(222,20231121054530,1,'2020-01-01 01:01:01'),(223,20231122101320,1,'2020-01-01 01:01:01'),(224,20231130132828,1,'2020-01-01 01:01:01'),(225,20231130132931,1,'2020-01-01 01:01:01'),(226,20231204155427,1,'2020-01-01 01:01:01'),(227,20231206142340,1,'2020-01-01 01:01:01'),(228,20231207102320,1,'2020-01-01 01:01:01'),(229,20231207102321,1,'2020-01-01 01:01:01'),(230,20231207133731,1,'2020-01-01 01:01:01'),(231,20231212094238,1,'2020-01-01 01:01:01'),(232,20231212095734,1,'2020-01-01 01:01:01'),(233,20231212161121,1,'2020-01-01 01:01:01'),(234,20231215122713,1,'2020-01-01 01:01:01'),(235,20231219143041,1,'2020-01-01 01:01:01'),(236,20231224070653,1,'2020-01-01 01:01:01'),(237,20240110134315,1,'2020-01-01 01:01:01'),(238,20240119091637,1,'2020-01-01 01:01:01'),(239,20240126020642,1,'2020-01-01 01:01:01'),(240,20240126020643,1,'2020-01-01 01:01:01'),(241,20240129162819,1,'2020-01-01 01:01:01'),(242,20240130115133,1,'2020-01-01 01:01:01'),(243,20240131083822,1,'2020-01-01 01:01:01'),(244,20240205095928,1,'2020-01-01 01:01:01'),(245,20240205121956,1,'2020-01-01 01:01:01'),(246,20240209110212,1,'2020-01-01 01:01:01'),(247,20240212111533,1,'2020-01-01 01:01:01'),(248,20240221112844,1,'2020-01-01 01:01:01'),(249,20240222073518,1,'2020-01-01 01:01:01'),(250,20240222135115,1,'2020-01-01 01:01:01'),(251,20240226082255,1,'2020-01-01 01:01:01'),(252,20240228082706,1,'2020-01-01 01:01:01'),(253,20240301173035,1,'2020-01-01 01:01:01'),(254,20240302111134,1,'2020-01-01 01:01:01'),(255,20240312103753,1,'2020-01-01 01:01:01'),(256,20240313143416,1,'2020-01-01 01:01:01'),(257,20240314085226,1,'2020-01-01 01:01:01'),(258,20240314151747,1,'2020-01-01 01:01:01'),(259,20240320145650,1,'2020-01-01 01:01:01'),(260,20240327115530,1,'2020-01-01 01:01:01'),(261,20240327115617,1,'2020-01-01 01:01:01'),(262,20240408085837,1,'2020-01-01 01:01:01'),(263,20240415104633,1,'2020-01-01 01:01:01'),(264,20240430111727,1,'2020-01-01 01:01:01'),(265,20240515200020,1,'2020-01-01 01:01:01'),(266,20240521143023,1,'2020-01-01 01:01:01'),(267,20240521143024,1,'2020-01-01 01:01:01'),(268,20240601174138,1,'2020-01-01 01:01:01'),(269,20240607133721,1,'2020-01-01 01:01:01'),(270,20240612150059,1,'2020-01-01 01:01:01'),(271,20240613162201,1,'2020-01-01 01:01:01'),(272,20240613172616,1,'2020-01-01 01:01:01'),(273,20240618142419,1,'2020-01-01 01:01:01'),(274,20240625093543,1,'2020-01-01 01:01:01'),(275,20240626195531,1,'2020-01-01 01:01:01'),(276,20240702123921,1,'2020-01-01 01:01:01'),(277,20240703154849,1,'2020-01-01 01:01:01'),(278,20240707134035,1,'2020-01-01 01:01:01'),(279,20240707134036,1,'2020-01-01 01:01:01'),(280,20240709124958,1,'2020-01-01 01:01:01'),(281,20240709132642,1,'2020-01-01 01:01:01'),(282,20240709183940,1,'2020-01-01 01:01:01'),(283,20240710155623,1,'2020-01-01 01:01:01'),(284,20240723102712,1,'2020-01-01 01:01:01'),(285,20240725152735,1,'2020-01-01 01:01:01'),(286,20240725182118,1,'2020-01-01 01:01:01'),(287,20240726100517,1,'2020-01-01 01:01:01'),(288,20240730171504,1,'2020-01-01 01:01:01'),(289,20240730174056,1,'2020-01-01 01:01:01'),(290,20240730215453,1,'2020-01-01 01:01:01'),(291,20240730374423,1,'2020-01-01 01:01:01'),(292,20240801115359,1,'2020-01-01 01:01:01'),(293,20240802101043,1,'2020-01-01 01:01:01'),(294,20240802113716,1,'2020-01-01 01:01:01'),(295,20240814135330,1,'2020-01-01 01:01:01'),(296,20240815000000,1,'2020-01-01 01:01:01'),(297,20240815000001,1,'2020-01-01 01:01:01'),(298,20240816103247,1,'2020-01-01 01:01:01'),(299,20240820091218,1,'2020-01-01 01:01:01'),(300,20240826111228,1,'2020-01-01 01:01:01'),(301,20240826160025,1,'2020-01-01 01:01:01'),(302,20240829165448,1,'2020-01-01 01:01:01'),(303,20240829165605,1,'2020-01-01 01:01:01'),(304,20240829165715,1,'2020-01-01 01:01:01'),(305,20240829165930,1,'2020-01-01 01:01:01'),(306,20240829170023,1,'2020-01-01 01:01:01'),(307,20240829170033,1,'2020-01-01 01:01:01'),(308,20240829170044,1,'2020-01-01 01:01:01'),(309,20240905105135,1,'2020-01-01 01:01:01'),(310,20240905140514,1,'2020-01-01 01:01:01');
+INSERT INTO `migration_status_tables` VALUES (1,0,1,'2020-01-01 01:01:01'),(2,20161118193812,1,'2020-01-01 01:01:01'),(3,20161118211713,1,'2020-01-01 01:01:01'),(4,20161118212436,1,'2020-01-01 01:01:01'),(5,20161118212515,1,'2020-01-01 01:01:01'),(6,20161118212528,1,'2020-01-01 01:01:01'),(7,20161118212538,1,'2020-01-01 01:01:01'),(8,20161118212549,1,'2020-01-01 01:01:01'),(9,20161118212557,1,'2020-01-01 01:01:01'),(10,20161118212604,1,'2020-01-01 01:01:01'),(11,20161118212613,1,'2020-01-01 01:01:01'),(12,20161118212621,1,'2020-01-01 01:01:01'),(13,20161118212630,1,'2020-01-01 01:01:01'),(14,20161118212641,1,'2020-01-01 01:01:01'),(15,20161118212649,1,'2020-01-01 01:01:01'),(16,20161118212656,1,'2020-01-01 01:01:01'),(17,20161118212758,1,'2020-01-01 01:01:01'),(18,20161128234849,1,'2020-01-01 01:01:01'),(19,20161230162221,1,'2020-01-01 01:01:01'),(20,20170104113816,1,'2020-01-01 01:01:01'),(21,20170105151732,1,'2020-01-01 01:01:01'),(22,20170108191242,1,'2020-01-01 01:01:01'),(23,20170109094020,1,'2020-01-01 01:01:01'),(24,20170109130438,1,'2020-01-01 01:01:01'),(25,20170110202752,1,'2020-01-01 01:01:01'),(26,20170111133013,1,'2020-01-01 01:01:01'),(27,20170117025759,1,'2020-01-01 01:01:01'),(28,20170118191001,1,'2020-01-01 01:01:01'),(29,20170119234632,1,'2020-01-01 01:01:01'),(30,20170124230432,1,'2020-01-01 01:01:01'),(31,20170127014618,1,'2020-01-01 01:01:01'),(32,20170131232841,1,'2020-01-01 01:01:01'),(33,20170223094154,1,'2020-01-01 01:01:01'),(34,20170306075207,1,'2020-01-01 01:01:01'),(35,20170309100733,1,'2020-01-01 01:01:01'),(36,20170331111922,1,'2020-01-01 01:01:01'),(37,20170502143928,1,'2020-01-01 01:01:01'),(38,20170504130602,1,'2020-01-01 01:01:01'),(39,20170509132100,1,'2020-01-01 01:01:01'),(40,20170519105647,1,'2020-01-01 01:01:01'),(41,20170519105648,1,'2020-01-01 01:01:01'),(42,20170831234300,1,'2020-01-01 01:01:01'),(43,20170831234301,1,'2020-01-01 01:01:01'),(44,20170831234303,1,'2020-01-01 01:01:01'),(45,20171116163618,1,'2020-01-01 01:01:01'),(46,20171219164727,1,'2020-01-01 01:01:01'),(47,20180620164811,1,'2020-01-01 01:01:01'),(48,20180620175054,1,'2020-01-01 01:01:01'),(49,20180620175055,1,'2020-01-01 01:01:01'),(50,20191010101639,1,'2020-01-01 01:01:01'),(51,20191010155147,1,'2020-01-01 01:01:01'),(52,20191220130734,1,'2020-01-01 01:01:01'),(53,20200311140000,1,'2020-01-01 01:01:01'),(54,20200405120000,1,'2020-01-01 01:01:01'),(55,20200407120000,1,'2020-01-01 01:01:01'),(56,20200420120000,1,'2020-01-01 01:01:01'),(57,20200504120000,1,'2020-01-01 01:01:01'),(58,20200512120000,1,'2020-01-01 01:01:01'),(59,20200707120000,1,'2020-01-01 01:01:01'),(60,20201011162341,1,'2020-01-01 01:01:01'),(61,20201021104586,1,'2020-01-01 01:01:01'),(62,20201102112520,1,'2020-01-01 01:01:01'),(63,20201208121729,1,'2020-01-01 01:01:01'),(64,20201215091637,1,'2020-01-01 01:01:01'),(65,20210119174155,1,'2020-01-01 01:01:01'),(66,20210326182902,1,'2020-01-01 01:01:01'),(67,20210421112652,1,'2020-01-01 01:01:01'),(68,20210506095025,1,'2020-01-01 01:01:01'),(69,20210513115729,1,'2020-01-01 01:01:01'),(70,20210526113559,1,'2020-01-01 01:01:01'),(71,20210601000001,1,'2020-01-01 01:01:01'),(72,20210601000002,1,'2020-01-01 01:01:01'),(73,20210601000003,1,'2020-01-01 01:01:01'),(74,20210601000004,1,'2020-01-01 01:01:01'),(75,20210601000005,1,'2020-01-01 01:01:01'),(76,20210601000006,1,'2020-01-01 01:01:01'),(77,20210601000007,1,'2020-01-01 01:01:01'),(78,20210601000008,1,'2020-01-01 01:01:01'),(79,20210606151329,1,'2020-01-01 01:01:01'),(80,20210616163757,1,'2020-01-01 01:01:01'),(81,20210617174723,1,'2020-01-01 01:01:01'),(82,20210622160235,1,'2020-01-01 01:01:01'),(83,20210623100031,1,'2020-01-01 01:01:01'),(84,20210623133615,1,'2020-01-01 01:01:01'),(85,20210708143152,1,'2020-01-01 01:01:01'),(86,20210709124443,1,'2020-01-01 01:01:01'),(87,20210712155608,1,'2020-01-01 01:01:01'),(88,20210714102108,1,'2020-01-01 01:01:01'),(89,20210719153709,1,'2020-01-01 01:01:01'),(90,20210721171531,1,'2020-01-01 01:01:01'),(91,20210723135713,1,'2020-01-01 01:01:01'),(92,20210802135933,1,'2020-01-01 01:01:01'),(93,20210806112844,1,'2020-01-01 01:01:01'),(94,20210810095603,1,'2020-01-01 01:01:01'),(95,20210811150223,1,'2020-01-01 01:01:01'),(96,20210818151827,1,'2020-01-01 01:01:01'),(97,20210818151828,1,'2020-01-01 01:01:01'),(98,20210818182258,1,'2020-01-01 01:01:01'),(99,20210819131107,1,'2020-01-01 01:01:01'),(100,20210819143446,1,'2020-01-01 01:01:01'),(101,20210903132338,1,'2020-01-01 01:01:01'),(102,20210915144307,1,'2020-01-01 01:01:01'),(103,20210920155130,1,'2020-01-01 01:01:01'),(104,20210927143115,1,'2020-01-01 01:01:01'),(105,20210927143116,1,'2020-01-01 01:01:01'),(106,20211013133706,1,'2020-01-01 01:01:01'),(107,20211013133707,1,'2020-01-01 01:01:01'),(108,20211102135149,1,'2020-01-01 01:01:01'),(109,20211109121546,1,'2020-01-01 01:01:01'),(110,20211110163320,1,'2020-01-01 01:01:01'),(111,20211116184029,1,'2020-01-01 01:01:01'),(112,20211116184030,1,'2020-01-01 01:01:01'),(113,20211202092042,1,'2020-01-01 01:01:01'),(114,20211202181033,1,'2020-01-01 01:01:01'),(115,20211207161856,1,'2020-01-01 01:01:01'),(116,20211216131203,1,'2020-01-01 01:01:01'),(117,20211221110132,1,'2020-01-01 01:01:01'),(118,20220107155700,1,'2020-01-01 01:01:01'),(119,20220125105650,1,'2020-01-01 01:01:01'),(120,20220201084510,1,'2020-01-01 01:01:01'),(121,20220208144830,1,'2020-01-01 01:01:01'),(122,20220208144831,1,'2020-01-01 01:01:01'),(123,20220215152203,1,'2020-01-01 01:01:01'),(124,20220223113157,1,'2020-01-01 01:01:01'),(125,20220307104655,1,'2020-01-01 01:01:01'),(126,20220309133956,1,'2020-01-01 01:01:01'),(127,20220316155700,1,'2020-01-01 01:01:01'),(128,20220323152301,1,'2020-01-01 01:01:01'),(129,20220330100659,1,'2020-01-01 01:01:01'),(130,20220404091216,1,'2020-01-01 01:01:01'),(131,20220419140750,1,'2020-01-01 01:01:01'),(132,20220428140039,1,'2020-01-01 01:01:01'),(133,20220503134048,1,'2020-01-01 01:01:01'),(134,20220524102918,1,'2020-01-01 01:01:01'),(135,20220526123327,1,'2020-01-01 01:01:01'),(136,20220526123328,1,'2020-01-01 01:01:01'),(137,20220526123329,1,'2020-01-01 01:01:01'),(138,20220608113128,1,'2020-01-01 01:01:01'),(139,20220627104817,1,'2020-01-01 01:01:01'),(140,20220704101843,1,'2020-01-01 01:01:01'),(141,20220708095046,1,'2020-01-01 01:01:01'),(142,20220713091130,1,'2020-01-01 01:01:01'),(143,20220802135510,1,'2020-01-01 01:01:01'),(144,20220818101352,1,'2020-01-01 01:01:01'),(145,20220822161445,1,'2020-01-01 01:01:01'),(146,20220831100036,1,'2020-01-01 01:01:01'),(147,20220831100151,1,'2020-01-01 01:01:01'),(148,20220908181826,1,'2020-01-01 01:01:01'),(149,20220914154915,1,'2020-01-01 01:01:01'),(150,20220915165115,1,'2020-01-01 01:01:01'),(151,20220915165116,1,'2020-01-01 01:01:01'),(152,20220928100158,1,'2020-01-01 01:01:01'),(153,20221014084130,1,'2020-01-01 01:01:01'),(154,20221027085019,1,'2020-01-01 01:01:01'),(155,20221101103952,1,'2020-01-01 01:01:01'),(156,20221104144401,1,'2020-01-01 01:01:01'),(157,20221109100749,1,'2020-01-01 01:01:01'),(158,20221115104546,1,'2020-01-01 01:01:01'),(159,20221130114928,1,'2020-01-01 01:01:01'),(160,20221205112142,1,'2020-01-01 01:01:01'),(161,20221216115820,1,'2020-01-01 01:01:01'),(162,20221220195934,1,'2020-01-01 01:01:01'),(163,20221220195935,1,'2020-01-01 01:01:01'),(164,20221223174807,1,'2020-01-01 01:01:01'),(165,20221227163855,1,'2020-01-01 01:01:01'),(166,20221227163856,1,'2020-01-01 01:01:01'),(167,20230202224725,1,'2020-01-01 01:01:01'),(168,20230206163608,1,'2020-01-01 01:01:01'),(169,20230214131519,1,'2020-01-01 01:01:01'),(170,20230303135738,1,'2020-01-01 01:01:01'),(171,20230313135301,1,'2020-01-01 01:01:01'),(172,20230313141819,1,'2020-01-01 01:01:01'),(173,20230315104937,1,'2020-01-01 01:01:01'),(174,20230317173844,1,'2020-01-01 01:01:01'),(175,20230320133602,1,'2020-01-01 01:01:01'),(176,20230330100011,1,'2020-01-01 01:01:01'),(177,20230330134823,1,'2020-01-01 01:01:01'),(178,20230405232025,1,'2020-01-01 01:01:01'),(179,20230408084104,1,'2020-01-01 01:01:01'),(180,20230411102858,1,'2020-01-01 01:01:01'),(181,20230421155932,1,'2020-01-01 01:01:01'),(182,20230425082126,1,'2020-01-01 01:01:01'),(183,20230425105727,1,'2020-01-01 01:01:01'),(184,20230501154913,1,'2020-01-01 01:01:01'),(185,20230503101418,1,'2020-01-01 01:01:01'),(186,20230515144206,1,'2020-01-01 01:01:01'),(187,20230517140952,1,'2020-01-01 01:01:01'),(188,20230517152807,1,'2020-01-01 01:01:01'),(189,20230518114155,1,'2020-01-01 01:01:01'),(190,20230520153236,1,'2020-01-01 01:01:01'),(191,20230525151159,1,'2020-01-01 01:01:01'),(192,20230530122103,1,'2020-01-01 01:01:01'),(193,20230602111827,1,'2020-01-01 01:01:01'),(194,20230608103123,1,'2020-01-01 01:01:01'),(195,20230629140529,1,'2020-01-01 01:01:01'),(196,20230629140530,1,'2020-01-01 01:01:01'),(197,20230711144622,1,'2020-01-01 01:01:01'),(198,20230721135421,1,'2020-01-01 01:01:01'),(199,20230721161508,1,'2020-01-01 01:01:01'),(200,20230726115701,1,'2020-01-01 01:01:01'),(201,20230807100822,1,'2020-01-01 01:01:01'),(202,20230814150442,1,'2020-01-01 01:01:01'),(203,20230823122728,1,'2020-01-01 01:01:01'),(204,20230906152143,1,'2020-01-01 01:01:01'),(205,20230911163618,1,'2020-01-01 01:01:01'),(206,20230912101759,1,'2020-01-01 01:01:01'),(207,20230915101341,1,'2020-01-01 01:01:01'),(208,20230918132351,1,'2020-01-01 01:01:01'),(209,20231004144339,1,'2020-01-01 01:01:01'),(210,20231009094541,1,'2020-01-01 01:01:01'),(211,20231009094542,1,'2020-01-01 01:01:01'),(212,20231009094543,1,'2020-01-01 01:01:01'),(213,20231009094544,1,'2020-01-01 01:01:01'),(214,20231016091915,1,'2020-01-01 01:01:01'),(215,20231024174135,1,'2020-01-01 01:01:01'),(216,20231025120016,1,'2020-01-01 01:01:01'),(217,20231025160156,1,'2020-01-01 01:01:01'),(218,20231031165350,1,'2020-01-01 01:01:01'),(219,20231106144110,1,'2020-01-01 01:01:01'),(220,20231107130934,1,'2020-01-01 01:01:01'),(221,20231109115838,1,'2020-01-01 01:01:01'),(222,20231121054530,1,'2020-01-01 01:01:01'),(223,20231122101320,1,'2020-01-01 01:01:01'),(224,20231130132828,1,'2020-01-01 01:01:01'),(225,20231130132931,1,'2020-01-01 01:01:01'),(226,20231204155427,1,'2020-01-01 01:01:01'),(227,20231206142340,1,'2020-01-01 01:01:01'),(228,20231207102320,1,'2020-01-01 01:01:01'),(229,20231207102321,1,'2020-01-01 01:01:01'),(230,20231207133731,1,'2020-01-01 01:01:01'),(231,20231212094238,1,'2020-01-01 01:01:01'),(232,20231212095734,1,'2020-01-01 01:01:01'),(233,20231212161121,1,'2020-01-01 01:01:01'),(234,20231215122713,1,'2020-01-01 01:01:01'),(235,20231219143041,1,'2020-01-01 01:01:01'),(236,20231224070653,1,'2020-01-01 01:01:01'),(237,20240110134315,1,'2020-01-01 01:01:01'),(238,20240119091637,1,'2020-01-01 01:01:01'),(239,20240126020642,1,'2020-01-01 01:01:01'),(240,20240126020643,1,'2020-01-01 01:01:01'),(241,20240129162819,1,'2020-01-01 01:01:01'),(242,20240130115133,1,'2020-01-01 01:01:01'),(243,20240131083822,1,'2020-01-01 01:01:01'),(244,20240205095928,1,'2020-01-01 01:01:01'),(245,20240205121956,1,'2020-01-01 01:01:01'),(246,20240209110212,1,'2020-01-01 01:01:01'),(247,20240212111533,1,'2020-01-01 01:01:01'),(248,20240221112844,1,'2020-01-01 01:01:01'),(249,20240222073518,1,'2020-01-01 01:01:01'),(250,20240222135115,1,'2020-01-01 01:01:01'),(251,20240226082255,1,'2020-01-01 01:01:01'),(252,20240228082706,1,'2020-01-01 01:01:01'),(253,20240301173035,1,'2020-01-01 01:01:01'),(254,20240302111134,1,'2020-01-01 01:01:01'),(255,20240312103753,1,'2020-01-01 01:01:01'),(256,20240313143416,1,'2020-01-01 01:01:01'),(257,20240314085226,1,'2020-01-01 01:01:01'),(258,20240314151747,1,'2020-01-01 01:01:01'),(259,20240320145650,1,'2020-01-01 01:01:01'),(260,20240327115530,1,'2020-01-01 01:01:01'),(261,20240327115617,1,'2020-01-01 01:01:01'),(262,20240408085837,1,'2020-01-01 01:01:01'),(263,20240415104633,1,'2020-01-01 01:01:01'),(264,20240430111727,1,'2020-01-01 01:01:01'),(265,20240515200020,1,'2020-01-01 01:01:01'),(266,20240521143023,1,'2020-01-01 01:01:01'),(267,20240521143024,1,'2020-01-01 01:01:01'),(268,20240601174138,1,'2020-01-01 01:01:01'),(269,20240607133721,1,'2020-01-01 01:01:01'),(270,20240612150059,1,'2020-01-01 01:01:01'),(271,20240613162201,1,'2020-01-01 01:01:01'),(272,20240613172616,1,'2020-01-01 01:01:01'),(273,20240618142419,1,'2020-01-01 01:01:01'),(274,20240625093543,1,'2020-01-01 01:01:01'),(275,20240626195531,1,'2020-01-01 01:01:01'),(276,20240702123921,1,'2020-01-01 01:01:01'),(277,20240703154849,1,'2020-01-01 01:01:01'),(278,20240707134035,1,'2020-01-01 01:01:01'),(279,20240707134036,1,'2020-01-01 01:01:01'),(280,20240709124958,1,'2020-01-01 01:01:01'),(281,20240709132642,1,'2020-01-01 01:01:01'),(282,20240709183940,1,'2020-01-01 01:01:01'),(283,20240710155623,1,'2020-01-01 01:01:01'),(284,20240723102712,1,'2020-01-01 01:01:01'),(285,20240725152735,1,'2020-01-01 01:01:01'),(286,20240725182118,1,'2020-01-01 01:01:01'),(287,20240726100517,1,'2020-01-01 01:01:01'),(288,20240730171504,1,'2020-01-01 01:01:01'),(289,20240730174056,1,'2020-01-01 01:01:01'),(290,20240730215453,1,'2020-01-01 01:01:01'),(291,20240730374423,1,'2020-01-01 01:01:01'),(292,20240801115359,1,'2020-01-01 01:01:01'),(293,20240802101043,1,'2020-01-01 01:01:01'),(294,20240802113716,1,'2020-01-01 01:01:01'),(295,20240814135330,1,'2020-01-01 01:01:01'),(296,20240815000000,1,'2020-01-01 01:01:01'),(297,20240815000001,1,'2020-01-01 01:01:01'),(298,20240816103247,1,'2020-01-01 01:01:01'),(299,20240820091218,1,'2020-01-01 01:01:01'),(300,20240826111228,1,'2020-01-01 01:01:01'),(301,20240826160025,1,'2020-01-01 01:01:01'),(302,20240829165448,1,'2020-01-01 01:01:01'),(303,20240829165605,1,'2020-01-01 01:01:01'),(304,20240829165715,1,'2020-01-01 01:01:01'),(305,20240829165930,1,'2020-01-01 01:01:01'),(306,20240829170023,1,'2020-01-01 01:01:01'),(307,20240829170033,1,'2020-01-01 01:01:01'),(308,20240829170044,1,'2020-01-01 01:01:01'),(309,20240905105135,1,'2020-01-01 01:01:01'),(310,20240905140514,1,'2020-01-01 01:01:01'),(311,20240905200000,1,'2020-01-01 01:01:01');
 /*!40101 SET @saved_cs_client     = @@character_set_client */;
 /*!50503 SET character_set_client = utf8mb4 */;
 CREATE TABLE `mobile_device_management_solutions` (
@@ -1672,12 +1676,14 @@ CREATE TABLE `software_installers` (
   `install_script_content_id` int unsigned NOT NULL,
   `post_install_script_content_id` int unsigned DEFAULT NULL,
   `storage_id` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
-  `uploaded_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `uploaded_at` timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6),
   `self_service` tinyint(1) NOT NULL DEFAULT '0',
   `user_id` int unsigned DEFAULT NULL,
   `user_name` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL DEFAULT '',
   `user_email` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL DEFAULT '',
   `url` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL DEFAULT '',
+  `package_ids` text CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
+  `uninstall_script_content_id` int unsigned NOT NULL,
   PRIMARY KEY (`id`),
   UNIQUE KEY `idx_software_installers_team_id_title_id` (`global_or_team_id`,`title_id`),
   KEY `fk_software_installers_title` (`title_id`),
@@ -1686,11 +1692,13 @@ CREATE TABLE `software_installers` (
   KEY `fk_software_installers_team_id` (`team_id`),
   KEY `idx_software_installers_platform_title_id` (`platform`,`title_id`),
   KEY `fk_software_installers_user_id` (`user_id`),
+  KEY `fk_uninstall_script_content_id` (`uninstall_script_content_id`),
   CONSTRAINT `fk_software_installers_install_script_content_id` FOREIGN KEY (`install_script_content_id`) REFERENCES `script_contents` (`id`) ON DELETE RESTRICT ON UPDATE CASCADE,
   CONSTRAINT `fk_software_installers_post_install_script_content_id` FOREIGN KEY (`post_install_script_content_id`) REFERENCES `script_contents` (`id`) ON DELETE RESTRICT ON UPDATE CASCADE,
   CONSTRAINT `fk_software_installers_team_id` FOREIGN KEY (`team_id`) REFERENCES `teams` (`id`) ON DELETE CASCADE ON UPDATE CASCADE,
   CONSTRAINT `fk_software_installers_title` FOREIGN KEY (`title_id`) REFERENCES `software_titles` (`id`) ON DELETE SET NULL ON UPDATE CASCADE,
-  CONSTRAINT `fk_software_installers_user_id` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`) ON DELETE SET NULL
+  CONSTRAINT `fk_software_installers_user_id` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`) ON DELETE SET NULL,
+  CONSTRAINT `fk_uninstall_script_content_id` FOREIGN KEY (`uninstall_script_content_id`) REFERENCES `script_contents` (`id`) ON DELETE RESTRICT ON UPDATE CASCADE
 ) /*!50100 TABLESPACE `innodb_system` */ ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
 /*!40101 SET character_set_client = @saved_cs_client */;
 /*!40101 SET @saved_cs_client     = @@character_set_client */;
diff --git a/server/datastore/mysql/scripts.go b/server/datastore/mysql/scripts.go
index e9acb25254..f0ad52acb0 100644
--- a/server/datastore/mysql/scripts.go
+++ b/server/datastore/mysql/scripts.go
@@ -80,7 +80,8 @@ func truncateScriptResult(output string) string {
 	return output
 }
 
-func (ds *Datastore) SetHostScriptExecutionResult(ctx context.Context, result *fleet.HostScriptResultPayload) (*fleet.HostScriptResult, error) {
+func (ds *Datastore) SetHostScriptExecutionResult(ctx context.Context, result *fleet.HostScriptResultPayload) (*fleet.HostScriptResult,
+	string, error) {
 	const resultExistsStmt = `
 	SELECT
 		1
@@ -105,20 +106,27 @@ func (ds *Datastore) SetHostScriptExecutionResult(ctx context.Context, result *f
 	const hostMDMActionsStmt = `
   SELECT
     CASE
-      WHEN lock_ref = ? THEN 'lock_ref'
-      WHEN unlock_ref = ? THEN 'unlock_ref'
-      WHEN wipe_ref = ? THEN 'wipe_ref'
+      WHEN lock_ref = :execution_id THEN 'lock_ref'
+      WHEN unlock_ref = :execution_id THEN 'unlock_ref'
+      WHEN wipe_ref = :execution_id THEN 'wipe_ref'
       ELSE ''
-    END AS ref_col
+    END AS action
   FROM
     host_mdm_actions
   WHERE
-    host_id = ?
+    host_id = :host_id
+  UNION
+  SELECT 'uninstall' AS action
+  FROM
+	host_software_installs
+  WHERE
+	execution_id = :execution_id AND host_id = :host_id
 `
 
 	output := truncateScriptResult(result.Output)
 
 	var hsr *fleet.HostScriptResult
+	var action string
 	err := ds.withRetryTxx(ctx, func(tx sqlx.ExtContext) error {
 		var resultExists bool
 		err := sqlx.GetContext(ctx, tx, &resultExists, resultExistsStmt, result.HostID, result.ExecutionID)
@@ -154,15 +162,31 @@ func (ds *Datastore) SetHostScriptExecutionResult(ctx context.Context, result *f
 				return ctxerr.Wrap(ctx, err, "load updated host script result")
 			}
 
-			// look up if that script was a lock/unlock/wipe script for that host,
+			// look up if that script was a lock/unlock/wipe/uninstall script for that host,
 			// and if so update the host_mdm_actions table accordingly.
-			var refCol string
-			err = sqlx.GetContext(ctx, tx, &refCol, hostMDMActionsStmt, result.ExecutionID, result.ExecutionID, result.ExecutionID, result.HostID)
+			namedArgs := map[string]any{
+				"host_id":      result.HostID,
+				"execution_id": result.ExecutionID,
+			}
+			stmt, args, err := sqlx.Named(hostMDMActionsStmt, namedArgs)
+			if err != nil {
+				return ctxerr.Wrap(ctx, err, "build named query for host mdm actions")
+			}
+			err = sqlx.GetContext(ctx, tx, &action, stmt, args...)
 			if err != nil && !errors.Is(err, sql.ErrNoRows) { // ignore ErrNoRows, refCol will be empty
 				return ctxerr.Wrap(ctx, err, "lookup host script corresponding mdm action")
 			}
-			if refCol != "" {
-				err = updateHostLockWipeStatusFromResult(ctx, tx, result.HostID, refCol, result.ExitCode == 0)
+
+			switch action {
+			case "":
+				// do nothing
+			case "uninstall":
+				err = updateUninstallStatusFromResult(ctx, tx, result.HostID, result.ExecutionID, result.ExitCode)
+				if err != nil {
+					return ctxerr.Wrap(ctx, err, "update host uninstall action based on script result")
+				}
+			default: // lock/unlock/wipe
+				err = updateHostLockWipeStatusFromResult(ctx, tx, result.HostID, action, result.ExitCode == 0)
 				if err != nil {
 					return ctxerr.Wrap(ctx, err, "update host mdm action based on script result")
 				}
@@ -171,9 +195,9 @@ func (ds *Datastore) SetHostScriptExecutionResult(ctx context.Context, result *f
 		return nil
 	})
 	if err != nil {
-		return nil, err
+		return nil, "", err
 	}
-	return hsr, nil
+	return hsr, action, nil
 }
 
 func (ds *Datastore) ListPendingHostScriptExecutions(ctx context.Context, hostID uint) ([]*fleet.HostScriptResult, error) {
@@ -392,6 +416,25 @@ WHERE
 	return contents, nil
 }
 
+func (ds *Datastore) GetAnyScriptContents(ctx context.Context, id uint) ([]byte, error) {
+	const getStmt = `
+SELECT
+  sc.contents
+FROM
+  script_contents sc
+WHERE
+  sc.id = ?
+`
+	var contents []byte
+	if err := sqlx.GetContext(ctx, ds.reader(ctx), &contents, getStmt, id); err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			return nil, notFound("Script").WithID(id)
+		}
+		return nil, ctxerr.Wrap(ctx, err, "get any script contents")
+	}
+	return contents, nil
+}
+
 func (ds *Datastore) DeleteScript(ctx context.Context, id uint) error {
 	_, err := ds.writer(ctx).ExecContext(ctx, `DELETE FROM scripts WHERE id = ?`, id)
 	if err != nil {
@@ -1100,6 +1143,16 @@ func updateHostLockWipeStatusFromResult(ctx context.Context, tx sqlx.ExtContext,
 	return ctxerr.Wrap(ctx, err, "update host lock/wipe status from result")
 }
 
+func updateUninstallStatusFromResult(ctx context.Context, tx sqlx.ExtContext, hostID uint, executionID string, exitCode int) error {
+	stmt := `
+	UPDATE host_software_installs SET uninstall_script_exit_code = ? WHERE execution_id = ? AND host_id = ?
+	`
+	if _, err := tx.ExecContext(ctx, stmt, exitCode, executionID, hostID); err != nil {
+		return ctxerr.Wrap(ctx, err, "update uninstall status from result")
+	}
+	return nil
+}
+
 func (ds *Datastore) CleanupUnusedScriptContents(ctx context.Context) error {
 	deleteStmt := `
 DELETE FROM
@@ -1111,7 +1164,7 @@ WHERE
     SELECT 1 FROM scripts WHERE script_content_id = script_contents.id)
   AND NOT EXISTS (
     SELECT 1 FROM software_installers si
-    WHERE script_contents.id IN (si.install_script_content_id, si.post_install_script_content_id)
+    WHERE script_contents.id IN (si.install_script_content_id, si.post_install_script_content_id, si.uninstall_script_content_id)
   )
 		`
 	_, err := ds.writer(ctx).ExecContext(ctx, deleteStmt)
diff --git a/server/datastore/mysql/scripts_test.go b/server/datastore/mysql/scripts_test.go
index 5543a7661d..7666f0ae4f 100644
--- a/server/datastore/mysql/scripts_test.go
+++ b/server/datastore/mysql/scripts_test.go
@@ -37,6 +37,7 @@ func TestScripts(t *testing.T) {
 		{"TestLockUnlockManually", testLockUnlockManually},
 		{"TestInsertScriptContents", testInsertScriptContents},
 		{"TestCleanupUnusedScriptContents", testCleanupUnusedScriptContents},
+		{"TestGetAnyScriptContents", testGetAnyScriptContents},
 	}
 	for _, c := range cases {
 		t.Run(c.name, func(t *testing.T) {
@@ -87,7 +88,7 @@ func testHostScriptResult(t *testing.T, ds *Datastore) {
 	require.Equal(t, createdScript.ID, pending[0].ID)
 
 	// record a result for this execution
-	_, err = ds.SetHostScriptExecutionResult(ctx, &fleet.HostScriptResultPayload{
+	hsr, action, err := ds.SetHostScriptExecutionResult(ctx, &fleet.HostScriptResultPayload{
 		HostID:      1,
 		ExecutionID: createdScript.ExecutionID,
 		Output:      "foo",
@@ -96,9 +97,11 @@ func testHostScriptResult(t *testing.T, ds *Datastore) {
 		Timeout:     300,
 	})
 	require.NoError(t, err)
+	assert.Empty(t, action)
+	assert.NotNil(t, hsr)
 
 	// record a duplicate result for this execution, will be ignored
-	hsr, err := ds.SetHostScriptExecutionResult(ctx, &fleet.HostScriptResultPayload{
+	hsr, _, err = ds.SetHostScriptExecutionResult(ctx, &fleet.HostScriptResultPayload{
 		HostID:      1,
 		ExecutionID: createdScript.ExecutionID,
 		Output:      "foobarbaz",
@@ -163,7 +166,7 @@ func testHostScriptResult(t *testing.T, ds *Datastore) {
 		strings.Repeat("j", 1000) +
 		strings.Repeat("k", 1000)
 
-	_, err = ds.SetHostScriptExecutionResult(ctx, &fleet.HostScriptResultPayload{
+	_, _, err = ds.SetHostScriptExecutionResult(ctx, &fleet.HostScriptResultPayload{
 		HostID:      1,
 		ExecutionID: createdScript.ExecutionID,
 		Output:      largeOutput,
@@ -238,7 +241,7 @@ func testHostScriptResult(t *testing.T, ds *Datastore) {
 	})
 	require.NoError(t, err)
 
-	unsignedScriptResult, err := ds.SetHostScriptExecutionResult(ctx, &fleet.HostScriptResultPayload{
+	unsignedScriptResult, _, err := ds.SetHostScriptExecutionResult(ctx, &fleet.HostScriptResultPayload{
 		HostID:      1,
 		ExecutionID: createdUnsignedScript.ExecutionID,
 		Output:      "foo",
@@ -261,6 +264,8 @@ func testScripts(t *testing.T, ds *Datastore) {
 	// get unknown script contents
 	_, err = ds.GetScriptContents(ctx, 123)
 	require.ErrorAs(t, err, &nfe)
+	_, err = ds.GetAnyScriptContents(ctx, 123)
+	require.ErrorAs(t, err, &nfe)
 
 	// create global scriptGlobal
 	scriptGlobal, err := ds.NewScript(ctx, &fleet.Script{
@@ -282,6 +287,9 @@ func testScripts(t *testing.T, ds *Datastore) {
 	contents, err := ds.GetScriptContents(ctx, scriptGlobal.ID)
 	require.NoError(t, err)
 	require.Equal(t, "echo", string(contents))
+	contents, err = ds.GetAnyScriptContents(ctx, scriptGlobal.ID)
+	require.NoError(t, err)
+	require.Equal(t, "echo", string(contents))
 
 	// create team script but team does not exist
 	_, err = ds.NewScript(ctx, &fleet.Script{
@@ -315,6 +323,9 @@ func testScripts(t *testing.T, ds *Datastore) {
 	contents, err = ds.GetScriptContents(ctx, scriptTeam.ID)
 	require.NoError(t, err)
 	require.Equal(t, "echo 'team'", string(contents))
+	contents, err = ds.GetAnyScriptContents(ctx, scriptTeam.ID)
+	require.NoError(t, err)
+	require.Equal(t, "echo 'team'", string(contents))
 
 	// try to create another team script with the same name
 	_, err = ds.NewScript(ctx, &fleet.Script{
@@ -781,12 +792,13 @@ func testLockHostViaScript(t *testing.T, ds *Datastore) {
 	require.True(t, status.IsPendingLock())
 
 	// simulate a successful result for the lock script execution
-	_, err = ds.SetHostScriptExecutionResult(ctx, &fleet.HostScriptResultPayload{
+	_, action, err := ds.SetHostScriptExecutionResult(ctx, &fleet.HostScriptResultPayload{
 		HostID:      s.HostID,
 		ExecutionID: s.ExecutionID,
 		ExitCode:    0,
 	})
 	require.NoError(t, err)
+	assert.Equal(t, "lock_ref", action)
 
 	status, err = ds.GetHostLockWipeStatus(ctx, &fleet.Host{ID: windowsHostID, Platform: "windows", UUID: "uuid"})
 	require.NoError(t, err)
@@ -832,12 +844,13 @@ func testUnlockHostViaScript(t *testing.T, ds *Datastore) {
 	require.True(t, status.IsPendingUnlock())
 
 	// simulate a successful result for the unlock script execution
-	_, err = ds.SetHostScriptExecutionResult(ctx, &fleet.HostScriptResultPayload{
+	_, action, err := ds.SetHostScriptExecutionResult(ctx, &fleet.HostScriptResultPayload{
 		HostID:      s.HostID,
 		ExecutionID: s.ExecutionID,
 		ExitCode:    0,
 	})
 	require.NoError(t, err)
+	assert.Equal(t, "unlock_ref", action)
 
 	status, err = ds.GetHostLockWipeStatus(ctx, &fleet.Host{ID: hostID, Platform: "windows", UUID: "uuid"})
 	require.NoError(t, err)
@@ -874,12 +887,13 @@ func testLockUnlockWipeViaScripts(t *testing.T, ds *Datastore) {
 			checkLockWipeState(t, status, true, false, false, false, true, false)
 
 			// simulate a successful result for the lock script execution
-			_, err = ds.SetHostScriptExecutionResult(ctx, &fleet.HostScriptResultPayload{
+			_, action, err := ds.SetHostScriptExecutionResult(ctx, &fleet.HostScriptResultPayload{
 				HostID:      hostID,
 				ExecutionID: status.LockScript.ExecutionID,
 				ExitCode:    0,
 			})
 			require.NoError(t, err)
+			assert.Equal(t, "lock_ref", action)
 
 			status, err = ds.GetHostLockWipeStatus(ctx, &fleet.Host{ID: hostID, Platform: platform, UUID: "uuid"})
 			require.NoError(t, err)
@@ -899,12 +913,13 @@ func testLockUnlockWipeViaScripts(t *testing.T, ds *Datastore) {
 			checkLockWipeState(t, status, false, true, false, true, false, false)
 
 			// simulate a failed result for the unlock script execution
-			_, err = ds.SetHostScriptExecutionResult(ctx, &fleet.HostScriptResultPayload{
+			_, action, err = ds.SetHostScriptExecutionResult(ctx, &fleet.HostScriptResultPayload{
 				HostID:      hostID,
 				ExecutionID: status.UnlockScript.ExecutionID,
 				ExitCode:    -1,
 			})
 			require.NoError(t, err)
+			assert.Equal(t, "unlock_ref", action)
 
 			// still locked
 			status, err = ds.GetHostLockWipeStatus(ctx, &fleet.Host{ID: hostID, Platform: platform, UUID: "uuid"})
@@ -925,12 +940,13 @@ func testLockUnlockWipeViaScripts(t *testing.T, ds *Datastore) {
 			checkLockWipeState(t, status, false, true, false, true, false, false)
 
 			// this time simulate a successful result for the unlock script execution
-			_, err = ds.SetHostScriptExecutionResult(ctx, &fleet.HostScriptResultPayload{
+			_, action, err = ds.SetHostScriptExecutionResult(ctx, &fleet.HostScriptResultPayload{
 				HostID:      hostID,
 				ExecutionID: status.UnlockScript.ExecutionID,
 				ExitCode:    0,
 			})
 			require.NoError(t, err)
+			assert.Equal(t, "unlock_ref", action)
 
 			// host is now unlocked
 			status, err = ds.GetHostLockWipeStatus(ctx, &fleet.Host{ID: hostID, Platform: platform, UUID: "uuid"})
@@ -951,12 +967,13 @@ func testLockUnlockWipeViaScripts(t *testing.T, ds *Datastore) {
 			checkLockWipeState(t, status, true, false, false, false, true, false)
 
 			// simulate a failed result for the lock script execution
-			_, err = ds.SetHostScriptExecutionResult(ctx, &fleet.HostScriptResultPayload{
+			_, action, err = ds.SetHostScriptExecutionResult(ctx, &fleet.HostScriptResultPayload{
 				HostID:      hostID,
 				ExecutionID: status.LockScript.ExecutionID,
 				ExitCode:    2,
 			})
 			require.NoError(t, err)
+			assert.Equal(t, "lock_ref", action)
 
 			status, err = ds.GetHostLockWipeStatus(ctx, &fleet.Host{ID: hostID, Platform: platform, UUID: "uuid"})
 			require.NoError(t, err)
@@ -1009,12 +1026,13 @@ func testLockUnlockWipeViaScripts(t *testing.T, ds *Datastore) {
 				checkLockWipeState(t, status, true, false, false, false, false, true)
 
 				// simulate a failed result for the wipe script execution
-				_, err = ds.SetHostScriptExecutionResult(ctx, &fleet.HostScriptResultPayload{
+				_, action, err = ds.SetHostScriptExecutionResult(ctx, &fleet.HostScriptResultPayload{
 					HostID:      hostID,
 					ExecutionID: status.WipeScript.ExecutionID,
 					ExitCode:    1,
 				})
 				require.NoError(t, err)
+				assert.Equal(t, "wipe_ref", action)
 
 				status, err = ds.GetHostLockWipeStatus(ctx, &fleet.Host{ID: hostID, Platform: platform, UUID: "uuid"})
 				require.NoError(t, err)
@@ -1034,12 +1052,13 @@ func testLockUnlockWipeViaScripts(t *testing.T, ds *Datastore) {
 				checkLockWipeState(t, status, true, false, false, false, false, true)
 
 				// simulate a successful result for the wipe script execution
-				_, err = ds.SetHostScriptExecutionResult(ctx, &fleet.HostScriptResultPayload{
+				_, action, err = ds.SetHostScriptExecutionResult(ctx, &fleet.HostScriptResultPayload{
 					HostID:      hostID,
 					ExecutionID: status.WipeScript.ExecutionID,
 					ExitCode:    0,
 				})
 				require.NoError(t, err)
+				assert.Equal(t, "wipe_ref", action)
 
 				status, err = ds.GetHostLockWipeStatus(ctx, &fleet.Host{ID: hostID, Platform: platform, UUID: "uuid"})
 				require.NoError(t, err)
@@ -1147,6 +1166,7 @@ func testCleanupUnusedScriptContents(t *testing.T, ds *Datastore) {
 	// create a software install that references scripts
 	swi, err := ds.MatchOrCreateSoftwareInstaller(ctx, &fleet.UploadSoftwareInstallerPayload{
 		InstallScript:     "install-script",
+		UninstallScript:   "uninstall-script",
 		PreInstallQuery:   "SELECT 1",
 		PostInstallScript: "post-install-script",
 		InstallerFile:     bytes.NewReader([]byte("hello")),
@@ -1167,7 +1187,7 @@ func testCleanupUnusedScriptContents(t *testing.T, ds *Datastore) {
 	stmt := `SELECT id, HEX(md5_checksum) as md5_checksum FROM script_contents`
 	err = sqlx.SelectContext(ctx, ds.reader(ctx), &sc, stmt)
 	require.NoError(t, err)
-	require.Len(t, sc, 4)
+	require.Len(t, sc, 5)
 
 	// this should only remove the script_contents of the saved script, since the sync script is
 	// still "in use" by the script execution
@@ -1176,15 +1196,17 @@ func testCleanupUnusedScriptContents(t *testing.T, ds *Datastore) {
 	sc = []scriptContents{}
 	err = sqlx.SelectContext(ctx, ds.reader(ctx), &sc, stmt)
 	require.NoError(t, err)
-	require.Len(t, sc, 3)
+	require.Len(t, sc, 4)
 	require.ElementsMatch(t, []string{
 		md5ChecksumScriptContent(res.ScriptContents),
 		md5ChecksumScriptContent("install-script"),
 		md5ChecksumScriptContent("post-install-script"),
+		md5ChecksumScriptContent("uninstall-script"),
 	}, []string{
 		sc[0].Checksum,
 		sc[1].Checksum,
 		sc[2].Checksum,
+		sc[3].Checksum,
 	})
 
 	// remove the software installer from the DB
@@ -1204,6 +1226,7 @@ func testCleanupUnusedScriptContents(t *testing.T, ds *Datastore) {
 	swi, err = ds.MatchOrCreateSoftwareInstaller(ctx, &fleet.UploadSoftwareInstallerPayload{
 		PreInstallQuery: "SELECT 1",
 		InstallScript:   "install-script",
+		UninstallScript: "uninstall-script",
 		InstallerFile:   bytes.NewReader([]byte("hello")),
 		StorageID:       "storage1",
 		Filename:        "file1",
@@ -1219,7 +1242,7 @@ func testCleanupUnusedScriptContents(t *testing.T, ds *Datastore) {
 	sc = []scriptContents{}
 	err = sqlx.SelectContext(ctx, ds.reader(ctx), &sc, stmt)
 	require.NoError(t, err)
-	require.Len(t, sc, 2)
+	require.Len(t, sc, 3)
 
 	// remove the software installer from the DB
 	err = ds.DeleteSoftwareInstaller(ctx, swi)
@@ -1233,3 +1256,15 @@ func testCleanupUnusedScriptContents(t *testing.T, ds *Datastore) {
 	require.Len(t, sc, 1)
 	require.Equal(t, md5ChecksumScriptContent(res.ScriptContents), sc[0].Checksum)
 }
+
+func testGetAnyScriptContents(t *testing.T, ds *Datastore) {
+	ctx := context.Background()
+	contents := `echo foobar;`
+	res, err := insertScriptContents(ctx, ds.writer(ctx), contents)
+	require.NoError(t, err)
+	id, _ := res.LastInsertId()
+
+	result, err := ds.GetAnyScriptContents(ctx, uint(id))
+	require.NoError(t, err)
+	require.Equal(t, contents, string(result))
+}
diff --git a/server/datastore/mysql/software.go b/server/datastore/mysql/software.go
index 4826e0ceba..0b11e647b2 100644
--- a/server/datastore/mysql/software.go
+++ b/server/datastore/mysql/software.go
@@ -2155,45 +2155,6 @@ func (ds *Datastore) ListCVEs(ctx context.Context, maxAge time.Duration) ([]flee
 	return result, nil
 }
 
-// tblAlias is the table alias to use as prefix for the host_software_installs
-// column names, no prefix used if empty.
-// colAlias is the name to be assigned to the computed status column, pass
-// empty to have the value only, no column alias set.
-func softwareInstallerHostStatusNamedQuery(tblAlias, colAlias string) string {
-	if tblAlias != "" {
-		tblAlias += "."
-	}
-	if colAlias != "" {
-		colAlias = " AS " + colAlias
-	}
-	// the computed column assumes that all results (pre, install and post) are
-	// stored at once, so that if there is an exit code for the install script
-	// and none for the post-install, it is because there is no post-install.
-	return fmt.Sprintf(`
-			CASE
-				WHEN %[1]sremoved = 1 THEN NULL
-
-				WHEN %[1]spost_install_script_exit_code IS NOT NULL AND
-					%[1]spost_install_script_exit_code = 0 THEN :software_status_installed
-
-				WHEN %[1]spost_install_script_exit_code IS NOT NULL AND
-					%[1]spost_install_script_exit_code != 0 THEN :software_status_failed
-
-				WHEN %[1]sinstall_script_exit_code IS NOT NULL AND
-					%[1]sinstall_script_exit_code = 0 THEN :software_status_installed
-
-				WHEN %[1]sinstall_script_exit_code IS NOT NULL AND
-					%[1]sinstall_script_exit_code != 0 THEN :software_status_failed
-
-				WHEN %[1]spre_install_query_output IS NOT NULL AND
-					%[1]spre_install_query_output = '' THEN :software_status_failed
-
-				WHEN %[1]shost_id IS NOT NULL THEN :software_status_pending
-
-				ELSE NULL -- not installed from Fleet installer
-			END %[2]s `, tblAlias, colAlias)
-}
-
 func (ds *Datastore) ListHostSoftware(ctx context.Context, host *fleet.Host, opts fleet.HostSoftwareTitleListOptions) ([]*fleet.HostSoftwareWithInstaller, *fleet.PaginationMetadata, error) {
 	var onlySelfServiceClause string
 	if opts.SelfServiceOnly {
@@ -2218,9 +2179,11 @@ AND EXISTS (SELECT 1 FROM software s JOIN software_cve scve ON scve.software_id
 					hs.host_id = :host_id AND
 					s.title_id = st.id
 			) OR `
+	status := fmt.Sprintf(`COALESCE(%s, %s)`, "hsi.last_status", vppAppHostStatusNamedQuery("hvsi", "ncr", ""))
 	if opts.OnlyAvailableForInstall {
 		// Get software that has a package/VPP installer but was not installed with Fleet
-		softwareIsInstalledOnHostClause = ` status IS NULL AND (si.id IS NOT NULL OR vat.adam_id IS NOT NULL) AND ` + softwareIsInstalledOnHostClause
+		softwareIsInstalledOnHostClause = fmt.Sprintf(` %s IS NULL AND (si.id IS NOT NULL OR vat.adam_id IS NOT NULL) AND %s`, status,
+			softwareIsInstalledOnHostClause)
 	}
 
 	// this statement lists only the software that is reported as installed on
@@ -2237,16 +2200,64 @@ AND EXISTS (SELECT 1 FROM software s JOIN software_cve scve ON scve.software_id
 			vat.adam_id as vpp_app_adam_id,
 			vap.latest_version as vpp_app_version,
 			NULLIF(vap.icon_url, '') as vpp_app_icon_url,
-			COALESCE(hsi.created_at, hvsi.created_at) as last_install_installed_at,
-			COALESCE(hsi.execution_id, hvsi.command_uuid) as last_install_install_uuid,
-			-- get either the softare installer status or the vpp app status
-			COALESCE(%s, %s) as status
+			COALESCE(hsi.last_installed_at, hvsi.created_at) as last_install_installed_at,
+			COALESCE(hsi.last_install_execution_id, hvsi.command_uuid) as last_install_install_uuid,
+			hsi.last_uninstalled_at as last_uninstall_uninstalled_at,
+			hsi.last_uninstall_execution_id as last_uninstall_script_execution_id,
+			-- get either the software installer status or the vpp app status
+			%s as status
 		FROM
 			software_titles st
 		LEFT OUTER JOIN
 			software_installers si ON st.id = si.title_id AND si.global_or_team_id = :global_or_team_id
-		LEFT OUTER JOIN
-			host_software_installs hsi ON si.id = hsi.software_installer_id AND hsi.host_id = :host_id AND hsi.removed = 0
+		LEFT OUTER JOIN -- get the latest status and install/uninstall attempts (merge 3 host_software_installs rows into 1)
+			(
+				SELECT
+					hsi_group.host_id,
+					hsi_group.software_installer_id,
+					TIMESTAMP(GROUP_CONCAT(hsi_installed_at)) as last_installed_at,
+					GROUP_CONCAT(hsi_install_execution_id) as last_install_execution_id,
+					TIMESTAMP(GROUP_CONCAT(hsi_uninstalled_at)) as last_uninstalled_at,
+					GROUP_CONCAT(hsi_uninstall_execution_id) as last_uninstall_execution_id,
+					IF(GROUP_CONCAT(hsi_status) = '', NULL, GROUP_CONCAT(hsi_status)) as last_status
+				FROM (
+					-- get latest install/uninstall status
+					SELECT
+						host_id, software_installer_id,
+						NULL as hsi_installed_at, NULL as hsi_install_execution_id,
+						NULL as hsi_uninstalled_at, NULL as hsi_uninstall_execution_id,
+						-- get the status of the latest attempt; 27-1 is the length of the timestamp
+					    SUBSTRING(MAX(CONCAT(created_at, COALESCE(status, ''))), 27) AS hsi_status
+					FROM host_software_installs
+					WHERE host_id = :host_id AND removed = 0
+					GROUP BY host_id, software_installer_id
+					UNION
+					-- get latest install attempt
+					SELECT
+						host_id, software_installer_id,
+						MAX(created_at) as hsi_installed_at,
+						-- get the execution_id of the latest attempt; 27-1 is the length of the timestamp
+					    SUBSTRING(MAX(CONCAT(created_at, execution_id)), 27) AS hsi_install_execution_id,
+						NULL as hsi_uninstalled_at, NULL as hsi_uninstall_execution_id,
+						NULL as hsi_status
+					FROM host_software_installs
+					WHERE host_id = :host_id AND removed = 0 AND uninstall = 0
+					GROUP BY host_id, software_installer_id
+					UNION
+					-- get latest uninstall attempt
+					SELECT
+						host_id, software_installer_id,
+						NULL as hsi_installed_at, NULL as hsi_install_execution_id,
+						MAX(created_at) as hsi_uninstalled_at,
+						-- get the execution_id of the latest attempt; 27-1 is the length of the timestamp
+					    SUBSTRING(MAX(CONCAT(created_at, execution_id)), 27) AS hsi_uninstall_execution_id,
+						NULL as hsi_status
+						FROM host_software_installs
+					WHERE host_id = :host_id AND removed = 0 AND uninstall = 1
+					GROUP BY host_id, software_installer_id
+				) as hsi_group
+				GROUP BY hsi_group.host_id, hsi_group.software_installer_id
+			) as hsi ON si.id = hsi.software_installer_id
 		LEFT OUTER JOIN
 			vpp_apps vap ON st.id = vap.title_id AND vap.platform = :host_platform
 		LEFT OUTER JOIN
@@ -2256,13 +2267,7 @@ AND EXISTS (SELECT 1 FROM software s JOIN software_cve scve ON scve.software_id
 		LEFT OUTER JOIN
 			nano_command_results ncr ON ncr.command_uuid = hvsi.command_uuid
 		WHERE
-			-- use the latest install attempt only
-			( hsi.id IS NULL OR hsi.id = (
-				SELECT hsi2.id
-				FROM host_software_installs hsi2
-				WHERE hsi2.host_id = hsi.host_id AND hsi2.software_installer_id = hsi.software_installer_id AND hsi2.removed = 0
-				ORDER BY hsi2.created_at DESC
-				LIMIT 1 ) ) AND
+			-- use the latest VPP install attempt only
 			( hvsi.id IS NULL OR hvsi.id = (
 				SELECT hvsi2.id
 				FROM host_vpp_software_installs hvsi2
@@ -2276,8 +2281,7 @@ AND EXISTS (SELECT 1 FROM software s JOIN software_cve scve ON scve.software_id
 			( %s hsi.host_id IS NOT NULL OR hvsi.host_id IS NOT NULL )
 			%s
 			%s
-`, softwareInstallerHostStatusNamedQuery("hsi", ""), vppAppHostStatusNamedQuery("hvsi", "ncr", ""),
-		softwareIsInstalledOnHostClause, onlySelfServiceClause, onlyVulnerableClause)
+`, status, softwareIsInstalledOnHostClause, onlySelfServiceClause, onlyVulnerableClause)
 
 	// this statement lists only the software that has never been installed nor
 	// attempted to be installed on the host, but that is available to be
@@ -2296,6 +2300,8 @@ AND EXISTS (SELECT 1 FROM software s JOIN software_cve scve ON scve.software_id
 			NULLIF(vap.icon_url, '') as vpp_app_icon_url,
 			NULL as last_install_installed_at,
 			NULL as last_install_install_uuid,
+			NULL as last_uninstall_uninstalled_at,
+			NULL as last_uninstall_script_execution_id,
 			NULL as status
 		FROM
 			software_titles st
@@ -2359,6 +2365,8 @@ AND EXISTS (SELECT 1 FROM software s JOIN software_cve scve ON scve.software_id
 		vpp_app_icon_url,
 		last_install_installed_at,
 		last_install_install_uuid,
+		last_uninstall_uninstalled_at,
+		last_uninstall_script_execution_id,
 		status
 `
 
@@ -2369,9 +2377,9 @@ AND EXISTS (SELECT 1 FROM software s JOIN software_cve scve ON scve.software_id
 	namedArgs := map[string]any{
 		"host_id":                   host.ID,
 		"host_platform":             host.FleetPlatform(),
-		"software_status_failed":    fleet.SoftwareInstallerFailed,
-		"software_status_pending":   fleet.SoftwareInstallerPending,
-		"software_status_installed": fleet.SoftwareInstallerInstalled,
+		"software_status_failed":    fleet.SoftwareInstallFailed,
+		"software_status_pending":   fleet.SoftwareInstallPending,
+		"software_status_installed": fleet.SoftwareInstalled,
 		"mdm_status_acknowledged":   fleet.MDMAppleStatusAcknowledged,
 		"mdm_status_error":          fleet.MDMAppleStatusError,
 		"mdm_status_format_error":   fleet.MDMAppleStatusCommandFormatError,
@@ -2419,15 +2427,17 @@ AND EXISTS (SELECT 1 FROM software s JOIN software_cve scve ON scve.software_id
 
 	type hostSoftware struct {
 		fleet.HostSoftwareWithInstaller
-		LastInstallInstalledAt *time.Time `db:"last_install_installed_at"`
-		LastInstallInstallUUID *string    `db:"last_install_install_uuid"`
-		PackageSelfService     *bool      `db:"package_self_service"`
-		PackageName            *string    `db:"package_name"`
-		PackageVersion         *string    `db:"package_version"`
-		VPPAppSelfService      *bool      `db:"vpp_app_self_service"`
-		VPPAppAdamID           *string    `db:"vpp_app_adam_id"`
-		VPPAppVersion          *string    `db:"vpp_app_version"`
-		VPPAppIconURL          *string    `db:"vpp_app_icon_url"`
+		LastInstallInstalledAt         *time.Time `db:"last_install_installed_at"`
+		LastInstallInstallUUID         *string    `db:"last_install_install_uuid"`
+		LastUninstallUninstalledAt     *time.Time `db:"last_uninstall_uninstalled_at"`
+		LastUninstallScriptExecutionID *string    `db:"last_uninstall_script_execution_id"`
+		PackageSelfService             *bool      `db:"package_self_service"`
+		PackageName                    *string    `db:"package_name"`
+		PackageVersion                 *string    `db:"package_version"`
+		VPPAppSelfService              *bool      `db:"vpp_app_self_service"`
+		VPPAppAdamID                   *string    `db:"vpp_app_adam_id"`
+		VPPAppVersion                  *string    `db:"vpp_app_version"`
+		VPPAppIconURL                  *string    `db:"vpp_app_icon_url"`
 	}
 	var hostSoftwareList []*hostSoftware
 	if err := sqlx.SelectContext(ctx, ds.reader(ctx), &hostSoftwareList, stmt, args...); err != nil {
@@ -2461,6 +2471,16 @@ AND EXISTS (SELECT 1 FROM software s JOIN software_cve scve ON scve.software_id
 					hs.SoftwarePackage.LastInstall.InstalledAt = *hs.LastInstallInstalledAt
 				}
 			}
+
+			// promote the last uninstall info to the proper destination fields
+			if hs.LastUninstallScriptExecutionID != nil && *hs.LastUninstallScriptExecutionID != "" {
+				hs.SoftwarePackage.LastUninstall = &fleet.HostSoftwareUninstall{
+					ExecutionID: *hs.LastUninstallScriptExecutionID,
+				}
+				if hs.LastUninstallUninstalledAt != nil {
+					hs.SoftwarePackage.LastUninstall.UninstalledAt = *hs.LastUninstallUninstalledAt
+				}
+			}
 		}
 
 		// promote the VPP app id and version to the proper destination fields
@@ -2668,11 +2688,8 @@ SELECT
 	0 as vpp_apps_count
 FROM software_titles st
 INNER JOIN software_installers si ON si.title_id = st.id
-INNER JOIN host_software_installs hsi ON hsi.host_id = ? AND hsi.software_installer_id = si.id
-WHERE hsi.removed = 0 AND 
-	-- :software_status_installed
-	((hsi.post_install_script_exit_code IS NOT NULL AND hsi.post_install_script_exit_code = 0) OR
-	(hsi.install_script_exit_code IS NOT NULL AND hsi.install_script_exit_code = 0))
+INNER JOIN host_software_installs hsi ON hsi.host_id = :host_id AND hsi.software_installer_id = si.id
+WHERE hsi.removed = 0 AND hsi.status = :software_status_installed
 
 UNION
 
@@ -2685,12 +2702,21 @@ SELECT
 	1 as vpp_apps_count
 FROM software_titles st
 INNER JOIN vpp_apps vap ON vap.title_id = st.id
-INNER JOIN host_vpp_software_installs hvsi ON hvsi.host_id = ? AND hvsi.adam_id = vap.adam_id AND hvsi.platform = vap.platform
+INNER JOIN host_vpp_software_installs hvsi ON hvsi.host_id = :host_id AND hvsi.adam_id = vap.adam_id AND hvsi.platform = vap.platform
 INNER JOIN nano_command_results ncr ON ncr.command_uuid = hvsi.command_uuid
-WHERE hvsi.removed = 0 AND ncr.status = ?
+WHERE hvsi.removed = 0 AND ncr.status = :mdm_status_acknowledged
 `
+	selectStmt, args, err := sqlx.Named(stmt, map[string]interface{}{
+		"host_id":                   hostID,
+		"software_status_installed": fleet.SoftwareInstalled,
+		"mdm_status_acknowledged":   fleet.MDMAppleStatusAcknowledged,
+	})
+	if err != nil {
+		return nil, ctxerr.Wrap(ctx, err, "build query to get installed software titles")
+	}
+
 	var titles []fleet.SoftwareTitle
-	if err := sqlx.SelectContext(ctx, qc, &titles, stmt, hostID, hostID, fleet.MDMAppleStatusAcknowledged); err != nil {
+	if err := sqlx.SelectContext(ctx, qc, &titles, selectStmt, args...); err != nil {
 		return nil, ctxerr.Wrap(ctx, err, "get installed software titles")
 	}
 	return titles, nil
diff --git a/server/datastore/mysql/software_installers.go b/server/datastore/mysql/software_installers.go
index 21d5a0aa95..aa5e751240 100644
--- a/server/datastore/mysql/software_installers.go
+++ b/server/datastore/mysql/software_installers.go
@@ -24,14 +24,12 @@ func (ds *Datastore) ListPendingSoftwareInstalls(ctx context.Context, hostID uin
   WHERE
     host_id = ?
   AND
-    install_script_exit_code IS NULL
-  AND
-    pre_install_query_output IS NULL
+	status = ?
   ORDER BY
     created_at ASC
 `
 	var results []string
-	if err := sqlx.SelectContext(ctx, ds.reader(ctx), &results, stmt, hostID); err != nil {
+	if err := sqlx.SelectContext(ctx, ds.reader(ctx), &results, stmt, hostID, fleet.SoftwareInstallPending); err != nil {
 		return nil, ctxerr.Wrap(ctx, err, "list pending software installs")
 	}
 	return results, nil
@@ -86,6 +84,11 @@ func (ds *Datastore) MatchOrCreateSoftwareInstaller(ctx context.Context, payload
 		return 0, ctxerr.Wrap(ctx, err, "get or generate install script contents ID")
 	}
 
+	uninstallScriptID, err := ds.getOrGenerateScriptContentsID(ctx, payload.UninstallScript)
+	if err != nil {
+		return 0, ctxerr.Wrap(ctx, err, "get or generate uninstall script contents ID")
+	}
+
 	var postInstallScriptID *uint
 	if payload.PostInstallScript != "" {
 		sid, err := ds.getOrGenerateScriptContentsID(ctx, payload.PostInstallScript)
@@ -113,15 +116,17 @@ INSERT INTO software_installers (
 	storage_id,
 	filename,
 	version,
+	package_ids,
 	install_script_content_id,
 	pre_install_query,
 	post_install_script_content_id,
+    uninstall_script_content_id,
 	platform,
     self_service,
 	user_id,
 	user_name,
 	user_email
-) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, (SELECT name FROM users WHERE id = ?), (SELECT email FROM users WHERE id = ?))`
+) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, (SELECT name FROM users WHERE id = ?), (SELECT email FROM users WHERE id = ?))`
 
 	args := []interface{}{
 		tid,
@@ -130,9 +135,11 @@ INSERT INTO software_installers (
 		payload.StorageID,
 		payload.Filename,
 		payload.Version,
+		strings.Join(payload.PackageIDs, ","),
 		installScriptID,
 		payload.PreInstallQuery,
 		postInstallScriptID,
+		uninstallScriptID,
 		payload.Platform,
 		payload.SelfService,
 		payload.UserID,
@@ -215,6 +222,7 @@ SELECT
 	si.install_script_content_id,
 	si.pre_install_query,
 	si.post_install_script_content_id,
+	si.uninstall_script_content_id,
 	si.uploaded_at,
 	COALESCE(st.name, '') AS software_title,
 	si.platform
@@ -239,9 +247,10 @@ WHERE
 func (ds *Datastore) GetSoftwareInstallerMetadataByTeamAndTitleID(ctx context.Context, teamID *uint, titleID uint, withScriptContents bool) (*fleet.SoftwareInstaller, error) {
 	var scriptContentsSelect, scriptContentsFrom string
 	if withScriptContents {
-		scriptContentsSelect = ` , inst.contents AS install_script, COALESCE(pisnt.contents, '') AS post_install_script `
+		scriptContentsSelect = ` , inst.contents AS install_script, COALESCE(pinst.contents, '') AS post_install_script, uninst.contents AS uninstall_script `
 		scriptContentsFrom = ` LEFT OUTER JOIN script_contents inst ON inst.id = si.install_script_content_id
-		LEFT OUTER JOIN script_contents pisnt ON pisnt.id = si.post_install_script_content_id `
+		LEFT OUTER JOIN script_contents pinst ON pinst.id = si.post_install_script_content_id
+		LEFT OUTER JOIN script_contents uninst ON uninst.id = si.uninstall_script_content_id`
 	}
 
 	query := fmt.Sprintf(`
@@ -255,6 +264,7 @@ SELECT
   si.install_script_content_id,
   si.pre_install_query,
   si.post_install_script_content_id,
+  si.uninstall_script_content_id,
   si.uploaded_at,
   si.self_service,
   COALESCE(st.name, '') AS software_title
@@ -349,6 +359,41 @@ func (ds *Datastore) InsertSoftwareInstallRequest(ctx context.Context, hostID ui
 	return installID, ctxerr.Wrap(ctx, err, "inserting new install software request")
 }
 
+func (ds *Datastore) InsertSoftwareUninstallRequest(ctx context.Context, executionID string, hostID uint, softwareInstallerID uint) error {
+	const (
+		insertStmt = `
+		  INSERT INTO host_software_installs
+		    (execution_id, host_id, software_installer_id, user_id, uninstall)
+		  VALUES
+		    (?, ?, ?, ?, 1)
+		    `
+		hostExistsStmt = `SELECT 1 FROM hosts WHERE id = ?`
+	)
+
+	// we need to explicitly do this check here because we can't set a FK constraint on the schema
+	var hostExists bool
+	err := sqlx.GetContext(ctx, ds.reader(ctx), &hostExists, hostExistsStmt, hostID)
+	if err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			return notFound("Host").WithID(hostID)
+		}
+		return ctxerr.Wrap(ctx, err, "checking if host exists")
+	}
+
+	var userID *uint
+	if ctxUser := authz.UserFromContext(ctx); ctxUser != nil {
+		userID = &ctxUser.ID
+	}
+	_, err = ds.writer(ctx).ExecContext(ctx, insertStmt,
+		executionID,
+		hostID,
+		softwareInstallerID,
+		userID,
+	)
+
+	return ctxerr.Wrap(ctx, err, "inserting new uninstall software request")
+}
+
 func (ds *Datastore) GetSoftwareInstallResults(ctx context.Context, resultsUUID string) (*fleet.HostSoftwareInstallerResult, error) {
 	query := fmt.Sprintf(`
 SELECT
@@ -359,7 +404,7 @@ SELECT
 	hsi.host_id AS host_id,
 	st.name AS software_title,
 	st.id AS software_title_id,
-	COALESCE(%s, '') AS status,
+	COALESCE(hsi.status, '') AS status,
 	si.filename AS software_package,
 	hsi.user_id AS user_id,
 	hsi.post_install_script_exit_code,
@@ -375,13 +420,10 @@ FROM
 	JOIN software_titles st ON si.title_id = st.id
 WHERE
 	hsi.execution_id = :execution_id
-	`, softwareInstallerHostStatusNamedQuery("hsi", ""))
+	`)
 
 	stmt, args, err := sqlx.Named(query, map[string]any{
-		"execution_id":              resultsUUID,
-		"software_status_failed":    fleet.SoftwareInstallerFailed,
-		"software_status_pending":   fleet.SoftwareInstallerPending,
-		"software_status_installed": fleet.SoftwareInstallerInstalled,
+		"execution_id": resultsUUID,
 	})
 	if err != nil {
 		return nil, ctxerr.Wrap(ctx, err, "build named query for get software install results")
@@ -404,13 +446,15 @@ func (ds *Datastore) GetSummaryHostSoftwareInstalls(ctx context.Context, install
 
 	stmt := fmt.Sprintf(`
 SELECT
-	COALESCE(SUM( IF(status = :software_status_pending, 1, 0)), 0) AS pending,
-	COALESCE(SUM( IF(status = :software_status_failed, 1, 0)), 0) AS failed,
+	COALESCE(SUM( IF(status = :software_status_pending_install, 1, 0)), 0) AS pending_install,
+	COALESCE(SUM( IF(status = :software_status_failed_install, 1, 0)), 0) AS failed_install,
+	COALESCE(SUM( IF(status = :software_status_pending_uninstall, 1, 0)), 0) AS pending_uninstall,
+	COALESCE(SUM( IF(status = :software_status_failed_uninstall, 1, 0)), 0) AS failed_uninstall,
 	COALESCE(SUM( IF(status = :software_status_installed, 1, 0)), 0) AS installed
 FROM (
 SELECT
 	software_installer_id,
-	%s
+	status
 FROM
 	host_software_installs hsi
 WHERE
@@ -424,13 +468,15 @@ WHERE
 			AND host_deleted_at IS NULL
 			AND removed = 0
 		GROUP BY
-			host_id)) s`, softwareInstallerHostStatusNamedQuery("hsi", "status"))
+			host_id)) s`)
 
 	query, args, err := sqlx.Named(stmt, map[string]interface{}{
-		"installer_id":              installerID,
-		"software_status_pending":   fleet.SoftwareInstallerPending,
-		"software_status_failed":    fleet.SoftwareInstallerFailed,
-		"software_status_installed": fleet.SoftwareInstallerInstalled,
+		"installer_id":                      installerID,
+		"software_status_pending_install":   fleet.SoftwareInstallPending,
+		"software_status_failed_install":    fleet.SoftwareInstallFailed,
+		"software_status_pending_uninstall": fleet.SoftwareUninstallPending,
+		"software_status_failed_uninstall":  fleet.SoftwareUninstallFailed,
+		"software_status_installed":         fleet.SoftwareInstalled,
 	})
 	if err != nil {
 		return nil, ctxerr.Wrap(ctx, err, "get summary host software installs: named query")
@@ -445,6 +491,15 @@ WHERE
 }
 
 func (ds *Datastore) vppAppJoin(appID fleet.VPPAppID, status fleet.SoftwareInstallerStatus) (string, []interface{}, error) {
+	// Since VPP does not have uninstaller yet, we map the generic pending/failed statuses to the install statuses
+	switch status {
+	case fleet.SoftwarePending:
+		status = fleet.SoftwareInstallPending
+	case fleet.SoftwareFailed:
+		status = fleet.SoftwareInstallFailed
+	default:
+		// no change
+	}
 	stmt := fmt.Sprintf(`JOIN (
 SELECT
 	host_id
@@ -469,9 +524,9 @@ WHERE
 		"status":                    status,
 		"adam_id":                   appID.AdamID,
 		"platform":                  appID.Platform,
-		"software_status_installed": fleet.SoftwareInstallerInstalled,
-		"software_status_failed":    fleet.SoftwareInstallerFailed,
-		"software_status_pending":   fleet.SoftwareInstallerPending,
+		"software_status_installed": fleet.SoftwareInstalled,
+		"software_status_failed":    fleet.SoftwareInstallFailed,
+		"software_status_pending":   fleet.SoftwareInstallPending,
 		"mdm_status_acknowledged":   fleet.MDMAppleStatusAcknowledged,
 		"mdm_status_error":          fleet.MDMAppleStatusError,
 		"mdm_status_format_error":   fleet.MDMAppleStatusCommandFormatError,
@@ -479,6 +534,21 @@ WHERE
 }
 
 func (ds *Datastore) softwareInstallerJoin(installerID uint, status fleet.SoftwareInstallerStatus) (string, []interface{}, error) {
+	statusFilter := "hsi.status = :status"
+	var status2 fleet.SoftwareInstallerStatus
+	switch status {
+	case fleet.SoftwarePending:
+		status = fleet.SoftwareInstallPending
+		status2 = fleet.SoftwareUninstallPending
+	case fleet.SoftwareFailed:
+		status = fleet.SoftwareInstallFailed
+		status2 = fleet.SoftwareUninstallFailed
+	default:
+		// no change
+	}
+	if status2 != "" {
+		statusFilter = "hsi.status IN (:status, :status2)"
+	}
 	stmt := fmt.Sprintf(`JOIN (
 SELECT
 	host_id
@@ -495,21 +565,19 @@ WHERE
 			AND removed = 0
 		GROUP BY
 			host_id, software_installer_id)
-	AND (%s) = :status) hss ON hss.host_id = h.id
-`, softwareInstallerHostStatusNamedQuery("hsi", ""))
+	AND %s) hss ON hss.host_id = h.id
+`, statusFilter)
 
 	return sqlx.Named(stmt, map[string]interface{}{
-		"status":                    status,
-		"installer_id":              installerID,
-		"software_status_installed": fleet.SoftwareInstallerInstalled,
-		"software_status_failed":    fleet.SoftwareInstallerFailed,
-		"software_status_pending":   fleet.SoftwareInstallerPending,
+		"status":       status,
+		"status2":      status2,
+		"installer_id": installerID,
 	})
 }
 
 func (ds *Datastore) GetHostLastInstallData(ctx context.Context, hostID, installerID uint) (*fleet.HostLastInstallData, error) {
 	stmt := fmt.Sprintf(`
-		SELECT execution_id, %s AS status
+		SELECT execution_id, hsi.status
 		FROM host_software_installs hsi
 		WHERE hsi.id = (
 			SELECT
@@ -519,14 +587,11 @@ func (ds *Datastore) GetHostLastInstallData(ctx context.Context, hostID, install
 				software_installer_id = :installer_id AND host_id = :host_id
 			GROUP BY
 				host_id, software_installer_id)
-`, softwareInstallerHostStatusNamedQuery("hsi", ""))
+`)
 
 	stmt, args, err := sqlx.Named(stmt, map[string]interface{}{
-		"host_id":                   hostID,
-		"installer_id":              installerID,
-		"software_status_installed": fleet.SoftwareInstallerInstalled,
-		"software_status_failed":    fleet.SoftwareInstallerFailed,
-		"software_status_pending":   fleet.SoftwareInstallerPending,
+		"host_id":      hostID,
+		"installer_id": installerID,
 	})
 	if err != nil {
 		return nil, ctxerr.Wrap(ctx, err, "build named query to get host last install data")
@@ -623,6 +688,7 @@ INSERT INTO software_installers (
 	filename,
 	version,
 	install_script_content_id,
+	uninstall_script_content_id,
 	pre_install_query,
 	post_install_script_content_id,
 	platform,
@@ -633,12 +699,13 @@ INSERT INTO software_installers (
 	user_email,
 	url
 ) VALUES (
-  ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
+  ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
   (SELECT id FROM software_titles WHERE name = ? AND source = ? AND browser = ''),
   ?, (SELECT name FROM users WHERE id = ?), (SELECT email FROM users WHERE id = ?), ?
 )
 ON DUPLICATE KEY UPDATE
   install_script_content_id = VALUES(install_script_content_id),
+  uninstall_script_content_id = VALUES(uninstall_script_content_id),
   post_install_script_content_id = VALUES(post_install_script_content_id),
   storage_id = VALUES(storage_id),
   filename = VALUES(filename),
@@ -732,6 +799,12 @@ WHERE global_or_team_id = ?
 			}
 			installScriptID, _ := isRes.LastInsertId()
 
+			uisRes, err := insertScriptContents(ctx, tx, installer.UninstallScript)
+			if err != nil {
+				return ctxerr.Wrapf(ctx, err, "inserting uninstall script contents for software installer with name %q", installer.Filename)
+			}
+			uninstallScriptID, _ := uisRes.LastInsertId()
+
 			var postInstallScriptID *int64
 			if installer.PostInstallScript != "" {
 				pisRes, err := insertScriptContents(ctx, tx, installer.PostInstallScript)
@@ -750,6 +823,7 @@ WHERE global_or_team_id = ?
 				installer.Filename,
 				installer.Version,
 				installScriptID,
+				uninstallScriptID,
 				installer.PreInstallQuery,
 				postInstallScriptID,
 				installer.Platform,
@@ -805,3 +879,19 @@ func (ds *Datastore) HasSelfServiceSoftwareInstallers(ctx context.Context, hostP
 	}
 	return hasInstallers, nil
 }
+
+func (ds *Datastore) GetSoftwareTitleNameFromExecutionID(ctx context.Context, executionID string) (string, error) {
+	stmt := `
+	SELECT name
+	FROM software_titles st
+	INNER JOIN software_installers si ON si.title_id = st.id
+	INNER JOIN host_software_installs hsi ON hsi.software_installer_id = si.id
+	WHERE hsi.execution_id = ?
+	`
+	var name string
+	err := sqlx.GetContext(ctx, ds.reader(ctx), &name, stmt, executionID)
+	if err != nil {
+		return "", ctxerr.Wrap(ctx, err, "get software title name from execution ID")
+	}
+	return name, nil
+}
diff --git a/server/datastore/mysql/software_installers_test.go b/server/datastore/mysql/software_installers_test.go
index 0da31b41ee..aceb530c59 100644
--- a/server/datastore/mysql/software_installers_test.go
+++ b/server/datastore/mysql/software_installers_test.go
@@ -13,6 +13,7 @@ import (
 	"github.com/fleetdm/fleet/v4/server/ptr"
 	"github.com/fleetdm/fleet/v4/server/test"
 	"github.com/google/uuid"
+	"github.com/jmoiron/sqlx"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -118,7 +119,7 @@ func testListPendingSoftwareInstalls(t *testing.T, ds *Datastore) {
 	err = ds.SetHostSoftwareInstallResult(ctx, &fleet.HostSoftwareInstallResultPayload{
 		HostID:                    host2.ID,
 		InstallUUID:               hostInstall5,
-		PreInstallConditionOutput: ptr.String("output"),
+		PreInstallConditionOutput: ptr.String(""), // pre-install query did not return results, so install failed
 	})
 	require.NoError(t, err)
 
@@ -211,24 +212,128 @@ func testSoftwareInstallRequests(t *testing.T, ds *Datastore) {
 			_, err = ds.InsertSoftwareInstallRequest(ctx, 12, si.InstallerID, false)
 			require.ErrorAs(t, err, &nfe)
 
-			// successful insert
-			host, err := ds.NewHost(ctx, &fleet.Host{
-				Hostname:      "macos-test" + tc,
-				OsqueryHostID: ptr.String("osquery-macos" + tc),
-				NodeKey:       ptr.String("node-key-macos" + tc),
+			// Host with software install pending
+			tag := "-pending_install"
+			hostPendingInstall, err := ds.NewHost(ctx, &fleet.Host{
+				Hostname:      "macos-test" + tag + tc,
+				OsqueryHostID: ptr.String("osquery-macos" + tag + tc),
+				NodeKey:       ptr.String("node-key-macos" + tag + tc),
 				UUID:          uuid.NewString(),
 				Platform:      "darwin",
 				TeamID:        teamID,
 			})
 			require.NoError(t, err)
-			_, err = ds.InsertSoftwareInstallRequest(ctx, host.ID, si.InstallerID, false)
+			_, err = ds.InsertSoftwareInstallRequest(ctx, hostPendingInstall.ID, si.InstallerID, false)
 			require.NoError(t, err)
 
-			// list hosts with software install requests
+			// Host with software install failed
+			tag = "-failed_install"
+			hostFailedInstall, err := ds.NewHost(ctx, &fleet.Host{
+				Hostname:      "macos-test" + tag + tc,
+				OsqueryHostID: ptr.String("osquery-macos" + tag + tc),
+				NodeKey:       ptr.String("node-key-macos" + tag + tc),
+				UUID:          uuid.NewString(),
+				Platform:      "darwin",
+				TeamID:        teamID,
+			})
+			require.NoError(t, err)
+			_, err = ds.InsertSoftwareInstallRequest(ctx, hostFailedInstall.ID, si.InstallerID, false)
+			require.NoError(t, err)
+			ExecAdhocSQL(t, ds, func(q sqlx.ExtContext) error {
+				_, err = q.ExecContext(ctx, `
+					UPDATE host_software_installs SET install_script_exit_code = 1 WHERE host_id = ? AND software_installer_id = ?`,
+					hostFailedInstall.ID, si.InstallerID)
+				require.NoError(t, err)
+				return nil
+			})
+
+			// Host with software install successful
+			tag = "-installed"
+			hostInstalled, err := ds.NewHost(ctx, &fleet.Host{
+				Hostname:      "macos-test" + tag + tc,
+				OsqueryHostID: ptr.String("osquery-macos" + tag + tc),
+				NodeKey:       ptr.String("node-key-macos" + tag + tc),
+				UUID:          uuid.NewString(),
+				Platform:      "darwin",
+				TeamID:        teamID,
+			})
+			require.NoError(t, err)
+			_, err = ds.InsertSoftwareInstallRequest(ctx, hostInstalled.ID, si.InstallerID, false)
+			require.NoError(t, err)
+			ExecAdhocSQL(t, ds, func(q sqlx.ExtContext) error {
+				_, err = q.ExecContext(ctx, `
+					UPDATE host_software_installs SET install_script_exit_code = 0 WHERE host_id = ? AND software_installer_id = ?`,
+					hostInstalled.ID, si.InstallerID)
+				require.NoError(t, err)
+				return nil
+			})
+
+			// Host with pending uninstall
+			tag = "-pending_uninstall"
+			hostPendingUninstall, err := ds.NewHost(ctx, &fleet.Host{
+				Hostname:      "macos-test" + tag + tc,
+				OsqueryHostID: ptr.String("osquery-macos" + tag + tc),
+				NodeKey:       ptr.String("node-key-macos" + tag + tc),
+				UUID:          uuid.NewString(),
+				Platform:      "darwin",
+				TeamID:        teamID,
+			})
+			require.NoError(t, err)
+			err = ds.InsertSoftwareUninstallRequest(ctx, "uuid"+tag+tc, hostPendingUninstall.ID, si.InstallerID)
+			require.NoError(t, err)
+
+			// Host with failed uninstall
+			tag = "-failed_uninstall"
+			hostFailedUninstall, err := ds.NewHost(ctx, &fleet.Host{
+				Hostname:      "macos-test" + tag + tc,
+				OsqueryHostID: ptr.String("osquery-macos" + tag + tc),
+				NodeKey:       ptr.String("node-key-macos" + tag + tc),
+				UUID:          uuid.NewString(),
+				Platform:      "darwin",
+				TeamID:        teamID,
+			})
+			require.NoError(t, err)
+			err = ds.InsertSoftwareUninstallRequest(ctx, "uuid"+tag+tc, hostFailedUninstall.ID, si.InstallerID)
+			require.NoError(t, err)
+			ExecAdhocSQL(t, ds, func(q sqlx.ExtContext) error {
+				_, err = q.ExecContext(ctx, `
+					UPDATE host_software_installs SET uninstall_script_exit_code = 1 WHERE host_id = ? AND software_installer_id = ?`,
+					hostFailedUninstall.ID, si.InstallerID)
+				require.NoError(t, err)
+				return nil
+			})
+
+			// Host with successful uninstall
+			tag = "-uninstalled"
+			hostUninstalled, err := ds.NewHost(ctx, &fleet.Host{
+				Hostname:      "macos-test" + tag + tc,
+				OsqueryHostID: ptr.String("osquery-macos" + tag + tc),
+				NodeKey:       ptr.String("node-key-macos" + tag + tc),
+				UUID:          uuid.NewString(),
+				Platform:      "darwin",
+				TeamID:        teamID,
+			})
+			require.NoError(t, err)
+			err = ds.InsertSoftwareUninstallRequest(ctx, "uuid"+tag+tc, hostUninstalled.ID, si.InstallerID)
+			require.NoError(t, err)
+			ExecAdhocSQL(t, ds, func(q sqlx.ExtContext) error {
+				_, err = q.ExecContext(ctx, `
+					UPDATE host_software_installs SET uninstall_script_exit_code = 0 WHERE host_id = ? AND software_installer_id = ?`,
+					hostUninstalled.ID, si.InstallerID)
+				require.NoError(t, err)
+				return nil
+			})
+
+			// Uninstall request with unknown host
+			err = ds.InsertSoftwareUninstallRequest(ctx, "uuid"+tag+tc, 99999, si.InstallerID)
+			assert.ErrorContains(t, err, "Host")
+
 			userTeamFilter := fleet.TeamFilter{
 				User: &fleet.User{GlobalRole: ptr.String("admin")},
 			}
-			expectStatus := fleet.SoftwareInstallerPending
+
+			// list hosts with software install pending requests
+			expectStatus := fleet.SoftwareInstallPending
 			hosts, err := ds.ListHosts(ctx, userTeamFilter, fleet.HostListOptions{
 				ListOptions:           fleet.ListOptions{PerPage: 100},
 				SoftwareTitleIDFilter: installerMeta.TitleID,
@@ -237,15 +342,98 @@ func testSoftwareInstallRequests(t *testing.T, ds *Datastore) {
 			})
 			require.NoError(t, err)
 			require.Len(t, hosts, 1)
-			require.Equal(t, host.ID, hosts[0].ID)
+			require.Equal(t, hostPendingInstall.ID, hosts[0].ID)
+
+			// list hosts with all pending requests
+			expectStatus = fleet.SoftwarePending
+			hosts, err = ds.ListHosts(ctx, userTeamFilter, fleet.HostListOptions{
+				ListOptions:           fleet.ListOptions{PerPage: 100},
+				SoftwareTitleIDFilter: installerMeta.TitleID,
+				SoftwareStatusFilter:  &expectStatus,
+				TeamFilter:            teamID,
+			})
+			require.NoError(t, err)
+			require.Len(t, hosts, 2)
+			assert.ElementsMatch(t, []uint{hostPendingInstall.ID, hostPendingUninstall.ID}, []uint{hosts[0].ID, hosts[1].ID})
+
+			// list hosts with software install failed requests
+			expectStatus = fleet.SoftwareInstallFailed
+			hosts, err = ds.ListHosts(ctx, userTeamFilter, fleet.HostListOptions{
+				ListOptions:           fleet.ListOptions{PerPage: 100},
+				SoftwareTitleIDFilter: installerMeta.TitleID,
+				SoftwareStatusFilter:  &expectStatus,
+				TeamFilter:            teamID,
+			})
+			require.NoError(t, err)
+			require.Len(t, hosts, 1)
+			assert.ElementsMatch(t, []uint{hostFailedInstall.ID}, []uint{hosts[0].ID})
+
+			// list hosts with all failed requests
+			expectStatus = fleet.SoftwareFailed
+			hosts, err = ds.ListHosts(ctx, userTeamFilter, fleet.HostListOptions{
+				ListOptions:           fleet.ListOptions{PerPage: 100},
+				SoftwareTitleIDFilter: installerMeta.TitleID,
+				SoftwareStatusFilter:  &expectStatus,
+				TeamFilter:            teamID,
+			})
+			require.NoError(t, err)
+			require.Len(t, hosts, 2)
+			assert.ElementsMatch(t, []uint{hostFailedInstall.ID, hostFailedUninstall.ID}, []uint{hosts[0].ID, hosts[1].ID})
+
+			// list hosts with software installed
+			expectStatus = fleet.SoftwareInstalled
+			hosts, err = ds.ListHosts(ctx, userTeamFilter, fleet.HostListOptions{
+				ListOptions:           fleet.ListOptions{PerPage: 100},
+				SoftwareTitleIDFilter: installerMeta.TitleID,
+				SoftwareStatusFilter:  &expectStatus,
+				TeamFilter:            teamID,
+			})
+			require.NoError(t, err)
+			require.Len(t, hosts, 1)
+			assert.ElementsMatch(t, []uint{hostInstalled.ID}, []uint{hosts[0].ID})
+
+			// list hosts with pending software uninstall requests
+			expectStatus = fleet.SoftwareUninstallPending
+			hosts, err = ds.ListHosts(ctx, userTeamFilter, fleet.HostListOptions{
+				ListOptions:           fleet.ListOptions{PerPage: 100},
+				SoftwareTitleIDFilter: installerMeta.TitleID,
+				SoftwareStatusFilter:  &expectStatus,
+				TeamFilter:            teamID,
+			})
+			require.NoError(t, err)
+			require.Len(t, hosts, 1)
+			assert.ElementsMatch(t, []uint{hostPendingUninstall.ID}, []uint{hosts[0].ID})
+
+			// list hosts with failed software uninstall requests
+			expectStatus = fleet.SoftwareUninstallFailed
+			hosts, err = ds.ListHosts(ctx, userTeamFilter, fleet.HostListOptions{
+				ListOptions:           fleet.ListOptions{PerPage: 100},
+				SoftwareTitleIDFilter: installerMeta.TitleID,
+				SoftwareStatusFilter:  &expectStatus,
+				TeamFilter:            teamID,
+			})
+			require.NoError(t, err)
+			require.Len(t, hosts, 1)
+			assert.ElementsMatch(t, []uint{hostFailedUninstall.ID}, []uint{hosts[0].ID})
+
+			// list all hosts with the software title that shows up in host_software (after fleetd software query is run)
+			hosts, err = ds.ListHosts(ctx, userTeamFilter, fleet.HostListOptions{
+				ListOptions:           fleet.ListOptions{PerPage: 100},
+				SoftwareTitleIDFilter: installerMeta.TitleID,
+				TeamFilter:            teamID,
+			})
+			require.NoError(t, err)
+			assert.Empty(t, hosts)
 
 			// get software title includes status
 			summary, err := ds.GetSummaryHostSoftwareInstalls(ctx, installerMeta.InstallerID)
 			require.NoError(t, err)
 			require.Equal(t, fleet.SoftwareInstallerStatusSummary{
-				Installed: 0,
-				Pending:   1,
-				Failed:    0,
+				Installed:        1,
+				PendingInstall:   1,
+				FailedInstall:    1,
+				PendingUninstall: 1,
+				FailedUninstall:  1,
 			}, *summary)
 		})
 	}
@@ -271,27 +459,27 @@ func testGetSoftwareInstallResult(t *testing.T, ds *Datastore) {
 	}{
 		{
 			name:                    "pending install",
-			expectedStatus:          fleet.SoftwareInstallerPending,
+			expectedStatus:          fleet.SoftwareInstallPending,
 			postInstallScriptOutput: ptr.String("post install output"),
 			installScriptOutput:     ptr.String("install output"),
 		},
 		{
 			name:                    "failing install post install script",
-			expectedStatus:          fleet.SoftwareInstallerFailed,
+			expectedStatus:          fleet.SoftwareInstallFailed,
 			postInstallScriptEC:     ptr.Int(1),
 			postInstallScriptOutput: ptr.String("post install output"),
 			installScriptOutput:     ptr.String("install output"),
 		},
 		{
 			name:                    "failing install install script",
-			expectedStatus:          fleet.SoftwareInstallerFailed,
+			expectedStatus:          fleet.SoftwareInstallFailed,
 			installScriptEC:         ptr.Int(1),
 			postInstallScriptOutput: ptr.String("post install output"),
 			installScriptOutput:     ptr.String("install output"),
 		},
 		{
 			name:                    "failing install pre install query",
-			expectedStatus:          fleet.SoftwareInstallerFailed,
+			expectedStatus:          fleet.SoftwareInstallFailed,
 			preInstallQueryOutput:   ptr.String(""),
 			postInstallScriptOutput: ptr.String("post install output"),
 			installScriptOutput:     ptr.String("install output"),
@@ -812,7 +1000,7 @@ func testGetHostLastInstallData(t *testing.T, ds *Datastore) {
 	require.NotNil(t, host1LastInstall)
 	require.Equal(t, installUUID1, host1LastInstall.ExecutionID)
 	require.NotNil(t, host1LastInstall.Status)
-	require.Equal(t, fleet.SoftwareInstallerPending, *host1LastInstall.Status)
+	require.Equal(t, fleet.SoftwareInstallPending, *host1LastInstall.Status)
 
 	// Set result of last installation.
 	err = ds.SetHostSoftwareInstallResult(ctx, &fleet.HostSoftwareInstallResultPayload{
@@ -829,7 +1017,7 @@ func testGetHostLastInstallData(t *testing.T, ds *Datastore) {
 	require.NotNil(t, host1LastInstall)
 	require.Equal(t, installUUID1, host1LastInstall.ExecutionID)
 	require.NotNil(t, host1LastInstall.Status)
-	require.Equal(t, fleet.SoftwareInstallerInstalled, *host1LastInstall.Status)
+	require.Equal(t, fleet.SoftwareInstalled, *host1LastInstall.Status)
 
 	// Install installer2.pkg on host1.
 	installUUID2, err := ds.InsertSoftwareInstallRequest(ctx, host1.ID, softwareInstallerID2, false)
@@ -842,14 +1030,14 @@ func testGetHostLastInstallData(t *testing.T, ds *Datastore) {
 	require.NotNil(t, host1LastInstall)
 	require.Equal(t, installUUID1, host1LastInstall.ExecutionID)
 	require.NotNil(t, host1LastInstall.Status)
-	require.Equal(t, fleet.SoftwareInstallerInstalled, *host1LastInstall.Status)
+	require.Equal(t, fleet.SoftwareInstalled, *host1LastInstall.Status)
 	// Last installation for installer2.pkg should be "pending".
 	host1LastInstall, err = ds.GetHostLastInstallData(ctx, host1.ID, softwareInstallerID2)
 	require.NoError(t, err)
 	require.NotNil(t, host1LastInstall)
 	require.Equal(t, installUUID2, host1LastInstall.ExecutionID)
 	require.NotNil(t, host1LastInstall.Status)
-	require.Equal(t, fleet.SoftwareInstallerPending, *host1LastInstall.Status)
+	require.Equal(t, fleet.SoftwareInstallPending, *host1LastInstall.Status)
 
 	// Perform another installation of installer1.pkg.
 	installUUID3, err := ds.InsertSoftwareInstallRequest(ctx, host1.ID, softwareInstallerID1, false)
@@ -862,7 +1050,7 @@ func testGetHostLastInstallData(t *testing.T, ds *Datastore) {
 	require.NotNil(t, host1LastInstall)
 	require.Equal(t, installUUID3, host1LastInstall.ExecutionID)
 	require.NotNil(t, host1LastInstall.Status)
-	require.Equal(t, fleet.SoftwareInstallerPending, *host1LastInstall.Status)
+	require.Equal(t, fleet.SoftwareInstallPending, *host1LastInstall.Status)
 
 	// Set result of last installer1.pkg installation.
 	err = ds.SetHostSoftwareInstallResult(ctx, &fleet.HostSoftwareInstallResultPayload{
@@ -879,7 +1067,7 @@ func testGetHostLastInstallData(t *testing.T, ds *Datastore) {
 	require.NotNil(t, host1LastInstall)
 	require.Equal(t, installUUID3, host1LastInstall.ExecutionID)
 	require.NotNil(t, host1LastInstall.Status)
-	require.Equal(t, fleet.SoftwareInstallerFailed, *host1LastInstall.Status)
+	require.Equal(t, fleet.SoftwareInstallFailed, *host1LastInstall.Status)
 
 	// No installations on host2.
 	host2LastInstall, err := ds.GetHostLastInstallData(ctx, host2.ID, softwareInstallerID1)
diff --git a/server/datastore/mysql/software_test.go b/server/datastore/mysql/software_test.go
index 75dfc8d2d0..3596281355 100644
--- a/server/datastore/mysql/software_test.go
+++ b/server/datastore/mysql/software_test.go
@@ -3323,11 +3323,19 @@ func testListHostSoftware(t *testing.T, ds *Datastore) {
 	}
 
 	compareResults := func(expected map[string]fleet.HostSoftwareWithInstaller, got []*fleet.HostSoftwareWithInstaller, expectAsc bool, expectOmitted ...string) {
-		require.Len(t, got, len(expected)-len(expectOmitted))
+		gotToString := func() string {
+			var builder strings.Builder
+			builder.WriteString("Got:\n")
+			for _, g := range got {
+				builder.WriteString(fmt.Sprintf("%+v\n", g))
+			}
+			return builder.String()
+		}
+		require.Len(t, got, len(expected)-len(expectOmitted), gotToString())
 		prev := ""
 		for _, g := range got {
 			e, ok := expected[g.Name+g.Source]
-			require.True(t, ok)
+			require.True(t, ok, "unexpected software %s%s", g.Name, g.Source)
 			require.Equal(t, e.Name, g.Name)
 			require.Equal(t, e.Source, g.Source)
 			if e.SoftwarePackage != nil {
@@ -3341,6 +3349,10 @@ func testListHostSoftware(t *testing.T, ds *Datastore) {
 					require.Equal(t, e.SoftwarePackage.LastInstall.InstallUUID, g.SoftwarePackage.LastInstall.InstallUUID)
 					require.NotNil(t, g.SoftwarePackage.LastInstall.InstalledAt)
 				}
+				if e.SoftwarePackage.LastUninstall != nil {
+					assert.Equal(t, e.SoftwarePackage.LastUninstall.ExecutionID, g.SoftwarePackage.LastUninstall.ExecutionID)
+					assert.NotNil(t, g.SoftwarePackage.LastUninstall.UninstalledAt)
+				}
 			}
 
 			if e.AppStoreApp != nil {
@@ -3410,7 +3422,8 @@ func testListHostSoftware(t *testing.T, ds *Datastore) {
 	tm, err := ds.NewTeam(ctx, &fleet.Team{Name: "team1"})
 	require.NoError(t, err)
 
-	var swi1Pending, swi2Installed, swi3Failed, swi4Available, swi5Tm uint
+	const numberOfSoftwareInstallers = 8
+	var swi1Pending, swi2Installed, swi3Failed, swi4Available, swi5Tm, swi6PendingUninstall, swi7FailedUninstall, swi8Uninstalled uint
 	var otherHostI1UUID, otherHostI2UUID string
 	ExecAdhocSQL(t, ds, func(q sqlx.ExtContext) error {
 		// keep title id of software B, will use it to associate an installer with it
@@ -3428,10 +3441,19 @@ func testListHostSoftware(t *testing.T, ds *Datastore) {
 		}
 		scriptContentID, _ := res.LastInsertId()
 
+		// create the uninstall script content (same for all installers, doesn't matter)
+		uninstallScript := `echo 'bar'`
+		resUninstall, err := q.ExecContext(ctx, `INSERT INTO script_contents (md5_checksum, contents) VALUES (UNHEX(md5(?)), ?)`,
+			uninstallScript, uninstallScript)
+		if err != nil {
+			return err
+		}
+		uninstallScriptContentID, _ := resUninstall.LastInsertId()
+
 		// create software titles for all but swi1Pending (will be linked to
 		// existing software title b)
 		var titleIDs []uint
-		for i := 0; i < 4; i++ {
+		for i := 0; i < numberOfSoftwareInstallers-1; i++ {
 			res, err := q.ExecContext(ctx, `INSERT INTO software_titles (name, source) VALUES (?, 'apps')`, fmt.Sprintf("i%d", i))
 			if err != nil {
 				return err
@@ -3441,7 +3463,7 @@ func testListHostSoftware(t *testing.T, ds *Datastore) {
 		}
 
 		var swiIDs []uint
-		for i := 0; i < 5; i++ {
+		for i := 0; i < numberOfSoftwareInstallers; i++ {
 			var (
 				titleID        uint
 				teamID         *uint
@@ -3458,10 +3480,12 @@ func testListHostSoftware(t *testing.T, ds *Datastore) {
 			}
 			res, err := q.ExecContext(ctx, `
 						INSERT INTO software_installers
-							(team_id, global_or_team_id, title_id, filename, version, install_script_content_id, storage_id, platform, self_service)
+							(team_id, global_or_team_id, title_id, filename, version, install_script_content_id, uninstall_script_content_id, storage_id, platform, self_service)
 						VALUES
-							(?, ?, ?, ?, ?, ?, unhex(?), ?, ?)`,
-				teamID, globalOrTeamID, titleID, fmt.Sprintf("installer-%d.pkg", i), fmt.Sprintf("v%d.0.0", i), scriptContentID, hex.EncodeToString([]byte("test")), "darwin", i < 2)
+							(?, ?, ?, ?, ?, ?, ?, unhex(?), ?, ?)`,
+				teamID, globalOrTeamID, titleID, fmt.Sprintf("installer-%d.pkg", i), fmt.Sprintf("v%d.0.0", i), scriptContentID,
+				uninstallScriptContentID,
+				hex.EncodeToString([]byte("test")), "darwin", i < 2)
 			if err != nil {
 				return err
 			}
@@ -3469,7 +3493,9 @@ func testListHostSoftware(t *testing.T, ds *Datastore) {
 			swiIDs = append(swiIDs, uint(id))
 		}
 		// sw1Pending and swi2Installed are self-service installers
-		swi1Pending, swi2Installed, swi3Failed, swi4Available, swi5Tm = swiIDs[0], swiIDs[1], swiIDs[2], swiIDs[3], swiIDs[4]
+		swi1Pending, swi2Installed, swi3Failed, swi4Available, swi5Tm,
+			swi6PendingUninstall, swi7FailedUninstall, swi8Uninstalled =
+			swiIDs[0], swiIDs[1], swiIDs[2], swiIDs[3], swiIDs[4], swiIDs[5], swiIDs[6], swiIDs[7]
 
 		// create the results for the host
 
@@ -3518,21 +3544,31 @@ func testListHostSoftware(t *testing.T, ds *Datastore) {
 		// swi5 is for another team
 		_ = swi5Tm
 
-		// add another installer for a different platform, should be always omitted
-		res, err = q.ExecContext(ctx, `INSERT INTO software_titles (name, source) VALUES ('windows-title', 'programs')`)
-		if err != nil {
-			return err
-		}
-		lid, _ := res.LastInsertId()
+		// swi6 has been installed, and is pending uninstall
 		_, err = q.ExecContext(ctx, `
-						INSERT INTO software_installers
-							(team_id, global_or_team_id, title_id, filename, version, install_script_content_id, storage_id, platform)
-						VALUES
-							(?, ?, ?, ?, ?, ?, unhex(?), ?)`,
-			nil, 0, lid, "windows-installer-6.msi", "v6.0.0", scriptContentID, hex.EncodeToString([]byte("test")), "windows")
-		if err != nil {
-			return err
-		}
+							INSERT INTO host_software_installs (execution_id, host_id, software_installer_id, pre_install_query_output, install_script_exit_code, post_install_script_exit_code)
+							VALUES (?, ?, ?, ?, ?, ?)`,
+			"uuid6-pre", host.ID, swi6PendingUninstall, "ok", 0, 0)
+		require.NoError(t, err)
+		_, err = q.ExecContext(ctx, `
+							INSERT INTO host_software_installs (execution_id, host_id, software_installer_id, uninstall)
+							VALUES (?, ?, ?, ?)`,
+			"uuid6", host.ID, swi6PendingUninstall, 1)
+		require.NoError(t, err)
+
+		// swi7 is failed uninstall
+		_, err = q.ExecContext(ctx, `
+							INSERT INTO host_software_installs (execution_id, host_id, software_installer_id, uninstall, uninstall_script_exit_code)
+							VALUES (?, ?, ?, ?, ?)`,
+			"uuid7", host.ID, swi7FailedUninstall, 1, 1)
+		require.NoError(t, err)
+
+		// swi8 is successful uninstall
+		_, err = q.ExecContext(ctx, `
+							INSERT INTO host_software_installs (execution_id, host_id, software_installer_id, uninstall, uninstall_script_exit_code)
+							VALUES (?, ?, ?, ?, ?)`,
+			"uuid8", host.ID, swi8Uninstalled, 1, 0)
+		require.NoError(t, err)
 
 		return nil
 	})
@@ -3541,7 +3577,7 @@ func testListHostSoftware(t *testing.T, ds *Datastore) {
 	expected[byNSV[b].Name+byNSV[b].Source] = fleet.HostSoftwareWithInstaller{
 		Name:            "b",
 		Source:          "apps",
-		Status:          expectStatus(fleet.SoftwareInstallerPending),
+		Status:          expectStatus(fleet.SoftwareInstallPending),
 		SoftwarePackage: &fleet.SoftwarePackageOrApp{Name: "installer-0.pkg", Version: "v0.0.0", SelfService: ptr.Bool(true), LastInstall: &fleet.HostSoftwareInstall{InstallUUID: "uuid1"}},
 		InstalledVersions: []*fleet.HostSoftwareInstalledVersion{
 			{Version: byNSV[b].Version, Vulnerabilities: []string{vulns[3].CVE}, InstalledPaths: []string{installPaths[2]}},
@@ -3550,7 +3586,7 @@ func testListHostSoftware(t *testing.T, ds *Datastore) {
 	i0 := fleet.HostSoftwareWithInstaller{
 		Name:            "i0",
 		Source:          "apps",
-		Status:          expectStatus(fleet.SoftwareInstallerInstalled),
+		Status:          expectStatus(fleet.SoftwareInstalled),
 		SoftwarePackage: &fleet.SoftwarePackageOrApp{Name: "installer-1.pkg", Version: "v1.0.0", SelfService: ptr.Bool(true), LastInstall: &fleet.HostSoftwareInstall{InstallUUID: "uuid2"}},
 	}
 	expected[i0.Name+i0.Source] = i0
@@ -3558,16 +3594,44 @@ func testListHostSoftware(t *testing.T, ds *Datastore) {
 	i1 := fleet.HostSoftwareWithInstaller{
 		Name:            "i1",
 		Source:          "apps",
-		Status:          expectStatus(fleet.SoftwareInstallerFailed),
+		Status:          expectStatus(fleet.SoftwareInstallFailed),
 		SoftwarePackage: &fleet.SoftwarePackageOrApp{Name: "installer-2.pkg", Version: "v2.0.0", SelfService: ptr.Bool(false), LastInstall: &fleet.HostSoftwareInstall{InstallUUID: "uuid3"}},
 	}
 	expected[i1.Name+i1.Source] = i1
 
+	i4 := fleet.HostSoftwareWithInstaller{
+		Name:   "i4",
+		Source: "apps",
+		Status: expectStatus(fleet.SoftwareUninstallPending),
+		SoftwarePackage: &fleet.SoftwarePackageOrApp{Name: "installer-5.pkg", Version: "v5.0.0", SelfService: ptr.Bool(false),
+			LastInstall:   &fleet.HostSoftwareInstall{InstallUUID: "uuid6-pre"},
+			LastUninstall: &fleet.HostSoftwareUninstall{ExecutionID: "uuid6"}},
+	}
+	expected[i4.Name+i4.Source] = i4
+
+	i5 := fleet.HostSoftwareWithInstaller{
+		Name:   "i5",
+		Source: "apps",
+		Status: expectStatus(fleet.SoftwareUninstallFailed),
+		SoftwarePackage: &fleet.SoftwarePackageOrApp{Name: "installer-6.pkg", Version: "v6.0.0", SelfService: ptr.Bool(false),
+			LastUninstall: &fleet.HostSoftwareUninstall{ExecutionID: "uuid7"}},
+	}
+	expected[i5.Name+i5.Source] = i5
+
+	i6 := fleet.HostSoftwareWithInstaller{
+		Name:   "i6",
+		Source: "apps",
+		Status: nil,
+		SoftwarePackage: &fleet.SoftwarePackageOrApp{Name: "installer-7.pkg", Version: "v7.0.0", SelfService: ptr.Bool(false),
+			LastUninstall: &fleet.HostSoftwareUninstall{ExecutionID: "uuid8"}},
+	}
+	expected[i6.Name+i6.Source] = i6
+
 	// request without available software
 	opts.IncludeAvailableForInstall = false
 	sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
 	require.NoError(t, err)
-	require.Equal(t, &fleet.PaginationMetadata{TotalResults: 7}, meta)
+	require.Equal(t, &fleet.PaginationMetadata{TotalResults: uint(len(expected))}, meta)
 	compareResults(expected, sw, true)
 
 	// request with available software
@@ -3591,7 +3655,7 @@ func testListHostSoftware(t *testing.T, ds *Datastore) {
 	opts.ListOptions.PerPage = 20
 	sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
 	require.NoError(t, err)
-	require.Equal(t, &fleet.PaginationMetadata{TotalResults: 8}, meta)
+	require.Equal(t, &fleet.PaginationMetadata{TotalResults: uint(len(expected)) - 1}, meta)
 	compareResults(expected, sw, true, i3.Name+i3.Source)
 
 	// request with available software only (attempted to install and never attempted to install)
@@ -3600,6 +3664,9 @@ func testListHostSoftware(t *testing.T, ds *Datastore) {
 	expectedAvailableOnly[i0.Name+i0.Source] = i0
 	expectedAvailableOnly[i1.Name+i1.Source] = i1
 	expectedAvailableOnly[i2.Name+i2.Source] = i2
+	expectedAvailableOnly[i4.Name+i4.Source] = i4
+	expectedAvailableOnly[i5.Name+i5.Source] = i5
+	expectedAvailableOnly[i6.Name+i6.Source] = i6
 	opts.OnlyAvailableForInstall = true
 	sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
 	require.NoError(t, err)
@@ -3613,7 +3680,7 @@ func testListHostSoftware(t *testing.T, ds *Datastore) {
 	opts.IncludeAvailableForInstall = false
 	sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
 	require.NoError(t, err)
-	require.Equal(t, &fleet.PaginationMetadata{TotalResults: 7}, meta)
+	require.Equal(t, &fleet.PaginationMetadata{TotalResults: uint(len(expected)) - 2}, meta)
 	compareResults(expected, sw, false, i2.Name+i2.Source, i3.Name+i3.Source)
 	opts.ListOptions.OrderDirection = fleet.OrderAscending
 	opts.ListOptions.TestSecondaryOrderDirection = fleet.OrderAscending
@@ -3642,7 +3709,7 @@ func testListHostSoftware(t *testing.T, ds *Datastore) {
 	expected[byNSV[b].Name+byNSV[b].Source] = fleet.HostSoftwareWithInstaller{
 		Name:            "b",
 		Source:          "apps",
-		Status:          expectStatus(fleet.SoftwareInstallerFailed),
+		Status:          expectStatus(fleet.SoftwareInstallFailed),
 		SoftwarePackage: &fleet.SoftwarePackageOrApp{Name: "installer-0.pkg", Version: "v0.0.0", SelfService: ptr.Bool(true), LastInstall: &fleet.HostSoftwareInstall{InstallUUID: "uuid1"}},
 		InstalledVersions: []*fleet.HostSoftwareInstalledVersion{
 			{Version: byNSV[b].Version, Vulnerabilities: []string{vulns[3].CVE}, InstalledPaths: []string{installPaths[2]}},
@@ -3651,7 +3718,7 @@ func testListHostSoftware(t *testing.T, ds *Datastore) {
 	expected[i1.Name+i1.Source] = fleet.HostSoftwareWithInstaller{
 		Name:            "i1",
 		Source:          "apps",
-		Status:          expectStatus(fleet.SoftwareInstallerPending),
+		Status:          expectStatus(fleet.SoftwareInstallPending),
 		SoftwarePackage: &fleet.SoftwarePackageOrApp{Name: "installer-2.pkg", Version: "v2.0.0", SelfService: ptr.Bool(false), LastInstall: &fleet.HostSoftwareInstall{InstallUUID: "uuid4"}},
 	}
 	expectedAvailableOnly[byNSV[b].Name+byNSV[b].Source] = expected[byNSV[b].Name+byNSV[b].Source]
@@ -3661,14 +3728,14 @@ func testListHostSoftware(t *testing.T, ds *Datastore) {
 	opts.IncludeAvailableForInstall = false
 	sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
 	require.NoError(t, err)
-	require.Equal(t, &fleet.PaginationMetadata{TotalResults: 7}, meta)
+	require.Equal(t, &fleet.PaginationMetadata{TotalResults: uint(len(expected)) - 2}, meta)
 	compareResults(expected, sw, true, i2.Name+i2.Source, i3.Name+i3.Source)
 
 	// request with available software)
 	opts.IncludeAvailableForInstall = true
 	sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
 	require.NoError(t, err)
-	require.Equal(t, &fleet.PaginationMetadata{TotalResults: 8}, meta)
+	require.Equal(t, &fleet.PaginationMetadata{TotalResults: uint(len(expected)) - 1}, meta)
 	compareResults(expected, sw, true, i3.Name+i3.Source)
 
 	// create a new host in the team, with no software
@@ -3775,13 +3842,13 @@ func testListHostSoftware(t *testing.T, ds *Datastore) {
 	expected["vpp1apps"] = fleet.HostSoftwareWithInstaller{
 		Name:        "vpp1",
 		Source:      "apps",
-		Status:      expectStatus(fleet.SoftwareInstallerInstalled),
+		Status:      expectStatus(fleet.SoftwareInstalled),
 		AppStoreApp: &fleet.SoftwarePackageOrApp{AppStoreID: vpp1, SelfService: ptr.Bool(false), LastInstall: &fleet.HostSoftwareInstall{CommandUUID: vpp1CmdUUID}},
 	}
 	expected["vpp2apps"] = fleet.HostSoftwareWithInstaller{
 		Name:        "vpp2",
 		Source:      "apps",
-		Status:      expectStatus(fleet.SoftwareInstallerPending),
+		Status:      expectStatus(fleet.SoftwareInstallPending),
 		AppStoreApp: &fleet.SoftwarePackageOrApp{AppStoreID: vpp2, SelfService: ptr.Bool(false), LastInstall: &fleet.HostSoftwareInstall{CommandUUID: vpp2bCmdUUID}},
 	}
 
@@ -3789,7 +3856,7 @@ func testListHostSoftware(t *testing.T, ds *Datastore) {
 	opts.ListOptions.MatchQuery = ""
 	sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
 	require.NoError(t, err)
-	require.Equal(t, &fleet.PaginationMetadata{TotalResults: 9}, meta)
+	require.Equal(t, &fleet.PaginationMetadata{TotalResults: uint(len(expected)) - 2}, meta)
 	compareResults(expected, sw, true, i3.Name+i3.Source, i2.Name+i2.Source) // i3 is for team, i2 is available (excluded)
 
 	expected["vpp3apps"] = fleet.HostSoftwareWithInstaller{
@@ -3805,7 +3872,7 @@ func testListHostSoftware(t *testing.T, ds *Datastore) {
 	opts.ListOptions.PerPage = 20
 	sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
 	require.NoError(t, err)
-	require.Equal(t, &fleet.PaginationMetadata{TotalResults: 11}, meta)
+	require.Equal(t, &fleet.PaginationMetadata{TotalResults: uint(len(expected)) - 1}, meta)
 	compareResults(expected, sw, true, i3.Name+i3.Source) // i3 is for team
 
 	// Available for install only
@@ -3826,7 +3893,7 @@ func testListHostSoftware(t *testing.T, ds *Datastore) {
 		"vpp1apps": {
 			Name:        "vpp1",
 			Source:      "apps",
-			Status:      expectStatus(fleet.SoftwareInstallerPending),
+			Status:      expectStatus(fleet.SoftwareInstallPending),
 			AppStoreApp: &fleet.SoftwarePackageOrApp{AppStoreID: vpp1, SelfService: ptr.Bool(false), LastInstall: &fleet.HostSoftwareInstall{CommandUUID: vpp1TmCmdUUID}},
 		},
 	}, sw, true)
@@ -3847,13 +3914,13 @@ func testListHostSoftware(t *testing.T, ds *Datastore) {
 		"i1apps": {
 			Name:            "i1",
 			Source:          "apps",
-			Status:          expectStatus(fleet.SoftwareInstallerPending),
+			Status:          expectStatus(fleet.SoftwareInstallPending),
 			SoftwarePackage: &fleet.SoftwarePackageOrApp{Name: "installer-2.pkg", Version: "v2.0.0", SelfService: ptr.Bool(false), LastInstall: &fleet.HostSoftwareInstall{InstallUUID: otherHostI1UUID}},
 		},
 		"i2apps": {
 			Name:            "i2",
 			Source:          "apps",
-			Status:          expectStatus(fleet.SoftwareInstallerPending),
+			Status:          expectStatus(fleet.SoftwareInstallPending),
 			SoftwarePackage: &fleet.SoftwarePackageOrApp{Name: "installer-3.pkg", Version: "v3.0.0", SelfService: ptr.Bool(false), LastInstall: &fleet.HostSoftwareInstall{InstallUUID: otherHostI2UUID}},
 		},
 	}
@@ -3868,37 +3935,40 @@ func testListHostSoftware(t *testing.T, ds *Datastore) {
 		{
 			opts:      fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{PerPage: 3}, IncludeAvailableForInstall: false},
 			wantNames: []string{byNSV[a1].Name, byNSV[a2].Name, byNSV[b].Name},
-			wantMeta:  &fleet.PaginationMetadata{HasNextResults: true, HasPreviousResults: false, TotalResults: 9},
+			wantMeta:  &fleet.PaginationMetadata{HasNextResults: true, HasPreviousResults: false, TotalResults: 12},
 		},
 		{
 			opts:      fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{Page: 1, PerPage: 3}, IncludeAvailableForInstall: false},
 			wantNames: []string{byNSV[c1].Name, byNSV[d].Name, i0.Name},
-			wantMeta:  &fleet.PaginationMetadata{HasNextResults: true, HasPreviousResults: true, TotalResults: 9},
+			wantMeta:  &fleet.PaginationMetadata{HasNextResults: true, HasPreviousResults: true, TotalResults: 12},
 		},
 		{
-			opts:      fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{Page: 2, PerPage: 3}, IncludeAvailableForInstall: false},
-			wantNames: []string{i1.Name, "vpp1", "vpp2"},
-			wantMeta:  &fleet.PaginationMetadata{HasNextResults: false, HasPreviousResults: true, TotalResults: 9},
+			opts: fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{Page: 3, PerPage: 3},
+				IncludeAvailableForInstall: false},
+			wantNames: []string{i6.Name, "vpp1", "vpp2"},
+			wantMeta:  &fleet.PaginationMetadata{HasNextResults: false, HasPreviousResults: true, TotalResults: 12},
 		},
 		{
-			opts:      fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{Page: 3, PerPage: 3}, IncludeAvailableForInstall: false},
+			opts: fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{Page: 4, PerPage: 3},
+				IncludeAvailableForInstall: false},
 			wantNames: []string{},
-			wantMeta:  &fleet.PaginationMetadata{HasNextResults: false, HasPreviousResults: true, TotalResults: 9},
+			wantMeta:  &fleet.PaginationMetadata{HasNextResults: false, HasPreviousResults: true, TotalResults: 12},
 		},
 		{
 			opts:      fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{PerPage: 4}, IncludeAvailableForInstall: true},
 			wantNames: []string{byNSV[a1].Name, byNSV[a2].Name, byNSV[b].Name, byNSV[c1].Name},
-			wantMeta:  &fleet.PaginationMetadata{HasNextResults: true, HasPreviousResults: false, TotalResults: 11},
+			wantMeta:  &fleet.PaginationMetadata{HasNextResults: true, HasPreviousResults: false, TotalResults: 14},
 		},
 		{
 			opts:      fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{Page: 1, PerPage: 4}, IncludeAvailableForInstall: true},
 			wantNames: []string{byNSV[d].Name, i0.Name, i1.Name, i2.Name},
-			wantMeta:  &fleet.PaginationMetadata{HasNextResults: true, HasPreviousResults: true, TotalResults: 11},
+			wantMeta:  &fleet.PaginationMetadata{HasNextResults: true, HasPreviousResults: true, TotalResults: 14},
 		},
 		{
-			opts:      fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{Page: 2, PerPage: 4}, IncludeAvailableForInstall: true},
-			wantNames: []string{"vpp1", "vpp2", "vpp3"},
-			wantMeta:  &fleet.PaginationMetadata{HasNextResults: false, HasPreviousResults: true, TotalResults: 11},
+			opts: fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{Page: 3, PerPage: 4},
+				IncludeAvailableForInstall: true},
+			wantNames: []string{"vpp2", "vpp3"},
+			wantMeta:  &fleet.PaginationMetadata{HasNextResults: false, HasPreviousResults: true, TotalResults: 14},
 		},
 		{
 			opts:      fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{PerPage: 3}, IncludeAvailableForInstall: true, SelfServiceOnly: true},
@@ -3913,12 +3983,13 @@ func testListHostSoftware(t *testing.T, ds *Datastore) {
 		{
 			opts:      fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{Page: 0, PerPage: 4}, OnlyAvailableForInstall: true},
 			wantNames: []string{byNSV[b].Name, "i0", "i1", "i2"},
-			wantMeta:  &fleet.PaginationMetadata{HasNextResults: true, HasPreviousResults: false, TotalResults: 7},
+			wantMeta:  &fleet.PaginationMetadata{HasNextResults: true, HasPreviousResults: false, TotalResults: 10},
 		},
 		{
-			opts:      fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{Page: 1, PerPage: 4}, OnlyAvailableForInstall: true},
-			wantNames: []string{"vpp1", "vpp2", "vpp3"},
-			wantMeta:  &fleet.PaginationMetadata{HasNextResults: false, HasPreviousResults: true, TotalResults: 7},
+			opts: fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{Page: 2, PerPage: 4},
+				OnlyAvailableForInstall: true},
+			wantNames: []string{"vpp2", "vpp3"},
+			wantMeta:  &fleet.PaginationMetadata{HasNextResults: false, HasPreviousResults: true, TotalResults: 10},
 		},
 	}
 	for _, c := range cases {
@@ -4204,13 +4275,13 @@ func testListIOSHostSoftware(t *testing.T, ds *Datastore) {
 	expected["vpp1ios_apps"] = fleet.HostSoftwareWithInstaller{
 		Name:        "vpp1",
 		Source:      "ios_apps",
-		Status:      expectStatus(fleet.SoftwareInstallerInstalled),
+		Status:      expectStatus(fleet.SoftwareInstalled),
 		AppStoreApp: &fleet.SoftwarePackageOrApp{AppStoreID: vpp1, SelfService: ptr.Bool(false), LastInstall: &fleet.HostSoftwareInstall{CommandUUID: vpp1CmdUUID}},
 	}
 	expected["vpp2ios_apps"] = fleet.HostSoftwareWithInstaller{
 		Name:        "vpp2",
 		Source:      "ios_apps",
-		Status:      expectStatus(fleet.SoftwareInstallerPending),
+		Status:      expectStatus(fleet.SoftwareInstallPending),
 		AppStoreApp: &fleet.SoftwarePackageOrApp{AppStoreID: vpp2, SelfService: ptr.Bool(false), LastInstall: &fleet.HostSoftwareInstall{CommandUUID: vpp2bCmdUUID}},
 	}
 
@@ -4267,6 +4338,14 @@ func testSetHostSoftwareInstallResult(t *testing.T, ds *Datastore) {
 		}
 		scriptContentID, _ := res.LastInsertId()
 
+		uninstallScript := `echo 'bar'`
+		resUninstall, err := q.ExecContext(ctx, `INSERT INTO script_contents (md5_checksum, contents) VALUES (UNHEX(md5(?)), ?)`,
+			uninstallScript, uninstallScript)
+		if err != nil {
+			return err
+		}
+		uninstallScriptContentID, _ := resUninstall.LastInsertId()
+
 		res, err = q.ExecContext(ctx, `INSERT INTO software_titles (name, source) VALUES ('foo', 'apps')`)
 		if err != nil {
 			return err
@@ -4275,10 +4354,10 @@ func testSetHostSoftwareInstallResult(t *testing.T, ds *Datastore) {
 
 		res, err = q.ExecContext(ctx, `
 			INSERT INTO software_installers
-				(title_id, filename, version, install_script_content_id, storage_id)
+				(title_id, filename, version, install_script_content_id, uninstall_script_content_id, storage_id)
 			VALUES
-				(?, ?, ?, ?, unhex(?))`,
-			titleID, "installer.pkg", "v1.0.0", scriptContentID, hex.EncodeToString([]byte("test")))
+				(?, ?, ?, ?, ?, unhex(?))`,
+			titleID, "installer.pkg", "v1.0.0", scriptContentID, uninstallScriptContentID, hex.EncodeToString([]byte("test")))
 		if err != nil {
 			return err
 		}
diff --git a/server/datastore/mysql/testing_utils.go b/server/datastore/mysql/testing_utils.go
index c4aa29d5fd..f3940eda31 100644
--- a/server/datastore/mysql/testing_utils.go
+++ b/server/datastore/mysql/testing_utils.go
@@ -495,6 +495,7 @@ func CreateNamedMySQLDS(t *testing.T, name string) *Datastore {
 }
 
 func ExecAdhocSQL(tb testing.TB, ds *Datastore, fn func(q sqlx.ExtContext) error) {
+	tb.Helper()
 	err := fn(ds.primary)
 	require.NoError(tb, err)
 }
diff --git a/server/datastore/mysql/vpp.go b/server/datastore/mysql/vpp.go
index b9e43ddf15..d40b41be81 100644
--- a/server/datastore/mysql/vpp.go
+++ b/server/datastore/mysql/vpp.go
@@ -101,9 +101,9 @@ WHERE
 		"mdm_status_acknowledged":   fleet.MDMAppleStatusAcknowledged,
 		"mdm_status_error":          fleet.MDMAppleStatusError,
 		"mdm_status_format_error":   fleet.MDMAppleStatusCommandFormatError,
-		"software_status_pending":   fleet.SoftwareInstallerPending,
-		"software_status_failed":    fleet.SoftwareInstallerFailed,
-		"software_status_installed": fleet.SoftwareInstallerInstalled,
+		"software_status_pending":   fleet.SoftwareInstallPending,
+		"software_status_failed":    fleet.SoftwareInstallFailed,
+		"software_status_installed": fleet.SoftwareInstalled,
 	})
 	if err != nil {
 		return nil, ctxerr.Wrap(ctx, err, "get summary host vpp installs: named query")
@@ -519,8 +519,8 @@ WHERE
 
 	listStmt, args, err := sqlx.Named(stmt, map[string]any{
 		"command_uuid":              commandResults.CommandUUID,
-		"software_status_failed":    string(fleet.SoftwareInstallerFailed),
-		"software_status_installed": string(fleet.SoftwareInstallerInstalled),
+		"software_status_failed":    string(fleet.SoftwareInstallFailed),
+		"software_status_installed": string(fleet.SoftwareInstalled),
 	})
 	if err != nil {
 		return nil, nil, ctxerr.Wrap(ctx, err, "build list query from named args")
@@ -547,14 +547,14 @@ WHERE
 	var status string
 	switch commandResults.Status {
 	case fleet.MDMAppleStatusAcknowledged:
-		status = string(fleet.SoftwareInstallerInstalled)
+		status = string(fleet.SoftwareInstalled)
 	case fleet.MDMAppleStatusCommandFormatError:
 	case fleet.MDMAppleStatusError:
-		status = string(fleet.SoftwareInstallerFailed)
+		status = string(fleet.SoftwareInstallFailed)
 	default:
 		// This case shouldn't happen (we should only be doing this check if the command is in a
 		// "terminal" state, but adding it so we have a default
-		status = string(fleet.SoftwareInstallerPending)
+		status = string(fleet.SoftwareInstallPending)
 	}
 
 	act := &fleet.ActivityInstalledAppStoreApp{
diff --git a/server/fleet/activities.go b/server/fleet/activities.go
index dca9c6ba60..b0b3079b5d 100644
--- a/server/fleet/activities.go
+++ b/server/fleet/activities.go
@@ -99,6 +99,7 @@ var ActivityDetailsList = []ActivityDetails{
 	ActivityTypeResentConfigurationProfile{},
 
 	ActivityTypeInstalledSoftware{},
+	ActivityTypeUninstalledSoftware{},
 	ActivityTypeAddedSoftware{},
 	ActivityTypeDeletedSoftware{},
 	ActivityEnabledVPP{},
@@ -1521,6 +1522,38 @@ func (a ActivityTypeInstalledSoftware) Documentation() (activity, details, detai
 }`
 }
 
+type ActivityTypeUninstalledSoftware struct {
+	HostID          uint   `json:"host_id"`
+	HostDisplayName string `json:"host_display_name"`
+	SoftwareTitle   string `json:"software_title"`
+	ExecutionID     string `json:"script_execution_id"`
+	Status          string `json:"status"`
+}
+
+func (a ActivityTypeUninstalledSoftware) ActivityName() string {
+	return "uninstalled_software"
+}
+
+func (a ActivityTypeUninstalledSoftware) HostIDs() []uint {
+	return []uint{a.HostID}
+}
+
+func (a ActivityTypeUninstalledSoftware) Documentation() (activity, details, detailsExample string) {
+	return `Generated when a software is uninstalled on a host.`,
+		`This activity contains the following fields:
+- "host_id": ID of the host.
+- "host_display_name": Display name of the host.
+- "software_title": Name of the software.
+- "script_execution_id": ID of the software uninstall script.
+- "status": Status of the software uninstallation.`, `{
+  "host_id": 1,
+  "host_display_name": "Anna's MacBook Pro",
+  "software_title": "Falcon.app",
+  "script_execution_id": "ece8d99d-4313-446a-9af2-e152cd1bad1e",
+  "status": "uninstalled"
+}`
+}
+
 type ActivityTypeAddedSoftware struct {
 	SoftwareTitle   string  `json:"software_title"`
 	SoftwarePackage string  `json:"software_package"`
diff --git a/server/fleet/datastore.go b/server/fleet/datastore.go
index 1c767c5148..921ec9d71a 100644
--- a/server/fleet/datastore.go
+++ b/server/fleet/datastore.go
@@ -532,6 +532,11 @@ type Datastore interface {
 	// software installer in the host. It returns the auto-generated installation
 	// uuid.
 	InsertSoftwareInstallRequest(ctx context.Context, hostID uint, softwareInstallerID uint, selfService bool) (string, error)
+	// InsertSoftwareUninstallRequest tracks a new request to uninstall the provided
+	// software installer on the host. executionID is the script execution ID corresponding to uninstall script
+	InsertSoftwareUninstallRequest(ctx context.Context, executionID string, hostID uint, softwareInstallerID uint) error
+	// GetSoftwareTitleNameFromExecutionID returns the software title name associated with the provided software install execution ID.
+	GetSoftwareTitleNameFromExecutionID(ctx context.Context, executionID string) (string, error)
 
 	///////////////////////////////////////////////////////////////////////////////
 	// SoftwareStore
@@ -1542,8 +1547,8 @@ type Datastore interface {
 	// SetHostScriptExecutionResult stores the result of a host script execution
 	// and returns the updated host script result record. Note that it does not
 	// fail if the script execution request does not exist, in this case it will
-	// return nil, nil.
-	SetHostScriptExecutionResult(ctx context.Context, result *HostScriptResultPayload) (*HostScriptResult, error)
+	// return nil, "", nil. action is populated if this script was an MDM action (lock/unlock/wipe/uninstall).
+	SetHostScriptExecutionResult(ctx context.Context, result *HostScriptResultPayload) (hsr *HostScriptResult, action string, err error)
 	// GetHostScriptExecutionResult returns the result of a host script
 	// execution. It returns the host script results even if no results have been
 	// received, it is the caller's responsibility to check if that was the case
@@ -1563,6 +1568,10 @@ type Datastore interface {
 	// script.
 	GetScriptContents(ctx context.Context, id uint) ([]byte, error)
 
+	// GetAnyScriptContents returns the raw script contents of the corresponding
+	// script, regardless whether it is present in the scripts table.
+	GetAnyScriptContents(ctx context.Context, id uint) ([]byte, error)
+
 	// DeleteScript deletes the script identified by its id.
 	DeleteScript(ctx context.Context, id uint) error
 
diff --git a/server/fleet/service.go b/server/fleet/service.go
index a7971cff02..c5624cbb20 100644
--- a/server/fleet/service.go
+++ b/server/fleet/service.go
@@ -637,6 +637,9 @@ type Service interface {
 	// InstallSoftwareTitle installs a software title in the given host.
 	InstallSoftwareTitle(ctx context.Context, hostID uint, softwareTitleID uint) error
 
+	// UninstallSoftwareTitle uninstalls a software title in the given host.
+	UninstallSoftwareTitle(ctx context.Context, hostID uint, softwareTitleID uint) error
+
 	// GetSoftwareInstallResults gets the results for a particular software install attempt.
 	GetSoftwareInstallResults(ctx context.Context, installUUID string) (*HostSoftwareInstallerResult, error)
 
diff --git a/server/fleet/software_installer.go b/server/fleet/software_installer.go
index 1e1566fc36..3893c63cf2 100644
--- a/server/fleet/software_installer.go
+++ b/server/fleet/software_installer.go
@@ -89,10 +89,14 @@ type SoftwareInstaller struct {
 	InstallScript string `json:"install_script" db:"install_script"`
 	// InstallScriptContentID is the ID of the install script content.
 	InstallScriptContentID uint `json:"-" db:"install_script_content_id"`
+	// UninstallScriptContentID is the ID of the uninstall script content.
+	UninstallScriptContentID uint `json:"-" db:"uninstall_script_content_id"`
 	// PreInstallQuery is the query to run as a condition to installing the software package.
 	PreInstallQuery string `json:"pre_install_query" db:"pre_install_query"`
 	// PostInstallScript is the script to run after installing the software package.
 	PostInstallScript string `json:"post_install_script" db:"post_install_script"`
+	// UninstallScript is the script to run to uninstall the software package.
+	UninstallScript string `json:"uninstall_script" db:"uninstall_script"`
 	// PostInstallScriptContentID is the ID of the post-install script content.
 	PostInstallScriptContentID *uint `json:"-" db:"post_install_script_content_id"`
 	// StorageID is the unique identifier for the software package in the software installer store.
@@ -117,27 +121,40 @@ func (s *SoftwareInstaller) AuthzType() string {
 type SoftwareInstallerStatusSummary struct {
 	// Installed is the number of hosts that have the software package installed.
 	Installed uint `json:"installed" db:"installed"`
-	// Pending is the number of hosts that have the software package pending installation.
-	Pending uint `json:"pending" db:"pending"`
-	// Failed is the number of hosts that have the software package installation failed.
-	Failed uint `json:"failed" db:"failed"`
+	// PendingInstall is the number of hosts that have the software package pending installation.
+	PendingInstall uint `json:"pending_install" db:"pending_install"`
+	// FailedInstall is the number of hosts that have the software package installation failed.
+	FailedInstall uint `json:"failed_install" db:"failed_install"`
+	// PendingUninstall is the number of hosts that have the software package pending installation.
+	PendingUninstall uint `json:"pending_uninstall" db:"pending_uninstall"`
+	// FailedInstall is the number of hosts that have the software package installation failed.
+	FailedUninstall uint `json:"failed_uninstall" db:"failed_uninstall"`
 }
 
 // SoftwareInstallerStatus represents the status of a software installer package on a host.
 type SoftwareInstallerStatus string
 
 const (
-	SoftwareInstallerPending   SoftwareInstallerStatus = "pending"
-	SoftwareInstallerFailed    SoftwareInstallerStatus = "failed"
-	SoftwareInstallerInstalled SoftwareInstallerStatus = "installed"
+	SoftwareInstallPending   SoftwareInstallerStatus = "pending_install"
+	SoftwareInstallFailed    SoftwareInstallerStatus = "failed_install"
+	SoftwareInstalled        SoftwareInstallerStatus = "installed"
+	SoftwareUninstallPending SoftwareInstallerStatus = "pending_uninstall"
+	SoftwareUninstallFailed  SoftwareInstallerStatus = "failed_uninstall"
+	// SoftwarePending and SoftwareFailed statuses are only used as filters in the API and are not stored in the database.
+	SoftwarePending SoftwareInstallerStatus = "pending" // either pending_install or pending_uninstall
+	SoftwareFailed  SoftwareInstallerStatus = "failed"  // either failed_install or failed_uninstall
 )
 
 func (s SoftwareInstallerStatus) IsValid() bool {
 	switch s {
 	case
-		SoftwareInstallerFailed,
-		SoftwareInstallerInstalled,
-		SoftwareInstallerPending:
+		SoftwarePending,
+		SoftwareFailed,
+		SoftwareUninstallPending,
+		SoftwareUninstallFailed,
+		SoftwareInstallFailed,
+		SoftwareInstalled,
+		SoftwareInstallPending:
 		return true
 	default:
 		return false
@@ -222,7 +239,7 @@ Rolled back successfully
 // EnhanceOutputDetails is used to add extra boilerplate/information to the
 // output fields so they're easier to consume by users.
 func (h *HostSoftwareInstallerResult) EnhanceOutputDetails() {
-	if h.Status == SoftwareInstallerPending {
+	if h.Status == SoftwareInstallPending {
 		return
 	}
 
@@ -282,6 +299,9 @@ type UploadSoftwareInstallerPayload struct {
 	SelfService       bool
 	UserID            uint
 	URL               string
+	PackageIDs        []string
+	UninstallScript   string
+	Extension         string
 }
 
 // DownloadSoftwareInstallerPayload is the payload for downloading a software installer.
@@ -349,11 +369,12 @@ type SoftwarePackageOrApp struct {
 	// Name is only present for software installer packages.
 	Name string `json:"name,omitempty"`
 
-	Version     string               `json:"version"`
-	SelfService *bool                `json:"self_service,omitempty"`
-	IconURL     *string              `json:"icon_url"`
-	LastInstall *HostSoftwareInstall `json:"last_install"`
-	PackageURL  *string              `json:"package_url"`
+	Version       string                 `json:"version"`
+	SelfService   *bool                  `json:"self_service,omitempty"`
+	IconURL       *string                `json:"icon_url"`
+	LastInstall   *HostSoftwareInstall   `json:"last_install"`
+	LastUninstall *HostSoftwareUninstall `json:"last_uninstall"`
+	PackageURL    *string                `json:"package_url"`
 }
 
 type SoftwarePackageSpec struct {
@@ -384,6 +405,14 @@ type HostSoftwareInstall struct {
 	InstalledAt time.Time `json:"installed_at"`
 }
 
+// HostSoftwareUninstall represents uninstallation of software from a host with a
+// Fleet software installer.
+type HostSoftwareUninstall struct {
+	// ExecutionID is the UUID of the script execution that uninstalled the software.
+	ExecutionID   string    `json:"script_execution_id,omitempty"`
+	UninstalledAt time.Time `json:"uninstalled_at"`
+}
+
 // HostSoftwareInstalledVersion represents a version of software installed on a
 // host.
 type HostSoftwareInstalledVersion struct {
@@ -417,17 +446,17 @@ type HostSoftwareInstallResultPayload struct {
 func (h *HostSoftwareInstallResultPayload) Status() SoftwareInstallerStatus {
 	switch {
 	case h.PostInstallScriptExitCode != nil && *h.PostInstallScriptExitCode == 0:
-		return SoftwareInstallerInstalled
+		return SoftwareInstalled
 	case h.PostInstallScriptExitCode != nil && *h.PostInstallScriptExitCode != 0:
-		return SoftwareInstallerFailed
+		return SoftwareInstallFailed
 	case h.InstallScriptExitCode != nil && *h.InstallScriptExitCode == 0:
-		return SoftwareInstallerInstalled
+		return SoftwareInstalled
 	case h.InstallScriptExitCode != nil && *h.InstallScriptExitCode != 0:
-		return SoftwareInstallerFailed
+		return SoftwareInstallFailed
 	case h.PreInstallConditionOutput != nil && *h.PreInstallConditionOutput == "":
-		return SoftwareInstallerFailed
+		return SoftwareInstallFailed
 	default:
-		return SoftwareInstallerPending
+		return SoftwareInstallPending
 	}
 }
 
diff --git a/server/fleet/software_test.go b/server/fleet/software_test.go
index 236eb896a3..34b583f66f 100644
--- a/server/fleet/software_test.go
+++ b/server/fleet/software_test.go
@@ -89,7 +89,7 @@ func TestEnhanceOutputDetails(t *testing.T) {
 		{
 			name: "pending status",
 			initial: HostSoftwareInstallerResult{
-				Status: SoftwareInstallerPending,
+				Status: SoftwareInstallPending,
 			},
 			expectedPreInstallQueryOutput:   nil,
 			expectedOutput:                  nil,
@@ -98,7 +98,7 @@ func TestEnhanceOutputDetails(t *testing.T) {
 		{
 			name: "non-pending status with empty PreInstallQueryOutput",
 			initial: HostSoftwareInstallerResult{
-				Status:                SoftwareInstallerInstalled,
+				Status:                SoftwareInstalled,
 				PreInstallQueryOutput: ptr.String(""),
 			},
 			expectedPreInstallQueryOutput:   ptr.String(SoftwareInstallerQueryFailCopy),
@@ -108,7 +108,7 @@ func TestEnhanceOutputDetails(t *testing.T) {
 		{
 			name: "non-pending status with non-empty PreInstallQueryOutput",
 			initial: HostSoftwareInstallerResult{
-				Status:                SoftwareInstallerInstalled,
+				Status:                SoftwareInstalled,
 				PreInstallQueryOutput: ptr.String("Some output"),
 			},
 			expectedPreInstallQueryOutput:   ptr.String(SoftwareInstallerQuerySuccessCopy),
@@ -118,7 +118,7 @@ func TestEnhanceOutputDetails(t *testing.T) {
 		{
 			name: "non-pending status with nil PreInstallQueryOutput",
 			initial: HostSoftwareInstallerResult{
-				Status: SoftwareInstallerInstalled,
+				Status: SoftwareInstalled,
 			},
 			expectedPreInstallQueryOutput:   nil,
 			expectedOutput:                  nil,
@@ -127,7 +127,7 @@ func TestEnhanceOutputDetails(t *testing.T) {
 		{
 			name: "non-pending status with install scripts disabled",
 			initial: HostSoftwareInstallerResult{
-				Status:                SoftwareInstallerInstalled,
+				Status:                SoftwareInstalled,
 				InstallScriptExitCode: ptr.Int(-2),
 				Output:                ptr.String(""),
 			},
@@ -138,7 +138,7 @@ func TestEnhanceOutputDetails(t *testing.T) {
 		{
 			name: "non-pending status with failed install script",
 			initial: HostSoftwareInstallerResult{
-				Status:                SoftwareInstallerFailed,
+				Status:                SoftwareInstallFailed,
 				InstallScriptExitCode: ptr.Int(1),
 				Output:                ptr.String("Some install output"),
 			},
@@ -149,7 +149,7 @@ func TestEnhanceOutputDetails(t *testing.T) {
 		{
 			name: "non-pending status with successful install script",
 			initial: HostSoftwareInstallerResult{
-				Status:                SoftwareInstallerInstalled,
+				Status:                SoftwareInstalled,
 				InstallScriptExitCode: ptr.Int(0),
 				Output:                ptr.String("Some install output"),
 			},
@@ -160,7 +160,7 @@ func TestEnhanceOutputDetails(t *testing.T) {
 		{
 			name: "non-pending status with successful post install script",
 			initial: HostSoftwareInstallerResult{
-				Status:                    SoftwareInstallerInstalled,
+				Status:                    SoftwareInstalled,
 				InstallScriptExitCode:     ptr.Int(0),
 				Output:                    ptr.String("Some install output"),
 				PostInstallScriptExitCode: ptr.Int(0),
@@ -173,7 +173,7 @@ func TestEnhanceOutputDetails(t *testing.T) {
 		{
 			name: "non-pending status with failed post install script",
 			initial: HostSoftwareInstallerResult{
-				Status:                    SoftwareInstallerInstalled,
+				Status:                    SoftwareInstalled,
 				InstallScriptExitCode:     ptr.Int(0),
 				Output:                    ptr.String("Some install output"),
 				PostInstallScriptExitCode: ptr.Int(1),
diff --git a/server/mock/datastore_mock.go b/server/mock/datastore_mock.go
index 2b933b50ca..33efcf575b 100644
--- a/server/mock/datastore_mock.go
+++ b/server/mock/datastore_mock.go
@@ -398,6 +398,10 @@ type SoftwareTitleByIDFunc func(ctx context.Context, id uint, teamID *uint, tmFi
 
 type InsertSoftwareInstallRequestFunc func(ctx context.Context, hostID uint, softwareInstallerID uint, selfService bool) (string, error)
 
+type InsertSoftwareUninstallRequestFunc func(ctx context.Context, executionID string, hostID uint, softwareInstallerID uint) error
+
+type GetSoftwareTitleNameFromExecutionIDFunc func(ctx context.Context, executionID string) (string, error)
+
 type ListSoftwareForVulnDetectionFunc func(ctx context.Context, filter fleet.VulnSoftwareFilter) ([]fleet.Software, error)
 
 type ListSoftwareVulnerabilitiesByHostIDsSourceFunc func(ctx context.Context, hostIDs []uint, source fleet.VulnerabilitySource) (map[uint][]fleet.SoftwareVulnerability, error)
@@ -982,7 +986,7 @@ type SetOrUpdateMDMAppleDeclarationFunc func(ctx context.Context, declaration *f
 
 type NewHostScriptExecutionRequestFunc func(ctx context.Context, request *fleet.HostScriptRequestPayload) (*fleet.HostScriptResult, error)
 
-type SetHostScriptExecutionResultFunc func(ctx context.Context, result *fleet.HostScriptResultPayload) (*fleet.HostScriptResult, error)
+type SetHostScriptExecutionResultFunc func(ctx context.Context, result *fleet.HostScriptResultPayload) (hsr *fleet.HostScriptResult, action string, err error)
 
 type GetHostScriptExecutionResultFunc func(ctx context.Context, execID string) (*fleet.HostScriptResult, error)
 
@@ -994,6 +998,8 @@ type ScriptFunc func(ctx context.Context, id uint) (*fleet.Script, error)
 
 type GetScriptContentsFunc func(ctx context.Context, id uint) ([]byte, error)
 
+type GetAnyScriptContentsFunc func(ctx context.Context, id uint) ([]byte, error)
+
 type DeleteScriptFunc func(ctx context.Context, id uint) error
 
 type ListScriptsFunc func(ctx context.Context, teamID *uint, opt fleet.ListOptions) ([]*fleet.Script, *fleet.PaginationMetadata, error)
@@ -1638,6 +1644,12 @@ type DataStore struct {
 	InsertSoftwareInstallRequestFunc        InsertSoftwareInstallRequestFunc
 	InsertSoftwareInstallRequestFuncInvoked bool
 
+	InsertSoftwareUninstallRequestFunc        InsertSoftwareUninstallRequestFunc
+	InsertSoftwareUninstallRequestFuncInvoked bool
+
+	GetSoftwareTitleNameFromExecutionIDFunc        GetSoftwareTitleNameFromExecutionIDFunc
+	GetSoftwareTitleNameFromExecutionIDFuncInvoked bool
+
 	ListSoftwareForVulnDetectionFunc        ListSoftwareForVulnDetectionFunc
 	ListSoftwareForVulnDetectionFuncInvoked bool
 
@@ -2532,6 +2544,9 @@ type DataStore struct {
 	GetScriptContentsFunc        GetScriptContentsFunc
 	GetScriptContentsFuncInvoked bool
 
+	GetAnyScriptContentsFunc        GetAnyScriptContentsFunc
+	GetAnyScriptContentsFuncInvoked bool
+
 	DeleteScriptFunc        DeleteScriptFunc
 	DeleteScriptFuncInvoked bool
 
@@ -3972,6 +3987,20 @@ func (s *DataStore) InsertSoftwareInstallRequest(ctx context.Context, hostID uin
 	return s.InsertSoftwareInstallRequestFunc(ctx, hostID, softwareInstallerID, selfService)
 }
 
+func (s *DataStore) InsertSoftwareUninstallRequest(ctx context.Context, executionID string, hostID uint, softwareInstallerID uint) error {
+	s.mu.Lock()
+	s.InsertSoftwareUninstallRequestFuncInvoked = true
+	s.mu.Unlock()
+	return s.InsertSoftwareUninstallRequestFunc(ctx, executionID, hostID, softwareInstallerID)
+}
+
+func (s *DataStore) GetSoftwareTitleNameFromExecutionID(ctx context.Context, executionID string) (string, error) {
+	s.mu.Lock()
+	s.GetSoftwareTitleNameFromExecutionIDFuncInvoked = true
+	s.mu.Unlock()
+	return s.GetSoftwareTitleNameFromExecutionIDFunc(ctx, executionID)
+}
+
 func (s *DataStore) ListSoftwareForVulnDetection(ctx context.Context, filter fleet.VulnSoftwareFilter) ([]fleet.Software, error) {
 	s.mu.Lock()
 	s.ListSoftwareForVulnDetectionFuncInvoked = true
@@ -6016,7 +6045,7 @@ func (s *DataStore) NewHostScriptExecutionRequest(ctx context.Context, request *
 	return s.NewHostScriptExecutionRequestFunc(ctx, request)
 }
 
-func (s *DataStore) SetHostScriptExecutionResult(ctx context.Context, result *fleet.HostScriptResultPayload) (*fleet.HostScriptResult, error) {
+func (s *DataStore) SetHostScriptExecutionResult(ctx context.Context, result *fleet.HostScriptResultPayload) (hsr *fleet.HostScriptResult, action string, err error) {
 	s.mu.Lock()
 	s.SetHostScriptExecutionResultFuncInvoked = true
 	s.mu.Unlock()
@@ -6058,6 +6087,13 @@ func (s *DataStore) GetScriptContents(ctx context.Context, id uint) ([]byte, err
 	return s.GetScriptContentsFunc(ctx, id)
 }
 
+func (s *DataStore) GetAnyScriptContents(ctx context.Context, id uint) ([]byte, error) {
+	s.mu.Lock()
+	s.GetAnyScriptContentsFuncInvoked = true
+	s.mu.Unlock()
+	return s.GetAnyScriptContentsFunc(ctx, id)
+}
+
 func (s *DataStore) DeleteScript(ctx context.Context, id uint) error {
 	s.mu.Lock()
 	s.DeleteScriptFuncInvoked = true
diff --git a/server/service/handler.go b/server/service/handler.go
index c7b8c11cb4..d7b255956f 100644
--- a/server/service/handler.go
+++ b/server/service/handler.go
@@ -367,7 +367,10 @@ func attachFleetAPIRoutes(r *mux.Router, svc fleet.Service, config config.FleetC
 
 	ue.GET("/api/_version_/fleet/software/titles", listSoftwareTitlesEndpoint, listSoftwareTitlesRequest{})
 	ue.GET("/api/_version_/fleet/software/titles/{id:[0-9]+}", getSoftwareTitleEndpoint, getSoftwareTitleRequest{})
-	ue.POST("/api/_version_/fleet/hosts/{host_id:[0-9]+}/software/install/{software_title_id:[0-9]+}", installSoftwareTitleEndpoint, installSoftwareRequest{})
+	ue.POST("/api/_version_/fleet/hosts/{host_id:[0-9]+}/software/{software_title_id:[0-9]+}/install", installSoftwareTitleEndpoint,
+		installSoftwareRequest{})
+	ue.POST("/api/_version_/fleet/hosts/{host_id:[0-9]+}/software/{software_title_id:[0-9]+}/uninstall", uninstallSoftwareTitleEndpoint,
+		uninstallSoftwareRequest{})
 
 	// Sofware installers
 	ue.GET("/api/_version_/fleet/software/titles/{title_id:[0-9]+}/package", getSoftwareInstallerEndpoint, getSoftwareInstallerRequest{})
@@ -375,7 +378,8 @@ func attachFleetAPIRoutes(r *mux.Router, svc fleet.Service, config config.FleetC
 		getSoftwareInstallerRequest{})
 	ue.POST("/api/_version_/fleet/software/package", uploadSoftwareInstallerEndpoint, uploadSoftwareInstallerRequest{})
 	ue.DELETE("/api/_version_/fleet/software/titles/{title_id:[0-9]+}/available_for_install", deleteSoftwareInstallerEndpoint, deleteSoftwareInstallerRequest{})
-	ue.GET("/api/_version_/fleet/software/install/results/{install_uuid}", getSoftwareInstallResultsEndpoint, getSoftwareInstallResultsRequest{})
+	ue.GET("/api/_version_/fleet/software/install/{install_uuid}/results", getSoftwareInstallResultsEndpoint,
+		getSoftwareInstallResultsRequest{})
 	ue.POST("/api/_version_/fleet/software/batch", batchSetSoftwareInstallersEndpoint, batchSetSoftwareInstallersRequest{})
 
 	// App store software
diff --git a/server/service/integration_enterprise_test.go b/server/service/integration_enterprise_test.go
index 96bd651883..d739a0649f 100644
--- a/server/service/integration_enterprise_test.go
+++ b/server/service/integration_enterprise_test.go
@@ -5906,7 +5906,7 @@ func (s *integrationEnterpriseTestSuite) TestRunHostScript() {
 				case r := <-resultsCh:
 					r.ExecutionID = pending[0].ExecutionID
 					// ignoring errors in this goroutine, the HTTP request below will fail if this fails
-					_, err = s.ds.SetHostScriptExecutionResult(ctx, r)
+					_, _, err = s.ds.SetHostScriptExecutionResult(ctx, r)
 					if err != nil {
 						t.Log(err)
 					}
@@ -9960,7 +9960,7 @@ func (s *integrationEnterpriseTestSuite) TestListHostSoftware() {
 
 	// request installation on the host
 	var installResp installSoftwareResponse
-	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/install/%d",
+	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/%d/install",
 		host.ID, titleID), nil, http.StatusAccepted, &installResp)
 
 	// still returned by user-authenticated endpoint, now pending
@@ -9974,7 +9974,7 @@ func (s *integrationEnterpriseTestSuite) TestListHostSoftware() {
 	require.NotNil(t, getHostSw.Software[2].SoftwarePackage)
 	require.Equal(t, "ruby.deb", getHostSw.Software[2].SoftwarePackage.Name)
 	require.NotNil(t, getHostSw.Software[2].Status)
-	require.Equal(t, fleet.SoftwareInstallerPending, *getHostSw.Software[2].Status)
+	require.Equal(t, fleet.SoftwareInstallPending, *getHostSw.Software[2].Status)
 	require.NotNil(t, getHostSw.Software[2].SoftwarePackage.SelfService)
 	require.True(t, *getHostSw.Software[2].SoftwarePackage.SelfService)
 
@@ -9995,7 +9995,7 @@ func (s *integrationEnterpriseTestSuite) TestListHostSoftware() {
 	require.Equal(t, getDeviceSw.Software[2].Name, "ruby")
 	require.Len(t, getDeviceSw.Software[1].InstalledVersions, 2)
 	require.NotNil(t, getDeviceSw.Software[2].Status)
-	require.Equal(t, fleet.SoftwareInstallerPending, *getDeviceSw.Software[2].Status)
+	require.Equal(t, fleet.SoftwareInstallPending, *getDeviceSw.Software[2].Status)
 	require.NotNil(t, getDeviceSw.Software[2].SoftwarePackage)
 	require.Nil(t, getDeviceSw.Software[2].AppStoreApp)
 	require.NotNil(t, getDeviceSw.Software[2].SoftwarePackage.SelfService)
@@ -10866,6 +10866,14 @@ func (s *integrationEnterpriseTestSuite) TestSoftwareInstallerNewInstallRequestP
 			}
 			scriptContentID, _ := res.LastInsertId()
 
+			uninstallScript := fmt.Sprintf(`echo uninstall '%s'`, kind)
+			resUninstall, err := q.ExecContext(ctx, `INSERT INTO script_contents (md5_checksum, contents) VALUES (UNHEX(md5(?)), ?)`,
+				uninstallScript, uninstallScript)
+			if err != nil {
+				return err
+			}
+			uninstallScriptContentID, _ := resUninstall.LastInsertId()
+
 			res, err = q.ExecContext(ctx, `INSERT INTO software_titles (name, source) VALUES ('foo', ?)`, kind)
 			if err != nil {
 				return err
@@ -10875,10 +10883,11 @@ func (s *integrationEnterpriseTestSuite) TestSoftwareInstallerNewInstallRequestP
 
 			_, err = q.ExecContext(ctx, `
 			INSERT INTO software_installers
-				(title_id, filename, version, install_script_content_id, storage_id, team_id, global_or_team_id, pre_install_query)
+				(title_id, filename, version, install_script_content_id, uninstall_script_content_id, storage_id, team_id, global_or_team_id, pre_install_query)
 			VALUES
-				(?, ?, ?, ?, unhex(?), ?, ?, ?)`,
-				titleID, fmt.Sprintf("installer.%s", kind), "v1.0.0", scriptContentID, hex.EncodeToString([]byte("test")), tm.ID, tm.ID, "foo")
+				(?, ?, ?, ?, ?, unhex(?), ?, ?, ?)`,
+				titleID, fmt.Sprintf("installer.%s", kind), "v1.0.0", scriptContentID, uninstallScriptContentID,
+				hex.EncodeToString([]byte("test")), tm.ID, tm.ID, "foo")
 			return err
 		})
 	}
@@ -10901,7 +10910,8 @@ func (s *integrationEnterpriseTestSuite) TestSoftwareInstallerNewInstallRequestP
 				}
 
 				var resp installSoftwareResponse
-				s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/install/%d", host.ID, softwareTitles[kind]), nil, wantStatus, &resp)
+				s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/%d/install", host.ID, softwareTitles[kind]), nil,
+					wantStatus, &resp)
 			}
 		}
 	}
@@ -10927,7 +10937,8 @@ func (s *integrationEnterpriseTestSuite) TestSoftwareInstallerHostRequests() {
 
 	var resp installSoftwareResponse
 	// non-existent host
-	s.DoJSON("POST", "/api/latest/fleet/hosts/1/software/install/1", nil, http.StatusNotFound, &resp)
+	s.DoJSON("POST", "/api/latest/fleet/hosts/1/software/1/install", nil, http.StatusNotFound, &resp)
+	s.DoJSON("POST", "/api/latest/fleet/hosts/1/software/1/uninstall", nil, http.StatusNotFound, &resp)
 
 	// create a host that doesn't have fleetd installed
 	h, err := s.ds.NewHost(context.Background(), &fleet.Host{
@@ -10947,29 +10958,65 @@ func (s *integrationEnterpriseTestSuite) TestSoftwareInstallerHostRequests() {
 
 	// request fails
 	resp = installSoftwareResponse{}
-	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/install/1", h.ID), nil, http.StatusUnprocessableEntity, &resp)
+	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/1/install", h.ID), nil, http.StatusUnprocessableEntity, &resp)
+	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/1/uninstall", h.ID), nil, http.StatusUnprocessableEntity, &resp)
 
 	// host installs fleetd
-	setOrbitEnrollment(t, h, s.ds)
+	orbitKey := setOrbitEnrollment(t, h, s.ds)
+	h.OrbitNodeKey = &orbitKey
 
 	// request fails because of non-existent title
 	resp = installSoftwareResponse{}
-	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/install/1", h.ID), nil, http.StatusBadRequest, &resp)
+	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/1/install", h.ID), nil, http.StatusBadRequest, &resp)
+	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/1/uninstall", h.ID), nil, http.StatusBadRequest, &resp)
 
 	payload := &fleet.UploadSoftwareInstallerPayload{
 		InstallScript:     "another install script",
 		PreInstallQuery:   "another pre install query",
 		PostInstallScript: "another post install script",
+		UninstallScript:   "another uninstall script with $PACKAGE_ID",
 		Filename:          "ruby.deb",
 		Title:             "ruby",
 		TeamID:            teamID,
 	}
 	s.uploadSoftwareInstaller(payload, http.StatusOK, "")
+	titleID := getSoftwareTitleID(t, s.ds, payload.Title, "deb_packages")
+
+	// Get title with software installer
+	respTitle := getSoftwareTitleResponse{}
+	s.DoJSON("GET", fmt.Sprintf("/api/latest/fleet/software/titles/%d", titleID), nil, http.StatusOK, &respTitle, "team_id",
+		fmt.Sprintf("%d", *teamID))
+	require.NotNil(t, respTitle.SoftwareTitle.SoftwarePackage)
+	assert.Equal(t, "another install script", respTitle.SoftwareTitle.SoftwarePackage.InstallScript)
+	assert.Equal(t, `another uninstall script with "ruby"`, respTitle.SoftwareTitle.SoftwarePackage.UninstallScript)
+
+	// Upload another package for another platform
+	payloadDummy := &fleet.UploadSoftwareInstallerPayload{
+		Filename: "dummy_installer.pkg",
+		Title:    "DummyApp.app",
+		TeamID:   teamID,
+	}
+	s.uploadSoftwareInstaller(payloadDummy, http.StatusOK, "")
+	pkgTitleID := getSoftwareTitleID(t, s.ds, payloadDummy.Title, "apps")
+	s.DoJSON("GET", fmt.Sprintf("/api/latest/fleet/software/titles/%d", pkgTitleID), nil, http.StatusOK, &respTitle, "team_id",
+		fmt.Sprintf("%d", *teamID))
+	require.NotNil(t, respTitle.SoftwareTitle.SoftwarePackage)
+	assert.NotEmpty(t, respTitle.SoftwareTitle.SoftwarePackage.InstallScript)
+	assert.NotEmpty(t, respTitle.SoftwareTitle.SoftwarePackage.UninstallScript)
+	assert.NotContains(t, respTitle.SoftwareTitle.SoftwarePackage.UninstallScript, "$PACKAGE_ID")
+	assert.Contains(t, respTitle.SoftwareTitle.SoftwarePackage.UninstallScript, "com.example.dummy")
+
+	// install/uninstall request fails for the wrong platform
+	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/%d/install", h.ID, pkgTitleID), nil, http.StatusBadRequest, &resp)
+	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/%d/uninstall", h.ID, pkgTitleID), nil, http.StatusBadRequest, &resp)
+
+	// delete software installer which we will not use
+	s.Do("DELETE", fmt.Sprintf("/api/latest/fleet/software/titles/%d/available_for_install", pkgTitleID), nil, http.StatusNoContent,
+		"team_id", fmt.Sprintf("%d", *teamID))
 
 	// install script request succeeds
-	titleID := getSoftwareTitleID(t, s.ds, payload.Title, "deb_packages")
 	resp = installSoftwareResponse{}
-	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/install/%d", h.ID, titleID), nil, http.StatusAccepted, &resp)
+	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/%d/install", h.ID, titleID), nil, http.StatusAccepted, &resp)
 
 	// Get the results, should be pending
 	getHostSoftwareResp := getHostSoftwareResponse{}
@@ -10978,16 +11025,21 @@ func (s *integrationEnterpriseTestSuite) TestSoftwareInstallerHostRequests() {
 	require.NotNil(t, getHostSoftwareResp.Software[0].SoftwarePackage)
 	require.NotNil(t, getHostSoftwareResp.Software[0].SoftwarePackage.LastInstall)
 	require.NotNil(t, getHostSoftwareResp.Software[0].Status)
-	require.Equal(t, fleet.SoftwareInstallerPending, *getHostSoftwareResp.Software[0].Status)
+	require.Equal(t, fleet.SoftwareInstallPending, *getHostSoftwareResp.Software[0].Status)
+	assert.Nil(t, getHostSoftwareResp.Software[0].SoftwarePackage.LastUninstall)
 	installUUID := getHostSoftwareResp.Software[0].SoftwarePackage.LastInstall.InstallUUID
 
 	gsirr := getSoftwareInstallResultsResponse{}
-	s.DoJSON("GET", fmt.Sprintf("/api/latest/fleet/software/install/results/%s", installUUID), nil, http.StatusOK, &gsirr)
+	s.DoJSON("GET", fmt.Sprintf("/api/latest/fleet/software/install/%s/results", installUUID), nil, http.StatusOK, &gsirr)
 	require.NoError(t, gsirr.Err)
 	require.NotNil(t, gsirr.Results)
 	results := gsirr.Results
 	require.Equal(t, installUUID, results.InstallUUID)
-	require.Equal(t, fleet.SoftwareInstallerPending, results.Status)
+	require.Equal(t, fleet.SoftwareInstallPending, results.Status)
+
+	// Can't install/uninstall if software install is pending
+	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/%d/install", h.ID, titleID), nil, http.StatusBadRequest, &resp)
+	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/%d/uninstall", h.ID, titleID), nil, http.StatusBadRequest, &resp)
 
 	// create 3 more hosts, will have statuses installed, failed and one with two
 	// install requests - one failed and the latest install pending
@@ -10997,7 +11049,7 @@ func (s *integrationEnterpriseTestSuite) TestSoftwareInstallerHostRequests() {
 	err = s.ds.AddHostsToTeam(context.Background(), teamID, []uint{h2.ID, h3.ID, h4.ID})
 	require.NoError(t, err)
 
-	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/install/%d", h2.ID, titleID), nil, http.StatusAccepted, &resp)
+	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/%d/install", h2.ID, titleID), nil, http.StatusAccepted, &resp)
 	s.DoJSON("GET", fmt.Sprintf("/api/latest/fleet/hosts/%d/software", h2.ID), nil, http.StatusOK, &getHostSoftwareResp)
 	require.Len(t, getHostSoftwareResp.Software, 1)
 	installUUID2 := getHostSoftwareResp.Software[0].SoftwarePackage.LastInstall.InstallUUID
@@ -11009,7 +11061,7 @@ func (s *integrationEnterpriseTestSuite) TestSoftwareInstallerHostRequests() {
 			"install_script_output": "ok"
 		}`, *h2.OrbitNodeKey, installUUID2)), http.StatusNoContent)
 
-	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/install/%d", h3.ID, titleID), nil, http.StatusAccepted, &resp)
+	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/%d/install", h3.ID, titleID), nil, http.StatusAccepted, &resp)
 	s.DoJSON("GET", fmt.Sprintf("/api/latest/fleet/hosts/%d/software", h3.ID), nil, http.StatusOK, &getHostSoftwareResp)
 	require.Len(t, getHostSoftwareResp.Software, 1)
 	installUUID3 := getHostSoftwareResp.Software[0].SoftwarePackage.LastInstall.InstallUUID
@@ -11021,7 +11073,7 @@ func (s *integrationEnterpriseTestSuite) TestSoftwareInstallerHostRequests() {
 			"install_script_output": "failed"
 		}`, *h3.OrbitNodeKey, installUUID3)), http.StatusNoContent)
 
-	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/install/%d", h4.ID, titleID), nil, http.StatusAccepted, &resp)
+	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/%d/install", h4.ID, titleID), nil, http.StatusAccepted, &resp)
 	s.DoJSON("GET", fmt.Sprintf("/api/latest/fleet/hosts/%d/software", h4.ID), nil, http.StatusOK, &getHostSoftwareResp)
 	require.Len(t, getHostSoftwareResp.Software, 1)
 	installUUID4a := getHostSoftwareResp.Software[0].SoftwarePackage.LastInstall.InstallUUID
@@ -11031,7 +11083,7 @@ func (s *integrationEnterpriseTestSuite) TestSoftwareInstallerHostRequests() {
 			"pre_install_condition_output": ""
 		}`, *h4.OrbitNodeKey, installUUID4a)), http.StatusNoContent)
 
-	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/install/%d", h4.ID, titleID), nil, http.StatusAccepted, &resp)
+	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/%d/install", h4.ID, titleID), nil, http.StatusAccepted, &resp)
 	s.DoJSON("GET", fmt.Sprintf("/api/latest/fleet/hosts/%d/software", h4.ID), nil, http.StatusOK, &getHostSoftwareResp)
 	require.Len(t, getHostSoftwareResp.Software, 1)
 	installUUID4b := getHostSoftwareResp.Software[0].SoftwarePackage.LastInstall.InstallUUID
@@ -11047,9 +11099,9 @@ func (s *integrationEnterpriseTestSuite) TestSoftwareInstallerHostRequests() {
 	require.Equal(t, "ruby.deb", titleResp.SoftwareTitle.SoftwarePackage.Name)
 	require.NotNil(t, titleResp.SoftwareTitle.SoftwarePackage.Status)
 	require.Equal(t, fleet.SoftwareInstallerStatusSummary{
-		Installed: 1,
-		Pending:   2,
-		Failed:    1,
+		Installed:      1,
+		PendingInstall: 2,
+		FailedInstall:  1,
 	}, *titleResp.SoftwareTitle.SoftwarePackage.Status)
 
 	// status is reflected in list hosts responses and counts when filtering by software title and status
@@ -11159,7 +11211,101 @@ func (s *integrationEnterpriseTestSuite) TestSoftwareInstallerHostRequests() {
 	assert.Nil(t, getHostSoftwareResp.Software[0].SoftwarePackage.LastInstall)
 	assert.Empty(t, getHostSoftwareResp.Software[0].InstalledVersions, "Installed versions should now not exist")
 
-	// Access software install result after host is deleted
+	// Mark original install successful
+	s.Do("POST", "/api/fleet/orbit/software_install/result", json.RawMessage(fmt.Sprintf(`{
+			"orbit_node_key": %q,
+			"install_uuid": %q,
+			"pre_install_condition_output": "ok",
+			"install_script_exit_code": 0,
+			"install_script_output": "ok"
+		}`, *h.OrbitNodeKey, installUUID)), http.StatusNoContent)
+
+	// Do uninstall
+	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/%d/uninstall", h.ID, titleID), nil, http.StatusAccepted, &resp)
+	s.DoJSON("GET", fmt.Sprintf("/api/latest/fleet/hosts/%d/software", h.ID), nil, http.StatusOK, &getHostSoftwareResp)
+	require.Len(t, getHostSoftwareResp.Software, 1)
+	assert.NotNil(t, getHostSoftwareResp.Software[0].SoftwarePackage.LastInstall)
+	assert.Equal(t, fleet.SoftwareUninstallPending, *getHostSoftwareResp.Software[0].Status)
+	require.NotNil(t, getHostSoftwareResp.Software[0].SoftwarePackage.LastUninstall)
+	uninstallExecutionID := getHostSoftwareResp.Software[0].SoftwarePackage.LastUninstall.ExecutionID
+
+	// Uninstall should show up as a pending activity
+	var listUpcomingAct listHostUpcomingActivitiesResponse
+	s.DoJSON("GET", fmt.Sprintf("/api/latest/fleet/hosts/%d/activities/upcoming", h.ID), nil, http.StatusOK, &listUpcomingAct)
+	require.Len(t, listUpcomingAct.Activities, 1)
+	assert.Equal(t, fleet.ActivityTypeUninstalledSoftware{}.ActivityName(), listUpcomingAct.Activities[0].Type)
+	details := make(map[string]interface{}, 5)
+	require.NoError(t, json.Unmarshal(*listUpcomingAct.Activities[0].Details, &details))
+	assert.EqualValues(t, fleet.SoftwareUninstallPending, details["status"])
+
+	// Check that status is reflected in software title response
+	titleResp = getSoftwareTitleResponse{}
+	s.DoJSON("GET", fmt.Sprintf("/api/latest/fleet/software/titles/%d", titleID), nil, http.StatusOK, &titleResp, "team_id",
+		strconv.Itoa(int(*teamID)))
+	require.NotNil(t, titleResp.SoftwareTitle.SoftwarePackage)
+	assert.Equal(t, "ruby.deb", titleResp.SoftwareTitle.SoftwarePackage.Name)
+	require.NotNil(t, titleResp.SoftwareTitle.SoftwarePackage.Status)
+	assert.Equal(t, fleet.SoftwareInstallerStatusSummary{
+		PendingInstall:   1,
+		FailedInstall:    1,
+		PendingUninstall: 1,
+	}, *titleResp.SoftwareTitle.SoftwarePackage.Status)
+
+	// Another install/uninstall cannot be send once an uninstall is pending
+	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/%d/install", h.ID, titleID), nil, http.StatusBadRequest, &resp)
+	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/%d/uninstall", h.ID, titleID), nil, http.StatusBadRequest, &resp)
+
+	// Host sends successful uninstall result
+	var orbitPostScriptResp orbitPostScriptResultResponse
+	s.DoJSON("POST", "/api/fleet/orbit/scripts/result",
+		json.RawMessage(fmt.Sprintf(`{"orbit_node_key": %q, "execution_id": %q, "exit_code": 0, "output": "ok"}`, *h.OrbitNodeKey,
+			uninstallExecutionID)),
+		http.StatusOK, &orbitPostScriptResp)
+
+	// Check activity feed
+	var activitiesResp listActivitiesResponse
+	s.DoJSON("GET", fmt.Sprintf("/api/latest/fleet/hosts/%d/activities", h.ID), nil, http.StatusOK, &activitiesResp, "order_key", "a.id",
+		"order_direction", "desc")
+	require.NotEmpty(t, activitiesResp.Activities)
+	assert.Equal(t, fleet.ActivityTypeUninstalledSoftware{}.ActivityName(), activitiesResp.Activities[0].Type)
+	details = make(map[string]interface{}, 5)
+	require.NoError(t, json.Unmarshal(*activitiesResp.Activities[0].Details, &details))
+	assert.Equal(t, "uninstalled", details["status"])
+
+	// Software should be available for install again
+	s.DoJSON("GET", fmt.Sprintf("/api/latest/fleet/hosts/%d/software", h.ID), nil, http.StatusOK, &getHostSoftwareResp)
+	require.Len(t, getHostSoftwareResp.Software, 1)
+	assert.NotNil(t, getHostSoftwareResp.Software[0].SoftwarePackage.LastInstall)
+	require.NotNil(t, getHostSoftwareResp.Software[0].SoftwarePackage.LastUninstall)
+	assert.Nil(t, getHostSoftwareResp.Software[0].Status)
+
+	// Uninstall again, but this time with a failed result
+	beforeUninstall := time.Now()
+	// Since host_script_results does not use fine-grained timestamps yet, we adjust
+	beforeUninstall = beforeUninstall.Add(-time.Second)
+	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/%d/uninstall", h.ID, titleID), nil, http.StatusAccepted, &resp)
+	s.DoJSON("GET", fmt.Sprintf("/api/latest/fleet/hosts/%d/software", h.ID), nil, http.StatusOK, &getHostSoftwareResp)
+	require.Len(t, getHostSoftwareResp.Software, 1)
+	assert.NotNil(t, getHostSoftwareResp.Software[0].SoftwarePackage.LastInstall)
+	assert.Equal(t, fleet.SoftwareUninstallPending, *getHostSoftwareResp.Software[0].Status)
+	require.NotNil(t, getHostSoftwareResp.Software[0].SoftwarePackage.LastUninstall)
+	uninstallExecutionID = getHostSoftwareResp.Software[0].SoftwarePackage.LastUninstall.ExecutionID
+	// Host sends failed uninstall result
+	s.DoJSON("POST", "/api/fleet/orbit/scripts/result",
+		json.RawMessage(fmt.Sprintf(`{"orbit_node_key": %q, "execution_id": %q, "exit_code": 1, "output": "not ok"}`, *h.OrbitNodeKey,
+			uninstallExecutionID)),
+		http.StatusOK, &orbitPostScriptResp)
+
+	// Check activity feed
+	s.DoJSON("GET", fmt.Sprintf("/api/latest/fleet/hosts/%d/activities", h.ID), nil, http.StatusOK, &activitiesResp, "order_key", "a.id",
+		"order_direction", "desc")
+	require.NotEmpty(t, activitiesResp.Activities)
+	assert.Equal(t, fleet.ActivityTypeUninstalledSoftware{}.ActivityName(), activitiesResp.Activities[0].Type)
+	details = make(map[string]interface{}, 5)
+	require.NoError(t, json.Unmarshal(*activitiesResp.Activities[0].Details, &details))
+	assert.Equal(t, "failed", details["status"])
+
+	// Access software install/uninstall result after host is deleted
 	err = s.ds.DeleteHost(context.Background(), h.ID)
 	require.NoError(t, err)
 
@@ -11168,12 +11314,21 @@ func (s *integrationEnterpriseTestSuite) TestSoftwareInstallerHostRequests() {
 	require.NotNil(t, instResult.HostDeletedAt)
 
 	gsirr = getSoftwareInstallResultsResponse{}
-	s.DoJSON("GET", fmt.Sprintf("/api/latest/fleet/software/install/results/%s", installUUID), nil, http.StatusOK, &gsirr)
+	s.DoJSON("GET", fmt.Sprintf("/api/latest/fleet/software/install/%s/results", installUUID), nil, http.StatusOK, &gsirr)
 	require.NoError(t, gsirr.Err)
 	require.NotNil(t, gsirr.Results)
 	results = gsirr.Results
 	require.Equal(t, installUUID, results.InstallUUID)
-	require.Equal(t, fleet.SoftwareInstallerPending, results.Status)
+	require.Equal(t, fleet.SoftwareInstalled, results.Status)
+
+	var scriptResultResp getScriptResultResponse
+	s.DoJSON("GET", "/api/latest/fleet/scripts/results/"+uninstallExecutionID, nil, http.StatusOK, &scriptResultResp)
+	assert.Equal(t, h.ID, scriptResultResp.HostID)
+	assert.NotEmpty(t, scriptResultResp.ScriptContents)
+	require.NotNil(t, scriptResultResp.ExitCode)
+	assert.EqualValues(t, 1, *scriptResultResp.ExitCode)
+	assert.Equal(t, "not ok", scriptResultResp.Output)
+	assert.Less(t, beforeUninstall, scriptResultResp.CreatedAt)
 }
 
 func (s *integrationEnterpriseTestSuite) TestSelfServiceSoftwareInstall() {
@@ -11225,7 +11380,7 @@ func (s *integrationEnterpriseTestSuite) TestSelfServiceSoftwareInstall() {
 	require.Equal(t, host1.ID, details.HostID)
 	require.Equal(t, details.SoftwareTitle, payloadSS.Title)
 	require.True(t, details.SelfService)
-	require.EqualValues(t, fleet.SoftwareInstallerPending, details.Status)
+	require.EqualValues(t, fleet.SoftwareInstallPending, details.Status)
 	installID := details.InstallUUID
 
 	// record the installation results
@@ -11255,7 +11410,7 @@ func (s *integrationEnterpriseTestSuite) TestSelfServiceSoftwareInstall() {
 	require.Equal(t, host1.ID, details.HostID)
 	require.Equal(t, details.SoftwareTitle, payloadSS.Title)
 	require.True(t, details.SelfService)
-	require.EqualValues(t, fleet.SoftwareInstallerInstalled, details.Status)
+	require.EqualValues(t, fleet.SoftwareInstalled, details.Status)
 }
 
 func (s *integrationEnterpriseTestSuite) TestHostSoftwareInstallResult() {
@@ -11306,7 +11461,7 @@ func (s *integrationEnterpriseTestSuite) TestHostSoftwareInstallResult() {
 	titleIDs := []uint{titleID, titleID2, titleID3}
 	for i := 0; i < len(installUUIDs); i++ {
 		resp := installSoftwareResponse{}
-		s.DoJSON("POST", fmt.Sprintf("/api/v1/fleet/hosts/%d/software/install/%d", host.ID, titleIDs[i]), nil, http.StatusAccepted, &resp)
+		s.DoJSON("POST", fmt.Sprintf("/api/v1/fleet/hosts/%d/software/%d/install", host.ID, titleIDs[i]), nil, http.StatusAccepted, &resp)
 		installUUIDs[i] = latestInstallUUID()
 	}
 
@@ -11320,7 +11475,7 @@ func (s *integrationEnterpriseTestSuite) TestHostSoftwareInstallResult() {
 	}
 	checkResults := func(want result) {
 		var resp getSoftwareInstallResultsResponse
-		s.DoJSON("GET", "/api/v1/fleet/software/install/results/"+want.InstallUUID, nil, http.StatusOK, &resp)
+		s.DoJSON("GET", fmt.Sprintf("/api/v1/fleet/software/install/%s/results", want.InstallUUID), nil, http.StatusOK, &resp)
 
 		assert.Equal(t, want.HostID, resp.Results.HostID)
 		assert.Equal(t, want.InstallUUID, resp.Results.InstallUUID)
@@ -11342,7 +11497,7 @@ func (s *integrationEnterpriseTestSuite) TestHostSoftwareInstallResult() {
 	checkResults(result{
 		HostID:                host.ID,
 		InstallUUID:           installUUIDs[0],
-		Status:                fleet.SoftwareInstallerFailed,
+		Status:                fleet.SoftwareInstallFailed,
 		PreInstallQueryOutput: ptr.String(fleet.SoftwareInstallerQuerySuccessCopy),
 		Output:                ptr.String(fmt.Sprintf(fleet.SoftwareInstallerInstallFailCopy, "failed")),
 	})
@@ -11352,7 +11507,7 @@ func (s *integrationEnterpriseTestSuite) TestHostSoftwareInstallResult() {
 		SoftwareTitle:   payload.Title,
 		SoftwarePackage: payload.Filename,
 		InstallUUID:     installUUIDs[0],
-		Status:          string(fleet.SoftwareInstallerFailed),
+		Status:          string(fleet.SoftwareInstallFailed),
 	}
 	s.lastActivityMatches(wantAct.ActivityName(), string(jsonMustMarshal(t, wantAct)), 0)
 
@@ -11366,7 +11521,7 @@ func (s *integrationEnterpriseTestSuite) TestHostSoftwareInstallResult() {
 	checkResults(result{
 		HostID:                host.ID,
 		InstallUUID:           installUUIDs[1],
-		Status:                fleet.SoftwareInstallerFailed,
+		Status:                fleet.SoftwareInstallFailed,
 		PreInstallQueryOutput: ptr.String(fleet.SoftwareInstallerQueryFailCopy),
 	})
 	wantAct = fleet.ActivityTypeInstalledSoftware{
@@ -11375,7 +11530,7 @@ func (s *integrationEnterpriseTestSuite) TestHostSoftwareInstallResult() {
 		SoftwareTitle:   payload2.Title,
 		SoftwarePackage: payload2.Filename,
 		InstallUUID:     installUUIDs[1],
-		Status:          string(fleet.SoftwareInstallerFailed),
+		Status:          string(fleet.SoftwareInstallFailed),
 	}
 	s.lastActivityOfTypeMatches(wantAct.ActivityName(), string(jsonMustMarshal(t, wantAct)), 0)
 
@@ -11393,7 +11548,7 @@ func (s *integrationEnterpriseTestSuite) TestHostSoftwareInstallResult() {
 	checkResults(result{
 		HostID:                  host.ID,
 		InstallUUID:             installUUIDs[2],
-		Status:                  fleet.SoftwareInstallerInstalled,
+		Status:                  fleet.SoftwareInstalled,
 		PreInstallQueryOutput:   ptr.String(fleet.SoftwareInstallerQuerySuccessCopy),
 		Output:                  ptr.String(fmt.Sprintf(fleet.SoftwareInstallerInstallSuccessCopy, "success")),
 		PostInstallScriptOutput: ptr.String(fmt.Sprintf(fleet.SoftwareInstallerPostInstallSuccessCopy, "ok")),
@@ -11404,7 +11559,7 @@ func (s *integrationEnterpriseTestSuite) TestHostSoftwareInstallResult() {
 		SoftwareTitle:   payload3.Title,
 		SoftwarePackage: payload3.Filename,
 		InstallUUID:     installUUIDs[2],
-		Status:          string(fleet.SoftwareInstallerInstalled),
+		Status:          string(fleet.SoftwareInstalled),
 	}
 	lastActID := s.lastActivityOfTypeMatches(wantAct.ActivityName(), string(jsonMustMarshal(t, wantAct)), 0)
 
@@ -11559,6 +11714,7 @@ func (s *integrationEnterpriseTestSuite) uploadSoftwareInstaller(
 	require.NoError(t, w.WriteField("install_script", payload.InstallScript))
 	require.NoError(t, w.WriteField("pre_install_query", payload.PreInstallQuery))
 	require.NoError(t, w.WriteField("post_install_script", payload.PostInstallScript))
+	require.NoError(t, w.WriteField("uninstall_script", payload.UninstallScript))
 	if payload.SelfService {
 		require.NoError(t, w.WriteField("self_service", "true"))
 	}
@@ -12900,7 +13056,8 @@ func (s *integrationEnterpriseTestSuite) TestVPPAppsWithoutMDM() {
 	}, &team.ID)
 	require.NoError(t, err)
 
-	r := s.Do("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/install/%d", orbitHost.ID, app.TitleID), &installSoftwareRequest{}, http.StatusUnprocessableEntity)
+	r := s.Do("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/%d/install", orbitHost.ID, app.TitleID), &installSoftwareRequest{},
+		http.StatusUnprocessableEntity)
 	require.Contains(t, extractServerErrorText(r.Body), "Couldn't install. MDM is turned off. Please make sure that MDM is turned on to install App Store apps.")
 }
 
@@ -13258,12 +13415,12 @@ func (s *integrationEnterpriseTestSuite) TestPolicyAutomationsSoftwareInstallers
 	require.NotNil(t, host1LastInstall)
 	require.NotEmpty(t, host1LastInstall.ExecutionID)
 	require.NotNil(t, host1LastInstall.Status)
-	require.Equal(t, fleet.SoftwareInstallerPending, *host1LastInstall.Status)
+	require.Equal(t, fleet.SoftwareInstallPending, *host1LastInstall.Status)
 	prevExecutionID := host1LastInstall.ExecutionID
 
 	// Request a manual installation on the host for the same installer, which should fail.
 	var installResp installSoftwareResponse
-	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/install/%d",
+	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/%d/install",
 		host1Team1.ID, dummyInstallerPkgTitleID), nil, http.StatusBadRequest, &installResp)
 
 	// Submit same results as before, which should not trigger a installation because the policy is already failing.
@@ -13282,7 +13439,7 @@ func (s *integrationEnterpriseTestSuite) TestPolicyAutomationsSoftwareInstallers
 	require.NotNil(t, host1LastInstall)
 	require.Equal(t, prevExecutionID, host1LastInstall.ExecutionID)
 	require.NotNil(t, host1LastInstall.Status)
-	require.Equal(t, fleet.SoftwareInstallerPending, *host1LastInstall.Status)
+	require.Equal(t, fleet.SoftwareInstallPending, *host1LastInstall.Status)
 
 	// Submit same results but policy1Team1 now passes,
 	// and then submit again but policy1Team1 fails.
@@ -13311,7 +13468,7 @@ func (s *integrationEnterpriseTestSuite) TestPolicyAutomationsSoftwareInstallers
 	require.NotNil(t, host1LastInstall)
 	require.Equal(t, prevExecutionID, host1LastInstall.ExecutionID)
 	require.NotNil(t, host1LastInstall.Status)
-	require.Equal(t, fleet.SoftwareInstallerPending, *host1LastInstall.Status)
+	require.Equal(t, fleet.SoftwareInstallPending, *host1LastInstall.Status)
 
 	// host2Team1 is failing policy2Team1 and policy3Team1 policies.
 	distributedResp = submitDistributedQueryResultsResponse{}
@@ -13328,7 +13485,7 @@ func (s *integrationEnterpriseTestSuite) TestPolicyAutomationsSoftwareInstallers
 	require.NotNil(t, host2LastInstall)
 	require.NotEmpty(t, host2LastInstall.ExecutionID)
 	require.NotNil(t, host2LastInstall.Status)
-	require.Equal(t, fleet.SoftwareInstallerPending, *host2LastInstall.Status)
+	require.Equal(t, fleet.SoftwareInstallPending, *host2LastInstall.Status)
 
 	// Associate fleet-osquery.msi to policy4Team2.
 	mtplr = modifyTeamPolicyResponse{}
@@ -13352,7 +13509,7 @@ func (s *integrationEnterpriseTestSuite) TestPolicyAutomationsSoftwareInstallers
 	require.NotNil(t, host3LastInstall)
 	require.NotEmpty(t, host3LastInstall.ExecutionID)
 	require.NotNil(t, host3LastInstall.Status)
-	require.Equal(t, fleet.SoftwareInstallerPending, *host3LastInstall.Status)
+	require.Equal(t, fleet.SoftwareInstallPending, *host3LastInstall.Status)
 	host3LastInstallDetails, err := s.ds.GetSoftwareInstallDetails(ctx, host3LastInstall.ExecutionID)
 	require.NoError(t, err)
 	// Even if fleet-osquery.msi was uploaded as Self-service, it was installed by Fleet, so
@@ -13454,8 +13611,8 @@ func (s *integrationEnterpriseTestSuite) TestPolicyAutomationsSoftwareInstallers
 		"software_package": "%s",
 		"self_service": false,
 		"install_uuid": "%s",
-		"status": "failed"
-	}`, host2Team1.ID, host2Team1.DisplayName(), "ruby", "ruby.deb", host2LastInstall.ExecutionID), 0)
+		"status": "%s"
+	}`, host2Team1.ID, host2Team1.DisplayName(), "ruby", "ruby.deb", host2LastInstall.ExecutionID, fleet.SoftwareInstallFailed), 0)
 
 	// Check that the activity item generated for ruby.deb installation has a null user,
 	// but has name and email set.
@@ -13491,8 +13648,9 @@ func (s *integrationEnterpriseTestSuite) TestPolicyAutomationsSoftwareInstallers
 		"software_package": "%s",
 		"self_service": false,
 		"install_uuid": "%s",
-		"status": "failed"
-	}`, host3Team2.ID, host3Team2.DisplayName(), "Fleet osquery", "fleet-osquery.msi", host3LastInstall.ExecutionID), 0)
+		"status": "%s"
+	}`, host3Team2.ID, host3Team2.DisplayName(), "Fleet osquery", "fleet-osquery.msi", host3LastInstall.ExecutionID,
+		fleet.SoftwareInstallFailed), 0)
 
 	// Check that the activity item generated for fleet-osquery.msi installation has the admin user set as author.
 	mysql.ExecAdhocSQL(t, s.ds, func(q sqlx.ExtContext) error {
diff --git a/server/service/integration_mdm_test.go b/server/service/integration_mdm_test.go
index 10b2462ff2..09876a25ff 100644
--- a/server/service/integration_mdm_test.go
+++ b/server/service/integration_mdm_test.go
@@ -10707,7 +10707,7 @@ func (s *integrationMDMTestSuite) TestVPPApps() {
 
 	// attempt to install a VPP app on the non-MDM enrolled host
 	installResp := installSoftwareResponse{}
-	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/install/%d", orbitHost.ID, macOSTitleID), &installSoftwareRequest{},
+	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/%d/install", orbitHost.ID, macOSTitleID), &installSoftwareRequest{},
 		http.StatusBadRequest, &installResp)
 
 	// Disable all teams token
@@ -10738,7 +10738,8 @@ func (s *integrationMDMTestSuite) TestVPPApps() {
 	s.DoJSON("PATCH", fmt.Sprintf("/api/latest/fleet/vpp_tokens/%d/teams", validToken.Token.ID), patchVPPTokensTeamsRequest{TeamIDs: []uint{}}, http.StatusOK, &resPatchVPP)
 
 	// Attempt to install non-existent app
-	r := s.Do("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/install/%d", mdmHost.ID, 99999), &installSoftwareRequest{}, http.StatusBadRequest)
+	r := s.Do("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/%d/install", mdmHost.ID, 99999), &installSoftwareRequest{},
+		http.StatusBadRequest)
 	require.Contains(t, extractServerErrorText(r.Body), "Couldn't install software. Software title is not available for install. Please add software package or App Store app to install.")
 
 	// Add app 1 as self-service
@@ -10757,7 +10758,8 @@ func (s *integrationMDMTestSuite) TestVPPApps() {
 
 	// Trigger install to the host
 	installResp = installSoftwareResponse{}
-	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/install/%d", mdmHost.ID, errTitleID), &installSoftwareRequest{}, http.StatusAccepted, &installResp)
+	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/%d/install", mdmHost.ID, errTitleID), &installSoftwareRequest{},
+		http.StatusAccepted, &installResp)
 
 	s.Do("DELETE", fmt.Sprintf("/api/latest/fleet/vpp_tokens/%d", vppRes.Token.ID), &deleteVPPTokenRequest{}, http.StatusNoContent)
 
@@ -10802,14 +10804,14 @@ func (s *integrationMDMTestSuite) TestVPPApps() {
 			errApp.Name,
 			errApp.AdamID,
 			failedCmdUUID,
-			fleet.SoftwareInstallerFailed,
+			fleet.SoftwareInstallFailed,
 		),
 		0,
 	)
 
 	// Trigger install to the host
 	installResp = installSoftwareResponse{}
-	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/install/%d", mdmHost.ID, macOSTitleID), &installSoftwareRequest{},
+	s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/%d/install", mdmHost.ID, macOSTitleID), &installSoftwareRequest{},
 		http.StatusAccepted, &installResp)
 	countResp = countHostsResponse{}
 	s.DoJSON("GET", "/api/latest/fleet/hosts/count", nil, http.StatusOK, &countResp, "software_status", "pending", "team_id",
@@ -10849,7 +10851,7 @@ func (s *integrationMDMTestSuite) TestVPPApps() {
 			addedApp.Name,
 			addedApp.AdamID,
 			cmdUUID,
-			fleet.SoftwareInstallerInstalled,
+			fleet.SoftwareInstalled,
 		),
 		0,
 	)
@@ -10868,12 +10870,12 @@ func (s *integrationMDMTestSuite) TestVPPApps() {
 	require.Empty(t, got1.AppStoreApp.Name) // Name is only present for installer packages
 	require.Equal(t, got1.AppStoreApp.Version, addedApp.LatestVersion)
 	require.NotNil(t, got1.Status)
-	require.Equal(t, *got1.Status, fleet.SoftwareInstallerInstalled)
+	require.Equal(t, *got1.Status, fleet.SoftwareInstalled)
 	require.Equal(t, got1.AppStoreApp.LastInstall.CommandUUID, cmdUUID)
 	require.NotNil(t, got1.AppStoreApp.LastInstall.InstalledAt)
 	require.Equal(t, got2.Name, "App 2")
 	require.NotNil(t, got2.Status)
-	require.Equal(t, *got2.Status, fleet.SoftwareInstallerFailed)
+	require.Equal(t, *got2.Status, fleet.SoftwareInstallFailed)
 	require.NotNil(t, got2.AppStoreApp)
 	require.Equal(t, got2.AppStoreApp.AppStoreID, errApp.AdamID)
 	require.Equal(t, got2.AppStoreApp.IconURL, ptr.String(errApp.IconURL))
@@ -10895,7 +10897,7 @@ func (s *integrationMDMTestSuite) TestVPPApps() {
 	require.Empty(t, got1.AppStoreApp.Name)
 	require.Equal(t, got1.AppStoreApp.Version, addedApp.LatestVersion)
 	require.NotNil(t, got1.Status)
-	require.Equal(t, *got1.Status, fleet.SoftwareInstallerInstalled)
+	require.Equal(t, *got1.Status, fleet.SoftwareInstalled)
 	require.Equal(t, got1.AppStoreApp.LastInstall.CommandUUID, cmdUUID)
 	require.NotNil(t, got1.AppStoreApp.LastInstall.InstalledAt)
 
@@ -10988,7 +10990,7 @@ func (s *integrationMDMTestSuite) TestVPPApps() {
 					&fleetSelfServiceSoftwareInstallRequest{}, http.StatusAccepted, &ssInstallResp)
 			} else {
 				installResp = installSoftwareResponse{}
-				s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/install/%d", installHost.ID, titleID),
+				s.DoJSON("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/software/%d/install", installHost.ID, titleID),
 					&installSoftwareRequest{}, http.StatusAccepted, &installResp)
 			}
 			countResp = countHostsResponse{}
@@ -11026,7 +11028,7 @@ func (s *integrationMDMTestSuite) TestVPPApps() {
 					app.Name,
 					app.AdamID,
 					cmdUUID,
-					fleet.SoftwareInstallerPending,
+					fleet.SoftwareInstallPending,
 					install.deviceToken != "",
 				),
 				string(*hostActivitiesResp.Activities[0].Details),
@@ -11054,7 +11056,7 @@ func (s *integrationMDMTestSuite) TestVPPApps() {
 					app.Name,
 					app.AdamID,
 					cmdUUID,
-					fleet.SoftwareInstallerInstalled,
+					fleet.SoftwareInstalled,
 					install.deviceToken != "",
 				),
 				0,
@@ -11074,7 +11076,7 @@ func (s *integrationMDMTestSuite) TestVPPApps() {
 					require.Equal(t, got1.AppStoreApp.IconURL, ptr.String(app.IconURL))
 					require.Empty(t, got1.AppStoreApp.Name) // Name is only present for installer packages
 					require.Equal(t, got1.AppStoreApp.Version, app.LatestVersion)
-					require.Equal(t, *got1.Status, fleet.SoftwareInstallerInstalled)
+					require.Equal(t, *got1.Status, fleet.SoftwareInstalled)
 					require.Equal(t, got1.AppStoreApp.LastInstall.CommandUUID, cmdUUID)
 					require.NotNil(t, got1.AppStoreApp.LastInstall.InstalledAt)
 					foundInstalledApp = true
diff --git a/server/service/orbit.go b/server/service/orbit.go
index e894f8a157..bbc6c437e0 100644
--- a/server/service/orbit.go
+++ b/server/service/orbit.go
@@ -685,7 +685,7 @@ func (svc *Service) SaveHostScriptResult(ctx context.Context, result *fleet.Host
 
 	// always use the authenticated host's ID as host_id
 	result.HostID = host.ID
-	hsr, err := svc.ds.SetHostScriptExecutionResult(ctx, result)
+	hsr, action, err := svc.ds.SetHostScriptExecutionResult(ctx, result)
 	if err != nil {
 		return ctxerr.Wrap(ctx, err, "save host script result")
 	}
@@ -707,20 +707,47 @@ func (svc *Service) SaveHostScriptResult(ctx context.Context, result *fleet.Host
 			scriptName = scr.Name
 		}
 
-		// TODO(sarah): We may need to special case lock/unlock script results here?
-		if err := svc.NewActivity(
-			ctx,
-			user,
-			fleet.ActivityTypeRanScript{
-				HostID:            host.ID,
-				HostDisplayName:   host.DisplayName(),
-				ScriptExecutionID: hsr.ExecutionID,
-				ScriptName:        scriptName,
-				Async:             !hsr.SyncRequest,
-			},
-		); err != nil {
-			return ctxerr.Wrap(ctx, err, "create activity for script execution request")
+		switch action {
+		case "uninstall":
+			// Get software title from execution ID
+			softwareTitleName, err := svc.ds.GetSoftwareTitleNameFromExecutionID(ctx, hsr.ExecutionID)
+			if err != nil {
+				return ctxerr.Wrap(ctx, err, "get software title from execution ID")
+			}
+			activityStatus := "failed"
+			if hsr.ExitCode != nil && *hsr.ExitCode == 0 {
+				activityStatus = "uninstalled"
+			}
+			if err := svc.NewActivity(
+				ctx,
+				user,
+				fleet.ActivityTypeUninstalledSoftware{
+					HostID:          host.ID,
+					HostDisplayName: host.DisplayName(),
+					SoftwareTitle:   softwareTitleName,
+					ExecutionID:     hsr.ExecutionID,
+					Status:          activityStatus,
+				},
+			); err != nil {
+				return ctxerr.Wrap(ctx, err, "create activity for script execution request")
+			}
+		default:
+			// TODO(sarah): We may need to special case lock/unlock script results here?
+			if err := svc.NewActivity(
+				ctx,
+				user,
+				fleet.ActivityTypeRanScript{
+					HostID:            host.ID,
+					HostDisplayName:   host.DisplayName(),
+					ScriptExecutionID: hsr.ExecutionID,
+					ScriptName:        scriptName,
+					Async:             !hsr.SyncRequest,
+				},
+			); err != nil {
+				return ctxerr.Wrap(ctx, err, "create activity for script execution request")
+			}
 		}
+
 	}
 	return nil
 }
@@ -992,7 +1019,7 @@ func (svc *Service) SaveHostSoftwareInstallResult(ctx context.Context, result *f
 		return ctxerr.Wrap(ctx, err, "save host software installation result")
 	}
 
-	if status := result.Status(); status != fleet.SoftwareInstallerPending {
+	if status := result.Status(); status != fleet.SoftwareInstallPending {
 		hsi, err := svc.ds.GetSoftwareInstallResults(ctx, result.InstallUUID)
 		if err != nil {
 			return ctxerr.Wrap(ctx, err, "get host software installation result information")
diff --git a/server/service/osquery.go b/server/service/osquery.go
index 689c1e776e..ec90de1027 100644
--- a/server/service/osquery.go
+++ b/server/service/osquery.go
@@ -1713,7 +1713,7 @@ func (svc *Service) processSoftwareForNewlyFailingPolicies(
 		}
 		// hostLastInstall.Status == nil can happen when a software is installed by Fleet and later removed.
 		if hostLastInstall != nil && hostLastInstall.Status != nil &&
-			*hostLastInstall.Status == fleet.SoftwareInstallerPending {
+			*hostLastInstall.Status == fleet.SoftwareInstallPending {
 			// There's a pending install for this host and installer,
 			// thus we do not queue another install request.
 			level.Debug(svc.logger).Log(
diff --git a/server/service/scripts.go b/server/service/scripts.go
index 9629b78a09..14d39e4964 100644
--- a/server/service/scripts.go
+++ b/server/service/scripts.go
@@ -349,16 +349,17 @@ type getScriptResultRequest struct {
 }
 
 type getScriptResultResponse struct {
-	ScriptContents string `json:"script_contents"`
-	ScriptID       *uint  `json:"script_id"`
-	ExitCode       *int64 `json:"exit_code"`
-	Output         string `json:"output"`
-	Message        string `json:"message"`
-	HostName       string `json:"hostname"`
-	HostTimeout    bool   `json:"host_timeout"`
-	HostID         uint   `json:"host_id"`
-	ExecutionID    string `json:"execution_id"`
-	Runtime        int    `json:"runtime"`
+	ScriptContents string    `json:"script_contents"`
+	ScriptID       *uint     `json:"script_id"`
+	ExitCode       *int64    `json:"exit_code"`
+	Output         string    `json:"output"`
+	Message        string    `json:"message"`
+	HostName       string    `json:"hostname"`
+	HostTimeout    bool      `json:"host_timeout"`
+	HostID         uint      `json:"host_id"`
+	ExecutionID    string    `json:"execution_id"`
+	Runtime        int       `json:"runtime"`
+	CreatedAt      time.Time `json:"created_at"`
 
 	Err error `json:"error,omitempty"`
 }
@@ -388,6 +389,7 @@ func getScriptResultEndpoint(ctx context.Context, request interface{}, svc fleet
 		HostID:         scriptResult.HostID,
 		ExecutionID:    scriptResult.ExecutionID,
 		Runtime:        scriptResult.Runtime,
+		CreatedAt:      scriptResult.CreatedAt,
 	}, nil
 }
 
diff --git a/server/service/software_installers.go b/server/service/software_installers.go
index 9862ade671..b64be63e3e 100644
--- a/server/service/software_installers.go
+++ b/server/service/software_installers.go
@@ -29,6 +29,7 @@ type uploadSoftwareInstallerRequest struct {
 	PreInstallQuery   string
 	PostInstallScript string
 	SelfService       bool
+	UninstallScript   string
 }
 
 type uploadSoftwareInstallerResponse struct {
@@ -96,6 +97,11 @@ func (uploadSoftwareInstallerRequest) DecodeRequest(ctx context.Context, r *http
 		decoded.InstallScript = val[0]
 	}
 
+	val, ok = r.MultipartForm.Value["uninstall_script"]
+	if ok && len(val) > 0 {
+		decoded.UninstallScript = val[0]
+	}
+
 	val, ok = r.MultipartForm.Value["pre_install_query"]
 	if ok && len(val) > 0 {
 		decoded.PreInstallQuery = val[0]
@@ -136,6 +142,7 @@ func uploadSoftwareInstallerEndpoint(ctx context.Context, request interface{}, s
 		InstallerFile:     ff,
 		Filename:          req.File.Filename,
 		SelfService:       req.SelfService,
+		UninstallScript:   req.UninstallScript,
 	}
 
 	if err := svc.UploadSoftwareInstaller(ctx, payload); err != nil {
@@ -332,6 +339,28 @@ func (svc *Service) InstallSoftwareTitle(ctx context.Context, hostID uint, softw
 	return fleet.ErrMissingLicense
 }
 
+type uninstallSoftwareRequest struct {
+	HostID          uint `url:"host_id"`
+	SoftwareTitleID uint `url:"software_title_id"`
+}
+
+func uninstallSoftwareTitleEndpoint(ctx context.Context, request interface{}, svc fleet.Service) (errorer, error) {
+	req := request.(*uninstallSoftwareRequest)
+
+	err := svc.UninstallSoftwareTitle(ctx, req.HostID, req.SoftwareTitleID)
+	if err != nil {
+		return installSoftwareResponse{Err: err}, nil
+	}
+
+	return installSoftwareResponse{}, nil
+}
+
+func (svc *Service) UninstallSoftwareTitle(ctx context.Context, _ uint, _ uint) error {
+	// skipauth: No authorization check needed due to implementation returning only license error.
+	svc.authz.SkipAuthorization(ctx)
+	return fleet.ErrMissingLicense
+}
+
 type getSoftwareInstallResultsRequest struct {
 	InstallUUID string `url:"install_uuid"`
 }