Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 14 subscribers
  • Views 2196 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Third-Party Security Software Detection could not be installed

mmartinez

Hello,

I am having issues with Sophos Endpoint Advance 10.8.11.3 because even though I uninstalled Kaspersky in my machine it still detects it, at least that's what it says in avremove.log:

10 Jan 2022 09:42:36 Info: Detected Kaspersky Security Center Network Agent version 9.x, 10.x
10 Jan 2022 09:42:36 Info: Detected Kaspersky Security Center 10 Network Agent
10 Jan 2022 09:42:36 Info: ==============================================
10 Jan 2022 09:42:36 Info: Removing detected products...
10 Jan 2022 09:42:36 Info: Checking to see if Kaspersky Security Center Network Agent version 9.x, 10.x is installed
10 Jan 2022 09:42:36 Info: Starting removal of Kaspersky Security Center Network Agent version 9.x, 10.x
10 Jan 2022 09:42:36 Info: Creating new process C:\Windows\System32\\MsiExec.exe /X {BCF4CF24-88AB-45E1-A6E6-40C8278A70C5} /q REBOOT=ReallySuppress /Q
10 Jan 2022 09:42:36 Info: Removal process ended normally: exit code 1603
10 Jan 2022 09:42:36 Failure: Removal of Kaspersky Security Center Network Agent version 9.x, 10.x failed, last error 0
10 Jan 2022 09:42:36 Failure: Return code 1603
10 Jan 2022 09:42:36 Failure: There was a problem running the removal script. Details: [Errno 13] Permission denied: 'C:\\ProgramData\\Sophos\\Sophos Anti-Virus\\AVRemoveTelem.json'
10 Jan 2022 09:42:36 Failure: There was a problem running removal script. Details:
Traceback (most recent call last):
  File "CompetitorRemoval\AVDetectRemove.py", line 273, in avDetectRemove
  File "CompetitorRemoval\AVDetectRemove.py", line 452, in removeProducts
  File "CompetitorRemoval\AVDetectRemove.py", line 351, in ProcessRemovedCompetitorTelemetry
PermissionError: [Errno 13] Permission denied: 'C:\\ProgramData\\Sophos\\Sophos Anti-Virus\\AVRemoveTelem.json'

Sophos Anti-Virus software detector - Version 2.19.0.142
Copyright (C) 2003-2022 Sophos Limited. All rights reserved.
Running OS: Microsoft Windows 10  [Version 10.00.19043]
Removing detected products...

There was a problem running the Competitor Removal tool
There was a problem running the removal script. Details: [Errno 13] Permission denied: 'C:\\ProgramData\\Sophos\\Sophos Anti-Virus\\AVRemoveTelem.json'

What can I do about it?



This thread was automatically locked due to age.
Parents
  • 0

    I would suggest:

    1. From the CRT directory, run from an admin prompt:

    avremove.exe -t -d

    2.Once complete, check the log:

    %temp%\avremove.log

    Search down the log for the text:

    detected

    E.g.

    10 Jan 2022 17:14:08 Debug: Opening key SOFTWARE\Microsoft\Windows\CurrentVersion\Installer (64-bit)
    10 Jan 2022 17:14:08 Debug: Opening key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bitdefender
    10 Jan 2022 17:14:08 Debug: Opening key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bitdefender (64-bit)
    10 Jan 2022 17:14:08 Debug: Key Bitdefender was found
    10 Jan 2022 17:14:08 Debug: Product in key Bitdefender not a Windows Installer package, treating as a standard uninstall
    10 Jan 2022 17:14:08 Info: Detected BitDefender version 18.20.x

    The proceeding lines will tell you what is being found. E.g. the registry key/value.

  • 0 in reply to Sophos User930

    Hello,

    This is what is detected:

    10 Jan 2022 11:45:42 Debug: Opening key SOFTWARE\Microsoft\Windows\CurrentVersion\Installer (64-bit)
    10 Jan 2022 11:45:42 Debug: Opening key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BCF4CF24-88AB-45E1-A6E6-40C8278A70C5}
    10 Jan 2022 11:45:42 Debug: Key {BCF4CF24-88AB-45E1-A6E6-40C8278A70C5} was found
    10 Jan 2022 11:45:42 Info: Detected Kaspersky Security Center Network Agent version 9.x, 10.x

    Should I just delete these registry keys and try again?

    EDIT: I removed it successfully using this tool from Kaspersky: https://support.kaspersky.com/13088

    Thanks Sophos User930 for providing this information, I needed the exact registry key path in order to verify if I needed the removal tool.



    Added solution.
    [edited by: mmartinez at 6:26 PM (GMT -8) on 10 Jan 2022]
Reply
  • 0 in reply to Sophos User930

    Hello,

    This is what is detected:

    10 Jan 2022 11:45:42 Debug: Opening key SOFTWARE\Microsoft\Windows\CurrentVersion\Installer (64-bit)
    10 Jan 2022 11:45:42 Debug: Opening key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BCF4CF24-88AB-45E1-A6E6-40C8278A70C5}
    10 Jan 2022 11:45:42 Debug: Key {BCF4CF24-88AB-45E1-A6E6-40C8278A70C5} was found
    10 Jan 2022 11:45:42 Info: Detected Kaspersky Security Center Network Agent version 9.x, 10.x

    Should I just delete these registry keys and try again?

    EDIT: I removed it successfully using this tool from Kaspersky: https://support.kaspersky.com/13088

    Thanks Sophos User930 for providing this information, I needed the exact registry key path in order to verify if I needed the removal tool.



    Added solution.
    [edited by: mmartinez at 6:26 PM (GMT -8) on 10 Jan 2022]
Children
Unfiltered HTML