This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

how to remove Sophos from Windows without Admin password

Got hit with Ransomware (from a Google Adwords link BTW - beware the ad click)

From Windows Safe Mode installed Sophos Endpoint because I couldn't find anything else on their site.  

Thought I had provided an Admin password - 12345678ABC (not the actual password)

After going through ungodly hell, decided to try to remove Sophos.  It asks for the Admin password and will not accept the password I provided.

Cannot uninstall, cannot stop the services.

Sophos is blocking absolutely everything.  

How do I remove Sophos?  I don't like the experience, I don't like what it's doing.  I just want it gone and I'll happily go back to BitDefender or what-have-you.



This thread was automatically locked due to age.
  • There appears to be a lack of willingness on the part of Sophos to provide any information on how to remove their Endpoint product.  Perhaps I've been talking to the wrong people?  Regardless, I've put in as much time as I'm able.

    **PLEASE NOTE: I am not an IT professional. Just an average person who accidentally installed this Sophos product and I don't want it.  My solution is not elegant and is most likely the worst way to go about fixing the problem.  Regardless, it worked.  Would you be kind enough to let know a better/cleaner way?

    Windows 10 on Acer laptop i5 with 8GB RAM, dual boot (Linux Ubuntu and Windows 10)

     

     

    Boot Windows to Safe Mode.

    Deleted all the Sophos folders and files I could find. 

    \Program Files

    \Program Files (x86)

    \Program Data

    (I did not find anything "obvious" in AppData)

    Changed permissions/ownership whenever and wherever required. Some files could not be accessed due to permissions/ownership

    Opened services.msc and set all Sophos services to "manual" (one remained unchangeable). Closed services.msc and then re-opened and set all Sophos services from manual to "disabled"

    Rebooted to Safe Mode

    Opened regedit, searched for "Sophos" and deleted all entries I could find.

    Ran CCleaner as Administrator and cleaned out registry again.

    Booted to Linux and opened the Windows partition.

    Changed permissions of the remaining files and deleted them (Guess I could have done it all in Linux in one step ??)

    Rebooted to Windows. Sophos appears to be gone and I have control over my computer again.

     

    Hope that's of use to anyone else who encounters the same problem.  Thank you.

  • Whenever I tried that, I was asked to disabled the protection - for which I did not have the password.

    Unfortunately, no.

    However, I did managed to clean Sophos out (see my reply to my own post).  Not exactly the most elegant approach ;-(

  • p.s. My sincerest apologies - I was so wrapped up in what I was doing that I neglected to thank you very much for the link and help.  It's gratefully appreciated.  Thank you Jak