My security team have asked me to remove an old MSSQL directory on a Windows 2019 server because it showing vulnerabilities from a Tenable scan. I recently upgraded SQL Server Express 2016 to 2017 and the upgrade has left behind the old MSSQL directory eg C:\Program Files\Microsoft SQL Server\MSSQL13.VEEAMSQL2016. This directory is where the vulnerabilities are however I am unable to update the files in it because its not in use or doesn't contain any instances. In order to keep my security team happy whats the best way to go about removing this directory altogether? I have uninstalled all SQL server express 2016 components but this directory still remains. Can I just delete the directory? will anything break? I tested this on a test server and it wouldn't delete as it said files are still in use. I can see the log file still be written too but thats it. In addition to this, the following directory is showing vulnerabilities from the scans, C:\Program Files\Microsoft SQL Server\130\Setup Bootstrap, can I remove this directory?
