This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

My Sophos Client Removal Tool

After having many issues with attempting various forms of Sophos Client removal, I decided to attempt to write my own removal script\tool. This tool will close all Sophos related tasks, stop all Sophos services, and then search the 32 and 64 bit registry hives for the uninstall strings. The strings are passed to variables that enforce the silent removal of the various portions of the Sophos products. Then, the Sophos directories in Program Files, Program Files (x86), and ProgramData are removed, and all related services are deleted. 


Please feel free to use, share, and update the tool as you see fit.  It may not be perfect, but in our environment it definitely has been getting the job done. I hope this helps all of you who are having issues with the removal of the Sophos Client!

Note: This tool is for WINDOWS Only!

I have verified this works on Windows 7, 8.1, 10, and all versions of Windows Server from 2008 R2 through Server 2019

This thread was automatically locked due to age.
  • Hi  

    Thank you for sharing this with our Community! :)

    Obligatory Note: User submitted tools are not supported by Sophos Support. Use at your own risk.


    Global Community Manager, Support & Services

    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the 'Verify Answer' button.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • I would love to see Sophos to consider such posts and use it to understand out issues. 


    Un Install of Sophos has been an Painfull task, if you try 5 Broken Clients - Atleast 3 of them are a pain even if u disable tamper and try a R-Install. 

    Hope Sophos created a uninstall Tool which uses tamper code as Authentication . If tamper code is SUCESS then iut should do a CLEAN WIPE of the AV from system. 

  • Skyisbluescreen,


    I know exactly the pain you are talking about. That is exactly why I created this script and exe tool; I got so fed up that I just kept pounding away until I came up with something that jsut worked. Give this a shot, and if it works out for you let me know. I am open to making any and all changes needed, or you can grab the powershell code and tweak it till it works for you. Just give me props if you modify the code and release it as your own haha!

    Best of luck, and I REALLY hope this tool works for you as well as it has for us!

  • I understand that Sophos development are currently working on an official removal tool for cases where the regular uninstaller (as run from Programs and Features) does not work successfully or only partially.  It's not going to be designed to bypass tamper protection but is designed to clear out anything that can prevent a successul re-install.

    I understand in the next couple of months we might see something.


  • Thanks Drew. Running 10K Devices with these ENDPOINT and issues like these across Globe is really painful to address.

    For the P.S Script. Sure will do, Thank you. :) 

  • Dear Jak,


    Its been more than 2 Years. I had put a similar feature request when we were on PREMISE VERSION. I had the same responce we are working on it.


    A Broken Client of Sophos needs a RE INSTALL 9 out of 10 Times. Re Installs should be straight forward when the Device authenticates the TAMPER CODE post that it should be seamless.

    However its really hard.

    Reporting to Support is loop as it goes by the process.

    Like Give the SDU- Try This - Try That-Sorry we have reported this incident to our LAB-DEV Team and requested them to address in future Updates


    Sophos Features are Quite Impressive but some basic functionalities are missing.

  • anyone try this and got good results?