Hello all!
First and foremost, this script is for...
- Businesses with dozens if not hundreds or more machines with Sophos
- Managed Service Providers (MSP)
This script is NOT for...
- Non-business/consumer/home/personal flavors and end-users of Sophos products
Other notes:
- This script a DEVELOPER release, meaning it has not thoroughly passed through testing and may result in system instability or a Windows OS that might not boot
- Make system backups before running this script.
- Usage of this script is at YOUR OWN RISK. If your system fails to boot or experiences some issue as a result of this script, restore from backups / fix the problem and post the solution / update the script and post about it
- This script was developed with the intent to specifically remove Sophos Anti-Virus (SAV)
The reason this script was created was because of how incredibly stubborn, resistant, and problematic Sophos business products are for removal through normal and proper means (i.e. removal through Programs and Features). There are cases where following the normal methods of removal are unsuccessful and result in entries from Programs & Features disappearing while leaving remnants if not fully active Sophos installations on systems. When this scenario is encountered and dozens/hundreds of machines are involved it becomes a nightmare for technician labor time (time = $$$) without having any means of automation to aide with removal of Sophos products from client machines (hence the existence of this script).
The reason for release of this script is because of the necessity to involve and receive further development on this script from and by the community.
In my testing of this script on machines that I do not have physical access to I have found that a little more than 50% do not come back online after running this script and rebooting those machines (I do not know why and would appreciate finding out how to overcome this).
For machines that do come back online Sophos is 99-100% gone. In successful removals: (1) in some cases may be a few folders remaining on the system (particularly with some Web Intelligence DLLs and a SAV Temp folder), and (2) WinSock providers may still be present (even if the files no longer exist on the system), this can be verified with the "netsh winsock show catalog" command. Since my focus has been specifically on removal of Sophos Anti-Virus (SAV) I do not expect this script to be 99-100% for other Sophos products, but this script was designed to allow for further development to expand the scope to other Sophos products (and serve as an 'ultimate Sophos removal' script) and improve its reliability in removal.
The script is a single batch script file. To run it, it must be run with elevation (right-click > Run as Administrator).
7Z Archive (password: SOPHOS)
** Content removed **
TXT file (save with .bat extension instead of .txt)
** Content removed **
For courtesy, feel free to scan the script and these URLs with virustotal.com - they are clean.
This thread was automatically locked due to age.
