[witch]

Dorset LEA have finally got their act together and sorted out the antivirus:
I have to uninstall Sophos of my server/network and install NOD32.
Given the huge issues with Sophos, I could do with some advice on the best way to do this, and also how to sort out the teachers laptops - presumbly I need a script that will uninstall Sophos and install NOD32 the next time they log on to the network?

I am a bit wary of doing this as I can just see me mucking up the whole network - x2 as I work in two schools

[ICT_GUY]

Yep in the same boat here, dorset have pushed this little headache our way with no instructions. Heres your licence, now get on with it. 8O

The Nod32 has a pretty good admin package, which once installed works well and far faster than sophos. Its not a straight forward setup mind you, you will need to follow the manual. Also you will need to set up a shared folder or http mirror for the updates, plus make a custom package to push out.

Now for the removal of sophos, I have no idea yet. This feature seems to be missing from the management console for some reason. :?

[Andi]

Presumably they won't make it easy to remove their product from the whole network...by design.

Does it have a silent uninstall that you could possibly script at startup via GPO?

[bishopsgarthstockton]

Im sure there is an pdf document that comes with it. to be honnest it goes on really easy, both server and client

[Skoggmeiger]

I'm having to do this myself right now. Let me tell you, it's not straight forward.

If you want a full removal, you're going to have to get your hands dirty and remove some entries from the registry.

I have the instructions that Sophos sent us, if anyone would like a copy?

I believe there is an MSI cleanup Utility available from Microsoft, but this only removes the windows installer information. Any associated registry keys/files/services need to be removed manually.

[bishopsgarthstockton]

Quote:

Originally Posted by Skoggmeiger

I'm having to do this myself right now. Let me tell you, it's not straight forward.

If you want a full removal, you're going to have to get your hands dirty and remove some entries from the registry.

I have the instructions that Sophos sent us, if anyone would like a copy?

I believe there is an MSI cleanup Utility available from Microsoft, but this only removes the windows installer information. Any associated registry keys/files/services need to be removed manually.

Wouldnt mind a copy please for future refrence

[Skoggmeiger]

Sorry, I should have said, I'm having to do a full removal because I'm having problems with it and will have to then re-install it. By running the uninstalls from add/remove programs, you should be able to remove it as normal. However, this will leave registry entries.

To my knowledge, you will have to run the uninstall on every workstation too though, which could be a rather time consuming task. As mentioend, if anyone knows of a script that can do this, we'd be much obliged.

[techyphil]

Hey, ive got a wee sophos script that removes it totally that sophos supplied us with.

We have great difficulty with Sophos especially with laptops not updating and taking hrs. The resources it gobbles is bad as well. Ive suggested we ditch it and go for something else. But Im not sure what and whether it will work better or not.

The file is a batch file and needs a reboot but you may want to take parts of it to make your own.

Quote:

REM -===- VERSION 1.01 -===-

@ECHO OFF
ECHO ================================================== ==================
ECHO Sophos Anti-Virus 5.x / Sophos Anti-Virus 6.x -- Removal Script
ECHO.
ECHO NOTE: Please make a full backup of the computer before you continue.
Echo.
ECHO Press any key to continue, or press Ctrl-C to Cancel.
ECHO ================================================== ==================
ECHO.
Pause.
CLS

ver|find "Windows XP" > NUL
if errorlevel 1 goto 2K
ECHO Windows XP Detected.
TASKKILL /F /IM "Almon.exe" >NUL 2>NUL
REM === Checks to ensure EM Lib, Console or PM are not installed ===
if exist "%PROGRAMFILES%\sophos\enterprise console\cac.pem" GOTO ERR
if exist "%PROGRAMFILES%\sophos\enterprise manager\library\cac.pem" GOTO ERR
if exist "%PROGRAMFILES%\Sophos\PureMessage\bin\puremessage .msc" (GOTO ERR) ELSE (GOTO PASS)

:2K
ver|find "Windows 2000" >NUL
if errorlevel 1 goto 2k3
ECHO Windows 2000 Detected.
REM === Checks to ensure EM Lib, Console or PM are not installed ===
if exist "%PROGRAMFILES%\sophos\enterprise console\cac.pem" GOTO ERR
if exist "%PROGRAMFILES%\sophos\enterprise manager\library\cac.pem" GOTO ERR
if exist "%PROGRAMFILES%\Sophos\PureMessage\bin\puremessage .msc" (GOTO ERR) ELSE (GOTO PASS)

:2K3
ver|find "Version 5.2" >NUL
if errorlevel 1 goto ERR
ECHO Windows 2003 Detected.
TASKKILL /F /IM "Almon.exe" >NUL 2>NUL
REM === Checks to ensure EM Lib, Console or PM are not installed ===
if exist "%PROGRAMFILES%\sophos\enterprise console\cac.pem" GOTO ERR
if exist "%PROGRAMFILES%\sophos\enterprise manager\library\cac.pem" GOTO ERR
if exist "%PROGRAMFILES%\Sophos\PureMessage\bin\puremessage .msc" (GOTO ERR) ELSE (GOTO PASS)

:PASS

ECHO.
ECHO Performing regular MSI based removal...
MSIEXEC /X {15C418EB-7675-42be-B2B3-281952DA014D} /qn /l*v c:\sau2_unist.txt 2> NUL
MSIEXEC /X {C12953C2-4F15-4A6C-91BC-511B96AE2775} /qn /l*v c:\sau_unist.txt 2> NUL
MSIEXEC /X {09C6BF52-6DBA-4A97-9939-B6C24E4738BF} REBOOT=SUPPRESS /qn /l*v c:\sav_unist.txt 2> NUL
MSIEXEC /X {FF11005D-CBC8-45D5-A288-25C7BB304121} /qn /l*v c:\rms_unist.txt 2> NUL
ECHO Completed.

ECHO.
ECHO Performing MSI Cleanup (if available)...
"%PROGRAMFILES%\Windows Installer Clean Up\MSIZAP.EXE" tw {15C418EB-7675-42be-B2B3-281952DA014D} > C:\sop_msiclnup.txt
ECHO -===- END OF SAU2 -===- >> C:\sop_msiclnup.txt

"%PROGRAMFILES%\Windows Installer Clean Up\MSIZAP.EXE" tw {09C6BF52-6DBA-4A97-9939-B6C24E4738BF} >> C:\sop_msiclnup.txt
ECHO -===- END OF SAV -===- >> C:\sop_msiclnup.txt

"%PROGRAMFILES%\Windows Installer Clean Up\MSIZAP.EXE" tw {C12953C2-4F15-4A6C-91BC-511B96AE2775} >> C:\sop_msiclnup.txt
ECHO -===- END OF SAU -===- >> C:\sop_msiclnup.txt

"%PROGRAMFILES%\Windows Installer Clean Up\MSIZAP.EXE" tw {FF11005D-CBC8-45D5-A288-25C7BB304121} >> C:\sop_msiclnup.txt
ECHO -===- END OF RMS -===- >> C:\sop_msiclnup.txt
Echo Completed.

ECHO.
ECHO Constructing Registry Keys for removal...
ECHO Completed.

ECHO REGEDIT4 > %TEMP%\SOTMP.REG
ECHO. >> %TEMP%\SOTMP.REG

REM ====** Registry Keys marked for Removal **================================================ =====================

REM === MSI Installer GUIDs ===
ECHO [-HKEY_CLASSES_ROOT\Installer\Products\25FB6C90ABD67 9A499936B2CE47483FB] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_CLASSES_ROOT\Installer\Products\BE814C515767e b242B3B829125AD10D4] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_CLASSES_ROOT\Installer\Products\2C35921C51F4C 6A419CB15B169EA7257] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_CLASSES_ROOT\Installer\Products\D50011FF8CBC5 D542A88527CBB031412] >> %TEMP%\SOTMP.REG

ECHO [-HKEY_CLASSES_ROOT\Installer\Features\25FB6C90ABD67 9A499936B2CE47483FB] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_CLASSES_ROOT\Installer\Features\BE814C515767e b242B3B829125AD10D4] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_CLASSES_ROOT\Installer\Features\2C35921C51F4C 6A419CB15B169EA7257] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_CLASSES_ROOT\Installer\Features\D50011FF8CBC5 D542A88527CBB031412] >> %TEMP%\SOTMP.REG

ECHO [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\E932B7952 303A1943A2218777329E5A8] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\0D6888B32 A8929940ACA98A3DEBB94B4] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\A2ECF5789 F971654CBB5476964870E94] >> %TEMP%\SOTMP.REG

ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Feat ures\25FB6C90ABD679A499936B2CE47483FB] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Feat ures\BE814C515767eb242B3B829125AD10D4] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Feat ures\2C35921C51F4C6A419CB15B169EA7257] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Feat ures\D50011FF8CBC5D542A88527CBB031412] >> %TEMP%\SOTMP.REG

ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Prod ucts\25FB6C90ABD679A499936B2CE47483FB] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Prod ucts\BE814C515767eb242B3B829125AD10D4] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Prod ucts\2C35921C51F4C6A419CB15B169EA7257] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Prod ucts\D50011FF8CBC5D542A88527CBB031412] >> %TEMP%\SOTMP.REG

ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Upgr adeCodes\E932B7952303A1943A2218777329E5A8] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Upgr adeCodes\0D6888B32A8929940ACA98A3DEBB94B4] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Upgr adeCodes\A2ECF5789F971654CBB5476964870E94] >> %TEMP%\SOTMP.REG

ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UpgradeCodes\E932B7952303A194 3A2218777329E5A8] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UpgradeCodes\0D6888B32A892994 0ACA98A3DEBB94B4] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UpgradeCodes\A2ECF5789F971654 CBB5476964870E94] >> %TEMP%\SOTMP.REG

ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\25FB6C90ABD679A499936B2CE47483FB] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\BE814C515767eb242B3B829125AD10D4] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\2C35921C51F4C6A419CB15B169EA7257] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\D50011FF8CBC5D542A88527CBB031412] >> %TEMP%\SOTMP.REG

REM === Sophos Application Settings ===
ECHO [-HKEY_CURRENT_USER\Software\Sophos] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\Software\Sophos] >> %TEMP%\SOTMP.REG

REM === Sophos Uninstall Keys ===
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\{09C6BF52-6DBA-4A97-9939-B6C24E4738BF}] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\{15C418EB-7675-42be-B2B3-281952DA014D}] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\{C12953C2-4F15-4A6C-91BC-511B96AE2775}] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\{FF11005D-CBC8-45D5-A288-25C7BB304121}] >> %TEMP%\SOTMP.REG

REM === Sophos Legacy Services Set01 ===
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_SAVADMINSERVICE] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_SAVONACCESS_CONTROL] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_SAVONACCESS_FILTER] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_SAVSERVICE] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_SOPHOS_AGENT] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_SOPHOS_AUTOUPDATE_AGENT] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_SOPHOS_AUTOUPDATE_SERVICE] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_SOPHOS_MESSAGE_ROUTER] >> %TEMP%\SOTMP.REG

REM === Sophos Event Log Registration Set01 ===
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E ventlog\Application\SophosAntiVirus] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E ventlog\System\SAVOnAccess Control] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E ventlog\System\SAVOnAccess Filter] >> %TEMP%\SOTMP.REG

REM === Sophos Services Set01 ===
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S AVAdminService] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S AVOnAccess Control] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S AVOnAccess Filter] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S AVService] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S ophos Agent] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S ophos AutoUpdate Agent] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S ophos AutoUpdate Service] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S ophos Message Router] >> %TEMP%\SOTMP.REG

REM === Sophos Legacy Services Current===
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_SAVADMINSERVICE] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_SAVONACCESS_CONTROL] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_SAVONACCESS_FILTER] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_SOPHOS_AGENT] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_SAVSERVICE] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_SOPHOS_AUTOUPDATE_AGENT] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_SOPHOS_AUTOUPDATE_SERVICE] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_SOPHOS_MESSAGE_ROUTER] >> %TEMP%\SOTMP.REG

REM === Sophos Event Log Registration Current ===
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Eventlog\Application\SophosAntiVirus] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Eventlog\System\SAVOnAccess Control] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Eventlog\System\SAVOnAccess Filter] >> %TEMP%\SOTMP.REG

REM === Sophos Services Current ===
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SAVAdminService] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SAVOnAccess Control] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SAVOnAccess Filter] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SAVService] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sophos Agent] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sophos AutoUpdate Agent] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sophos AutoUpdate Service] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sophos Message Router] >> %TEMP%\SOTMP.REG

REM ================================================== ================================================== ==========

ECHO.
ECHO Stopping Sophos Anti-Virus Services...
net stop "Sophos Agent" 2> NUL
net stop "Sophos Anti-Virus" 2> NUL
net stop "Sophos Anti-Virus status reporter" 2> NUL
net stop "Sophos AutoUpdate Service" 2> NUL
net stop "Sophos Message Router" 2> NUL
ECHO Completed.

GOTO SERXP

:RESUME
ECHO.
ECHO Unregistering DLLs...

REM === Sophos Anti-Virus DLLs ===
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\backgroundscanning.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\componentmanager.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\configuration.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\desktopmessaging.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\driveprocessor.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\eeconsumer.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\filterprocessors.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\fsdecomposer.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\icadapter.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\icmanagement.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\icprocessors.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\legacyconsumers.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\localisation.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\logging.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\persistance.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SAVI0.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SAVMSCM.DLL"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\savshellext.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\scaneditexports.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\scaneditfacade.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\scanmanagement.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\security.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\sophtaineradapter.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\systeminformation.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\threatdetection.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\threatmanagement.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\translators.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\virusdetection.dll"

REM === Sophos AutoUpdate DLLs ===
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\cidsync.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\config.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\inetconn.dll "
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\InstlMgr.dll "
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\ispsheet.dll "
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\logger.dll"
ECHO Completed.

ECHO.
ECHO Removing the Sophos Installation Files...

REM === Emtpies the temporary files folders, folders are recreated if they are empty ===
RD /s /Q %TEMP% 2> NUL
MD %TEMP% 2> NUL
RD /s /Q %WINDIR%\TEMP\ 2> NUL
MD %WINDIR%\Temp 2> NUL

REM === Remove Sophos created folders and files ===
RD /S /Q "%PROGRAMFILES%\SOPHOS\AutoUpdate" 2> NUL
RD /S /Q "%PROGRAMFILES%\SOPHOS\Sophos Anti-Virus" 2> NUL
RD /S /Q "%PROGRAMFILES%\SOPHOS\Remote Management System" 2> NUL
RD /S /Q "%PROGRAMFILES%\SOPHOS\" 2> NUL
RD /S /Q "C:\SAVXPSA" 2> NUL
RD /s /Q "%ALLUSERSPROFILE%\Start Menu\Programs\Sophos" 2> NUL
RD /S /Q "%ALLUSERSPROFILE%\Application Data\Sophos" 2> NUL
RD /S /Q "%USERPROFILE%\Application Data\Sophos" 2> NUL
DEL /Q "%ALLUSERSPROFILE%\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk" 2> NUL
RD /S /Q "%WINDIR%\Installer\{09C6BF52-6DBA-4A97-9939-B6C24E4738BF}" 2> NUL
RD /S /Q "%WINDIR%\Installer\{15C418EB-7675-42be-B2B3-281952DA014D}" 2> NUL
RD /S /Q "%WINDIR%\Installer\{C12953C2-4F15-4A6C-91BC-511B96AE2775}" 2> NUL
RD /S /Q "%WINDIR%\Installer\{FF11005D-CBC8-45D5-A288-25C7BB304121}" 2> NUL
DEL /Q "%WINDIR%\System32\Drivers\savonaccesscontrol. sys" 2> NUL
DEL /Q "%WINDIR%\System32\Drivers\savonaccessfilter.s ys" 2> NUL
ECHO Completed.

REM === Remove the typical Sophos account/groups for Sophos AutoUpdate ===
ECHO.
ECHO Deleting Sophos Accounts and Sophos Groups...
Net user SophosSAU%COMPUTERNAME%0 /DELETE 2> NUL
Net user SophosSAU%COMPUTERNAME%1 /DELETE 2> NUL
Net user SophosSAU%COMPUTERNAME%2 /DELETE 2> NUL
Net user SophosSAU%COMPUTERNAME%3 /DELETE 2> NUL

Net localgroup SophosAdministrator /DELETE 2> NUL
Net localgroup SophosOnAccess /DELETE 2> NUL
Net localgroup SophosPowerUser /DELETE 2> NUL
Net localgroup SophosUser /DELETE 2> NUL
ECHO Completed.

GOTO END

:SERXP
ver|find "Windows XP" > NUL
if errorlevel 1 goto SER2K3
ECHO.
ECHO (XP) Deleting Sophos Services...
sc delete SAVService > NUL
sc delete SAVAdminService > NUL
sc delete "Sophos Agent" > NUL
sc delete "Sophos AutoUpdate Agent" > NUL
sc delete "Sophos AutoUpdate Service" > NUL
sc delete "Sophos Message Router" > NUL
ECHO Completed.
ECHO.
ECHO Removing the Sophos Registry Keys...
SC create SopReg binpath= "cmd /K START /WAIT REGEDIT /S %TEMP%\SOTMP.REG" type= own type= interact
sc start "SopReg" > NUL
sc delete "SopReg"
ECHO Completed.
GOTO RESUME

:SER2K3
ver|find "Version 5.2" >NUL
if errorlevel 1 goto SER2K
ECHO.
ECHO (2K3) Deleting Sophos Services...
sc delete SAVService > NUL
sc delete SAVAdminService > NUL
sc delete "Sophos Agent" > NUL
sc delete "Sophos AutoUpdate Agent" > NUL
sc delete "Sophos AutoUpdate Service" > NUL
sc delete "Sophos Message Router" > NUL
ECHO Completed.
ECHO.
ECHO Removing the Sophos Registry Keys...
SC create SopReg binpath= "cmd /K START /WAIT REGEDIT /S %TEMP%\SOTMP.REG" type= own type= interact
sc start "SopReg" > NUL
sc delete "SopReg"
ECHO Completed.
GOTO RESUME

:SER2K
ver|find "Windows 2000" >NUL
if errorlevel 1 goto END
ECHO.
ECHO Removing the Sophos Registry Keys...
REGEDIT /S %TEMP%\SOTMP.REG
ECHO Completed.
GOTO RESUME

:END
ECHO.
ECHO ================================================== ==
ECHO Please reboot the computer and run this script again
ECHO If you have not already done so.
ECHO ================================================== ==
Echo.
Pause
EXIT

:ERR
ECHO.
ECHO ================================================== ============
ECHO Script has terminated because either your O.S is Windows 9x/NT
ECHO OR Puremessage/Enterprise Console/EM Library was found.
ECHO ================================================== ============
Pause
EXIT

Please let me know what you think to NOD32

[Skoggmeiger]

Wow, thanks for that one techyphil. Will give that one a go shortly.

These are the instructions we have for removing EM fully from the server.


Sophos EM Removal Instructions
=======================

To remove your entire existing installation and rebuilding it:

1) Go to 'add remove programs' and remove the programs in the following order:

Sophos Anti-Virus version x.xx
Sophos AutoUpdate
Sophos Remote Management System
Microsoft SQL Server Desktop Engine (SOPHOS)
Sophos EM Library
Sophos EM Library Console
Sophos Enterprise console - management server

2) Go to 'services'. If any of the following services are still running, stop them.

Sophos Agent
Sophos Anti-Virus
sophos Anti-virus status reporter
Sophos Autoupdate Agent
Sophos Autoupdate Service
Sophos certification Manager
Sophos EMLibUpdate Manager
Sophos Enterprise Manager Scheduler
Sophos Message Router
Sophos Certification Manager
Sophos ManagementService
Sophos Session Manager
SQLAgent$SOPHOS
MSSQL$SOPHOS


3) If any of the following registry keys exist, remove them:

i) HKCU|Software|Sophos
ii) HKLM|Software|Sophos

iii) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sophos Agent

iv) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SAVService

v)HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Serv ices\SAVAdminService

vi)HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Ser vices\Sophos AutoUpdate Agent
vii) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sophos AutoUpdate Service

viii) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sophos Certification Manager

ix) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sophos EMLib Update Agent

x) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SEMscheduler

xi) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sophos Management Service

xii) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sophos Message Router

xiii)HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\S ervices\SQLAgent$SOPHOS

xiv)HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Se rvices\MSSQL$SOPHOS


If the registry keys above are present under controlset001/002/003, then delete those as well.

i) HKLM|system|currentcontrolset|services|Eventlog|so phos

ii) HKLM|Software|Sophos


iii) HKLM|Software|Microsoft|MSSQLServer|client|SuperSo cketNetLib|Last connect|(entry pertaining to sophos)

iv) HKLM|Software|Microsoft|Microsoft SQL Server (entry 'InstalledInstances' referencing Sophos)

iv) HKLM|Software|Microsoft|Microsoft SQL Server|SOPHOS

v) HKLM|Software|Microsoft|Microsoft SQL Server|80|Tools|Service Manager (entry 'Default' referencing Sophos)


vi) HKLM|Software|Microsoft|Microsoft SQL Server|Component Set (entry'InstanceComponentSet.1={E09B48B5-E141-427A-AB0C-D3605127224A}')




4) Remove the following directories

i) \Program Files|Microsoft SQL Server|MSSQL$SOPHOS
ii) \Program Files|Sophos
iii) \Program Files|Sophos Enterprise Manager
iv) \Program Files|Sophos Sweep for NT


5) Reboot the server.

If the 'Program Files|Sophos' directory could not been deleted previously, please delete it now.

6) If you wish, install and run the MSI Cleanup Utility (http://support.microsoft.com/default...b;en-us;290301). NB the MSI Cleanup Utility will only remove the windows installer information for the product. Any associated registry keys/files/services must be removed manually, as above.

You should now have a system which would allow a clean installation of the control centre to be performed.

[DMcCoy]

I hated this about symantec too, I assume its deliberate to lock you into the product. Nod has a remote uninstall too, although I'm very happy with it.

One thing with Nod, you can keep configs on the mirrors to update all the machines settings when they check for updates. You can't have more than one config on a mirror. I have two mirrors, one for servers (on access disabled for example) and one for normal clients.

[contink]

Quote:

Originally Posted by techyphil

Hey, ive got a wee sophos script that removes it totally that sophos supplied us with.

Thanks for that Phil... Stored that one for future use..

[ICT_GUY]

Thanks for the help, i'm going to give the uninstall batch file a go on a spare pc today, I will post how it goes once done.

[ICT_GUY]

The batch file worlks like a dream on my test PC, needs running, rebooting & a second run to completely remove Sophos but with a shortcut on the admin desktop this is quick and painless.

[srochford]

Quote:

Originally Posted by Andi

Presumably they won't make it easy to remove their product from the whole network...by design.

Does it have a silent uninstall that you could possibly script at startup via GPO?

I think you might presume wrong :-)

Sophos have a tool called Lancet which makes it very easy to remove anti-virus programs. Basically, it has an XML list of virus scanners and details of how to remove them. It nicely removed McAfee for us and I've also briefly tried it with Symantec and it seemed to work!

One of the reasons we were prepared to go with Sophos was that they promised that they could help us to remove existing virus scanners. That's not a lot of help when you're leaving them but you ought to be able to say to the new company that you want a facility to remove their "opposition" :-)

[witch]

srochford - that's a good idea -I will find out if Dorset Council actually thought to ask that question!