+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
How do you do....it? Thread, Uninstalling Sophos in Technical; Dorset LEA have finally got their act together and sorted out the antivirus: I have to uninstall Sophos of my ...
  1. #1

    witch's Avatar
    Join Date
    Nov 2005
    Location
    Dorset
    Posts
    11,354
    Thank Post
    1,391
    Thanked 2,404 Times in 1,692 Posts
    Rep Power
    708

    Uninstalling Sophos

    Dorset LEA have finally got their act together and sorted out the antivirus:
    I have to uninstall Sophos of my server/network and install NOD32.
    Given the huge issues with Sophos, I could do with some advice on the best way to do this, and also how to sort out the teachers laptops - presumbly I need a script that will uninstall Sophos and install NOD32 the next time they log on to the network?

    I am a bit wary of doing this as I can just see me mucking up the whole network - x2 as I work in two schools

  2. #2
    ICT_GUY's Avatar
    Join Date
    Feb 2007
    Location
    Weymouth
    Posts
    2,261
    Thank Post
    646
    Thanked 283 Times in 204 Posts
    Rep Power
    104

    Re: Uninstalling Sophos

    Yep in the same boat here, dorset have pushed this little headache our way with no instructions. Heres your licence, now get on with it. 8O

    The Nod32 has a pretty good admin package, which once installed works well and far faster than sophos. Its not a straight forward setup mind you, you will need to follow the manual. Also you will need to set up a shared folder or http mirror for the updates, plus make a custom package to push out.

    Now for the removal of sophos, I have no idea yet. This feature seems to be missing from the management console for some reason. :?

  3. #3
    Andi's Avatar
    Join Date
    Feb 2007
    Location
    Newport, South Wales
    Posts
    276
    Thank Post
    52
    Thanked 4 Times in 4 Posts
    Rep Power
    16

    Re: Uninstalling Sophos

    Presumably they won't make it easy to remove their product from the whole network...by design.

    Does it have a silent uninstall that you could possibly script at startup via GPO?

  4. #4

    Join Date
    Nov 2006
    Posts
    547
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Uninstalling Sophos

    Im sure there is an pdf document that comes with it. to be honnest it goes on really easy, both server and client

  5. #5

    Join Date
    May 2007
    Posts
    131
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Uninstalling Sophos

    I'm having to do this myself right now. Let me tell you, it's not straight forward.

    If you want a full removal, you're going to have to get your hands dirty and remove some entries from the registry.

    I have the instructions that Sophos sent us, if anyone would like a copy?

    I believe there is an MSI cleanup Utility available from Microsoft, but this only removes the windows installer information. Any associated registry keys/files/services need to be removed manually.

  6. #6

    Join Date
    Nov 2006
    Posts
    547
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Uninstalling Sophos

    Quote Originally Posted by Skoggmeiger
    I'm having to do this myself right now. Let me tell you, it's not straight forward.

    If you want a full removal, you're going to have to get your hands dirty and remove some entries from the registry.

    I have the instructions that Sophos sent us, if anyone would like a copy?

    I believe there is an MSI cleanup Utility available from Microsoft, but this only removes the windows installer information. Any associated registry keys/files/services need to be removed manually.
    Wouldnt mind a copy please for future refrence

  7. #7

    Join Date
    May 2007
    Posts
    131
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Uninstalling Sophos

    Sorry, I should have said, I'm having to do a full removal because I'm having problems with it and will have to then re-install it. By running the uninstalls from add/remove programs, you should be able to remove it as normal. However, this will leave registry entries.

    To my knowledge, you will have to run the uninstall on every workstation too though, which could be a rather time consuming task. As mentioend, if anyone knows of a script that can do this, we'd be much obliged.

  8. #8

    Join Date
    Mar 2007
    Posts
    323
    Thank Post
    6
    Thanked 7 Times in 6 Posts
    Rep Power
    17

    Re: Uninstalling Sophos

    Hey, ive got a wee sophos script that removes it totally that sophos supplied us with.

    We have great difficulty with Sophos especially with laptops not updating and taking hrs. The resources it gobbles is bad as well. Ive suggested we ditch it and go for something else. But Im not sure what and whether it will work better or not.

    The file is a batch file and needs a reboot but you may want to take parts of it to make your own.

    REM -===- VERSION 1.01 -===-

    @ECHO OFF
    ECHO ================================================== ==================
    ECHO Sophos Anti-Virus 5.x / Sophos Anti-Virus 6.x -- Removal Script
    ECHO.
    ECHO NOTE: Please make a full backup of the computer before you continue.
    Echo.
    ECHO Press any key to continue, or press Ctrl-C to Cancel.
    ECHO ================================================== ==================
    ECHO.
    Pause.
    CLS

    ver|find "Windows XP" > NUL
    if errorlevel 1 goto 2K
    ECHO Windows XP Detected.
    TASKKILL /F /IM "Almon.exe" >NUL 2>NUL
    REM === Checks to ensure EM Lib, Console or PM are not installed ===
    if exist "%PROGRAMFILES%\sophos\enterprise console\cac.pem" GOTO ERR
    if exist "%PROGRAMFILES%\sophos\enterprise manager\library\cac.pem" GOTO ERR
    if exist "%PROGRAMFILES%\Sophos\PureMessage\bin\puremessage .msc" (GOTO ERR) ELSE (GOTO PASS)

    :2K
    ver|find "Windows 2000" >NUL
    if errorlevel 1 goto 2k3
    ECHO Windows 2000 Detected.
    REM === Checks to ensure EM Lib, Console or PM are not installed ===
    if exist "%PROGRAMFILES%\sophos\enterprise console\cac.pem" GOTO ERR
    if exist "%PROGRAMFILES%\sophos\enterprise manager\library\cac.pem" GOTO ERR
    if exist "%PROGRAMFILES%\Sophos\PureMessage\bin\puremessage .msc" (GOTO ERR) ELSE (GOTO PASS)

    :2K3
    ver|find "Version 5.2" >NUL
    if errorlevel 1 goto ERR
    ECHO Windows 2003 Detected.
    TASKKILL /F /IM "Almon.exe" >NUL 2>NUL
    REM === Checks to ensure EM Lib, Console or PM are not installed ===
    if exist "%PROGRAMFILES%\sophos\enterprise console\cac.pem" GOTO ERR
    if exist "%PROGRAMFILES%\sophos\enterprise manager\library\cac.pem" GOTO ERR
    if exist "%PROGRAMFILES%\Sophos\PureMessage\bin\puremessage .msc" (GOTO ERR) ELSE (GOTO PASS)

    :PASS

    ECHO.
    ECHO Performing regular MSI based removal...
    MSIEXEC /X {15C418EB-7675-42be-B2B3-281952DA014D} /qn /l*v c:\sau2_unist.txt 2> NUL
    MSIEXEC /X {C12953C2-4F15-4A6C-91BC-511B96AE2775} /qn /l*v c:\sau_unist.txt 2> NUL
    MSIEXEC /X {09C6BF52-6DBA-4A97-9939-B6C24E4738BF} REBOOT=SUPPRESS /qn /l*v c:\sav_unist.txt 2> NUL
    MSIEXEC /X {FF11005D-CBC8-45D5-A288-25C7BB304121} /qn /l*v c:\rms_unist.txt 2> NUL
    ECHO Completed.

    ECHO.
    ECHO Performing MSI Cleanup (if available)...
    "%PROGRAMFILES%\Windows Installer Clean Up\MSIZAP.EXE" tw {15C418EB-7675-42be-B2B3-281952DA014D} > C:\sop_msiclnup.txt
    ECHO -===- END OF SAU2 -===- >> C:\sop_msiclnup.txt

    "%PROGRAMFILES%\Windows Installer Clean Up\MSIZAP.EXE" tw {09C6BF52-6DBA-4A97-9939-B6C24E4738BF} >> C:\sop_msiclnup.txt
    ECHO -===- END OF SAV -===- >> C:\sop_msiclnup.txt

    "%PROGRAMFILES%\Windows Installer Clean Up\MSIZAP.EXE" tw {C12953C2-4F15-4A6C-91BC-511B96AE2775} >> C:\sop_msiclnup.txt
    ECHO -===- END OF SAU -===- >> C:\sop_msiclnup.txt

    "%PROGRAMFILES%\Windows Installer Clean Up\MSIZAP.EXE" tw {FF11005D-CBC8-45D5-A288-25C7BB304121} >> C:\sop_msiclnup.txt
    ECHO -===- END OF RMS -===- >> C:\sop_msiclnup.txt
    Echo Completed.

    ECHO.
    ECHO Constructing Registry Keys for removal...
    ECHO Completed.

    ECHO REGEDIT4 > %TEMP%\SOTMP.REG
    ECHO. >> %TEMP%\SOTMP.REG

    REM ====** Registry Keys marked for Removal **================================================ =====================

    REM === MSI Installer GUIDs ===
    ECHO [-HKEY_CLASSES_ROOT\Installer\Products\25FB6C90ABD67 9A499936B2CE47483FB] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_CLASSES_ROOT\Installer\Products\BE814C515767e b242B3B829125AD10D4] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_CLASSES_ROOT\Installer\Products\2C35921C51F4C 6A419CB15B169EA7257] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_CLASSES_ROOT\Installer\Products\D50011FF8CBC5 D542A88527CBB031412] >> %TEMP%\SOTMP.REG

    ECHO [-HKEY_CLASSES_ROOT\Installer\Features\25FB6C90ABD67 9A499936B2CE47483FB] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_CLASSES_ROOT\Installer\Features\BE814C515767e b242B3B829125AD10D4] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_CLASSES_ROOT\Installer\Features\2C35921C51F4C 6A419CB15B169EA7257] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_CLASSES_ROOT\Installer\Features\D50011FF8CBC5 D542A88527CBB031412] >> %TEMP%\SOTMP.REG

    ECHO [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\E932B7952 303A1943A2218777329E5A8] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\0D6888B32 A8929940ACA98A3DEBB94B4] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\A2ECF5789 F971654CBB5476964870E94] >> %TEMP%\SOTMP.REG

    ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Feat ures\25FB6C90ABD679A499936B2CE47483FB] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Feat ures\BE814C515767eb242B3B829125AD10D4] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Feat ures\2C35921C51F4C6A419CB15B169EA7257] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Feat ures\D50011FF8CBC5D542A88527CBB031412] >> %TEMP%\SOTMP.REG

    ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Prod ucts\25FB6C90ABD679A499936B2CE47483FB] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Prod ucts\BE814C515767eb242B3B829125AD10D4] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Prod ucts\2C35921C51F4C6A419CB15B169EA7257] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Prod ucts\D50011FF8CBC5D542A88527CBB031412] >> %TEMP%\SOTMP.REG

    ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Upgr adeCodes\E932B7952303A1943A2218777329E5A8] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Upgr adeCodes\0D6888B32A8929940ACA98A3DEBB94B4] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Upgr adeCodes\A2ECF5789F971654CBB5476964870E94] >> %TEMP%\SOTMP.REG

    ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UpgradeCodes\E932B7952303A194 3A2218777329E5A8] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UpgradeCodes\0D6888B32A892994 0ACA98A3DEBB94B4] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UpgradeCodes\A2ECF5789F971654 CBB5476964870E94] >> %TEMP%\SOTMP.REG

    ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\25FB6C90ABD679A499936B2CE47483FB] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\BE814C515767eb242B3B829125AD10D4] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\2C35921C51F4C6A419CB15B169EA7257] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\D50011FF8CBC5D542A88527CBB031412] >> %TEMP%\SOTMP.REG

    REM === Sophos Application Settings ===
    ECHO [-HKEY_CURRENT_USER\Software\Sophos] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\Software\Sophos] >> %TEMP%\SOTMP.REG

    REM === Sophos Uninstall Keys ===
    ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\{09C6BF52-6DBA-4A97-9939-B6C24E4738BF}] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\{15C418EB-7675-42be-B2B3-281952DA014D}] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\{C12953C2-4F15-4A6C-91BC-511B96AE2775}] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\{FF11005D-CBC8-45D5-A288-25C7BB304121}] >> %TEMP%\SOTMP.REG

    REM === Sophos Legacy Services Set01 ===
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_SAVADMINSERVICE] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_SAVONACCESS_CONTROL] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_SAVONACCESS_FILTER] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_SAVSERVICE] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_SOPHOS_AGENT] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_SOPHOS_AUTOUPDATE_AGENT] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_SOPHOS_AUTOUPDATE_SERVICE] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_SOPHOS_MESSAGE_ROUTER] >> %TEMP%\SOTMP.REG

    REM === Sophos Event Log Registration Set01 ===
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E ventlog\Application\SophosAntiVirus] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E ventlog\System\SAVOnAccess Control] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E ventlog\System\SAVOnAccess Filter] >> %TEMP%\SOTMP.REG

    REM === Sophos Services Set01 ===
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S AVAdminService] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S AVOnAccess Control] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S AVOnAccess Filter] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S AVService] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S ophos Agent] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S ophos AutoUpdate Agent] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S ophos AutoUpdate Service] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S ophos Message Router] >> %TEMP%\SOTMP.REG

    REM === Sophos Legacy Services Current===
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_SAVADMINSERVICE] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_SAVONACCESS_CONTROL] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_SAVONACCESS_FILTER] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_SOPHOS_AGENT] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_SAVSERVICE] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_SOPHOS_AUTOUPDATE_AGENT] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_SOPHOS_AUTOUPDATE_SERVICE] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_SOPHOS_MESSAGE_ROUTER] >> %TEMP%\SOTMP.REG

    REM === Sophos Event Log Registration Current ===
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Eventlog\Application\SophosAntiVirus] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Eventlog\System\SAVOnAccess Control] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Eventlog\System\SAVOnAccess Filter] >> %TEMP%\SOTMP.REG

    REM === Sophos Services Current ===
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SAVAdminService] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SAVOnAccess Control] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SAVOnAccess Filter] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SAVService] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sophos Agent] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sophos AutoUpdate Agent] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sophos AutoUpdate Service] >> %TEMP%\SOTMP.REG
    ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sophos Message Router] >> %TEMP%\SOTMP.REG

    REM ================================================== ================================================== ==========

    ECHO.
    ECHO Stopping Sophos Anti-Virus Services...
    net stop "Sophos Agent" 2> NUL
    net stop "Sophos Anti-Virus" 2> NUL
    net stop "Sophos Anti-Virus status reporter" 2> NUL
    net stop "Sophos AutoUpdate Service" 2> NUL
    net stop "Sophos Message Router" 2> NUL
    ECHO Completed.

    GOTO SERXP

    :RESUME
    ECHO.
    ECHO Unregistering DLLs...

    REM === Sophos Anti-Virus DLLs ===
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\backgroundscanning.dll"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\componentmanager.dll"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\configuration.dll"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\desktopmessaging.dll"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\driveprocessor.dll"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\eeconsumer.dll"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\filterprocessors.dll"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\fsdecomposer.dll"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\icadapter.dll"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\icmanagement.dll"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\icprocessors.dll"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\legacyconsumers.dll"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\localisation.dll"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\logging.dll"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\persistance.dll"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SAVI0.dll"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SAVMSCM.DLL"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\savshellext.dll"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\scaneditexports.dll"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\scaneditfacade.dll"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\scanmanagement.dll"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\security.dll"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\sophtaineradapter.dll"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\systeminformation.dll"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\threatdetection.dll"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\threatmanagement.dll"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\translators.dll"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\virusdetection.dll"

    REM === Sophos AutoUpdate DLLs ===
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\cidsync.dll"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\config.dll"
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\inetconn.dll "
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\InstlMgr.dll "
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\ispsheet.dll "
    regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\logger.dll"
    ECHO Completed.

    ECHO.
    ECHO Removing the Sophos Installation Files...

    REM === Emtpies the temporary files folders, folders are recreated if they are empty ===
    RD /s /Q %TEMP% 2> NUL
    MD %TEMP% 2> NUL
    RD /s /Q %WINDIR%\TEMP\ 2> NUL
    MD %WINDIR%\Temp 2> NUL

    REM === Remove Sophos created folders and files ===
    RD /S /Q "%PROGRAMFILES%\SOPHOS\AutoUpdate" 2> NUL
    RD /S /Q "%PROGRAMFILES%\SOPHOS\Sophos Anti-Virus" 2> NUL
    RD /S /Q "%PROGRAMFILES%\SOPHOS\Remote Management System" 2> NUL
    RD /S /Q "%PROGRAMFILES%\SOPHOS\" 2> NUL
    RD /S /Q "C:\SAVXPSA" 2> NUL
    RD /s /Q "%ALLUSERSPROFILE%\Start Menu\Programs\Sophos" 2> NUL
    RD /S /Q "%ALLUSERSPROFILE%\Application Data\Sophos" 2> NUL
    RD /S /Q "%USERPROFILE%\Application Data\Sophos" 2> NUL
    DEL /Q "%ALLUSERSPROFILE%\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk" 2> NUL
    RD /S /Q "%WINDIR%\Installer\{09C6BF52-6DBA-4A97-9939-B6C24E4738BF}" 2> NUL
    RD /S /Q "%WINDIR%\Installer\{15C418EB-7675-42be-B2B3-281952DA014D}" 2> NUL
    RD /S /Q "%WINDIR%\Installer\{C12953C2-4F15-4A6C-91BC-511B96AE2775}" 2> NUL
    RD /S /Q "%WINDIR%\Installer\{FF11005D-CBC8-45D5-A288-25C7BB304121}" 2> NUL
    DEL /Q "%WINDIR%\System32\Drivers\savonaccesscontrol. sys" 2> NUL
    DEL /Q "%WINDIR%\System32\Drivers\savonaccessfilter.s ys" 2> NUL
    ECHO Completed.

    REM === Remove the typical Sophos account/groups for Sophos AutoUpdate ===
    ECHO.
    ECHO Deleting Sophos Accounts and Sophos Groups...
    Net user SophosSAU%COMPUTERNAME%0 /DELETE 2> NUL
    Net user SophosSAU%COMPUTERNAME%1 /DELETE 2> NUL
    Net user SophosSAU%COMPUTERNAME%2 /DELETE 2> NUL
    Net user SophosSAU%COMPUTERNAME%3 /DELETE 2> NUL

    Net localgroup SophosAdministrator /DELETE 2> NUL
    Net localgroup SophosOnAccess /DELETE 2> NUL
    Net localgroup SophosPowerUser /DELETE 2> NUL
    Net localgroup SophosUser /DELETE 2> NUL
    ECHO Completed.

    GOTO END

    :SERXP
    ver|find "Windows XP" > NUL
    if errorlevel 1 goto SER2K3
    ECHO.
    ECHO (XP) Deleting Sophos Services...
    sc delete SAVService > NUL
    sc delete SAVAdminService > NUL
    sc delete "Sophos Agent" > NUL
    sc delete "Sophos AutoUpdate Agent" > NUL
    sc delete "Sophos AutoUpdate Service" > NUL
    sc delete "Sophos Message Router" > NUL
    ECHO Completed.
    ECHO.
    ECHO Removing the Sophos Registry Keys...
    SC create SopReg binpath= "cmd /K START /WAIT REGEDIT /S %TEMP%\SOTMP.REG" type= own type= interact
    sc start "SopReg" > NUL
    sc delete "SopReg"
    ECHO Completed.
    GOTO RESUME

    :SER2K3
    ver|find "Version 5.2" >NUL
    if errorlevel 1 goto SER2K
    ECHO.
    ECHO (2K3) Deleting Sophos Services...
    sc delete SAVService > NUL
    sc delete SAVAdminService > NUL
    sc delete "Sophos Agent" > NUL
    sc delete "Sophos AutoUpdate Agent" > NUL
    sc delete "Sophos AutoUpdate Service" > NUL
    sc delete "Sophos Message Router" > NUL
    ECHO Completed.
    ECHO.
    ECHO Removing the Sophos Registry Keys...
    SC create SopReg binpath= "cmd /K START /WAIT REGEDIT /S %TEMP%\SOTMP.REG" type= own type= interact
    sc start "SopReg" > NUL
    sc delete "SopReg"
    ECHO Completed.
    GOTO RESUME

    :SER2K
    ver|find "Windows 2000" >NUL
    if errorlevel 1 goto END
    ECHO.
    ECHO Removing the Sophos Registry Keys...
    REGEDIT /S %TEMP%\SOTMP.REG
    ECHO Completed.
    GOTO RESUME

    :END
    ECHO.
    ECHO ================================================== ==
    ECHO Please reboot the computer and run this script again
    ECHO If you have not already done so.
    ECHO ================================================== ==
    Echo.
    Pause
    EXIT

    :ERR
    ECHO.
    ECHO ================================================== ============
    ECHO Script has terminated because either your O.S is Windows 9x/NT
    ECHO OR Puremessage/Enterprise Console/EM Library was found.
    ECHO ================================================== ============
    Pause
    EXIT
    Please let me know what you think to NOD32

  9. 2 Thanks to techyphil:

    CHR1S (11th February 2013), Roopert (14th January 2010)

  10. #9

    Join Date
    May 2007
    Posts
    131
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Uninstalling Sophos

    Wow, thanks for that one techyphil. Will give that one a go shortly.

    These are the instructions we have for removing EM fully from the server.


    Sophos EM Removal Instructions
    =======================

    To remove your entire existing installation and rebuilding it:

    1) Go to 'add remove programs' and remove the programs in the following order:

    Sophos Anti-Virus version x.xx
    Sophos AutoUpdate
    Sophos Remote Management System
    Microsoft SQL Server Desktop Engine (SOPHOS)
    Sophos EM Library
    Sophos EM Library Console
    Sophos Enterprise console - management server

    2) Go to 'services'. If any of the following services are still running, stop them.

    Sophos Agent
    Sophos Anti-Virus
    sophos Anti-virus status reporter
    Sophos Autoupdate Agent
    Sophos Autoupdate Service
    Sophos certification Manager
    Sophos EMLibUpdate Manager
    Sophos Enterprise Manager Scheduler
    Sophos Message Router
    Sophos Certification Manager
    Sophos ManagementService
    Sophos Session Manager
    SQLAgent$SOPHOS
    MSSQL$SOPHOS


    3) If any of the following registry keys exist, remove them:

    i) HKCU|Software|Sophos
    ii) HKLM|Software|Sophos

    iii) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sophos Agent

    iv) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SAVService

    v)HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Serv ices\SAVAdminService

    vi)HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Ser vices\Sophos AutoUpdate Agent
    vii) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sophos AutoUpdate Service

    viii) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sophos Certification Manager

    ix) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sophos EMLib Update Agent

    x) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SEMscheduler

    xi) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sophos Management Service

    xii) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sophos Message Router

    xiii)HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\S ervices\SQLAgent$SOPHOS

    xiv)HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Se rvices\MSSQL$SOPHOS


    If the registry keys above are present under controlset001/002/003, then delete those as well.

    i) HKLM|system|currentcontrolset|services|Eventlog|so phos

    ii) HKLM|Software|Sophos


    iii) HKLM|Software|Microsoft|MSSQLServer|client|SuperSo cketNetLib|Last connect|(entry pertaining to sophos)

    iv) HKLM|Software|Microsoft|Microsoft SQL Server (entry 'InstalledInstances' referencing Sophos)

    iv) HKLM|Software|Microsoft|Microsoft SQL Server|SOPHOS

    v) HKLM|Software|Microsoft|Microsoft SQL Server|80|Tools|Service Manager (entry 'Default' referencing Sophos)


    vi) HKLM|Software|Microsoft|Microsoft SQL Server|Component Set (entry'InstanceComponentSet.1={E09B48B5-E141-427A-AB0C-D3605127224A}')




    4) Remove the following directories

    i) \Program Files|Microsoft SQL Server|MSSQL$SOPHOS
    ii) \Program Files|Sophos
    iii) \Program Files|Sophos Enterprise Manager
    iv) \Program Files|Sophos Sweep for NT


    5) Reboot the server.

    If the 'Program Files|Sophos' directory could not been deleted previously, please delete it now.

    6) If you wish, install and run the MSI Cleanup Utility (http://support.microsoft.com/default...b;en-us;290301). NB the MSI Cleanup Utility will only remove the windows installer information for the product. Any associated registry keys/files/services must be removed manually, as above.

    You should now have a system which would allow a clean installation of the control centre to be performed.

  11. Thanks to Skoggmeiger from:

    CHR1S (11th February 2013)

  12. #10
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,462
    Thank Post
    10
    Thanked 496 Times in 436 Posts
    Rep Power
    113

    Re: Uninstalling Sophos

    I hated this about symantec too, I assume its deliberate to lock you into the product. Nod has a remote uninstall too, although I'm very happy with it.

    One thing with Nod, you can keep configs on the mirrors to update all the machines settings when they check for updates. You can't have more than one config on a mirror. I have two mirrors, one for servers (on access disabled for example) and one for normal clients.

  13. #11
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,791
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    118

    Re: Uninstalling Sophos

    Quote Originally Posted by techyphil
    Hey, ive got a wee sophos script that removes it totally that sophos supplied us with.
    Thanks for that Phil... Stored that one for future use..

  14. #12
    ICT_GUY's Avatar
    Join Date
    Feb 2007
    Location
    Weymouth
    Posts
    2,261
    Thank Post
    646
    Thanked 283 Times in 204 Posts
    Rep Power
    104

    Re: Uninstalling Sophos

    Thanks for the help, i'm going to give the uninstall batch file a go on a spare pc today, I will post how it goes once done.

  15. #13
    ICT_GUY's Avatar
    Join Date
    Feb 2007
    Location
    Weymouth
    Posts
    2,261
    Thank Post
    646
    Thanked 283 Times in 204 Posts
    Rep Power
    104

    Re: Uninstalling Sophos

    The batch file worlks like a dream on my test PC, needs running, rebooting & a second run to completely remove Sophos but with a shortcut on the admin desktop this is quick and painless.

  16. #14

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,156
    Thank Post
    116
    Thanked 529 Times in 452 Posts
    Blog Entries
    2
    Rep Power
    124

    Re: Uninstalling Sophos

    Quote Originally Posted by Andi
    Presumably they won't make it easy to remove their product from the whole network...by design.

    Does it have a silent uninstall that you could possibly script at startup via GPO?
    I think you might presume wrong :-)

    Sophos have a tool called Lancet which makes it very easy to remove anti-virus programs. Basically, it has an XML list of virus scanners and details of how to remove them. It nicely removed McAfee for us and I've also briefly tried it with Symantec and it seemed to work!

    One of the reasons we were prepared to go with Sophos was that they promised that they could help us to remove existing virus scanners. That's not a lot of help when you're leaving them but you ought to be able to say to the new company that you want a facility to remove their "opposition" :-)

  17. #15

    witch's Avatar
    Join Date
    Nov 2005
    Location
    Dorset
    Posts
    11,354
    Thank Post
    1,391
    Thanked 2,404 Times in 1,692 Posts
    Rep Power
    708

    Re: Uninstalling Sophos

    srochford - that's a good idea -I will find out if Dorset Council actually thought to ask that question!

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Uninstalling Sophos remotely
    By edie209 in forum How do you do....it?
    Replies: 17
    Last Post: 18th November 2009, 01:52 PM
  2. Uninstalling SQL2000
    By Jobos in forum MIS Systems
    Replies: 8
    Last Post: 21st October 2007, 11:17 PM
  3. Sophos EM
    By in forum Windows
    Replies: 5
    Last Post: 8th August 2006, 09:40 PM
  4. Uninstalling Tests
    By shahidemran in forum ICT KS3 SATS Tests
    Replies: 4
    Last Post: 28th April 2006, 06:39 AM
  5. Uninstalling
    By SpuffMonkey in forum ICT KS3 SATS Tests
    Replies: 6
    Last Post: 8th April 2006, 11:47 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •