This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Third-Party Security Software Detection could not be installed

Hello,

I am having issues with Sophos Endpoint Advance 10.8.11.3 because even though I uninstalled Kaspersky in my machine it still detects it, at least that's what it says in avremove.log:

10 Jan 2022 09:42:36 Info: Detected Kaspersky Security Center Network Agent version 9.x, 10.x
10 Jan 2022 09:42:36 Info: Detected Kaspersky Security Center 10 Network Agent
10 Jan 2022 09:42:36 Info: ==============================================
10 Jan 2022 09:42:36 Info: Removing detected products...
10 Jan 2022 09:42:36 Info: Checking to see if Kaspersky Security Center Network Agent version 9.x, 10.x is installed
10 Jan 2022 09:42:36 Info: Starting removal of Kaspersky Security Center Network Agent version 9.x, 10.x
10 Jan 2022 09:42:36 Info: Creating new process C:\Windows\System32\\MsiExec.exe /X {BCF4CF24-88AB-45E1-A6E6-40C8278A70C5} /q REBOOT=ReallySuppress /Q
10 Jan 2022 09:42:36 Info: Removal process ended normally: exit code 1603
10 Jan 2022 09:42:36 Failure: Removal of Kaspersky Security Center Network Agent version 9.x, 10.x failed, last error 0
10 Jan 2022 09:42:36 Failure: Return code 1603
10 Jan 2022 09:42:36 Failure: There was a problem running the removal script. Details: [Errno 13] Permission denied: 'C:\\ProgramData\\Sophos\\Sophos Anti-Virus\\AVRemoveTelem.json'
10 Jan 2022 09:42:36 Failure: There was a problem running removal script. Details:
Traceback (most recent call last):
  File "CompetitorRemoval\AVDetectRemove.py", line 273, in avDetectRemove
  File "CompetitorRemoval\AVDetectRemove.py", line 452, in removeProducts
  File "CompetitorRemoval\AVDetectRemove.py", line 351, in ProcessRemovedCompetitorTelemetry
PermissionError: [Errno 13] Permission denied: 'C:\\ProgramData\\Sophos\\Sophos Anti-Virus\\AVRemoveTelem.json'

Sophos Anti-Virus software detector - Version 2.19.0.142
Copyright (C) 2003-2022 Sophos Limited. All rights reserved.
Running OS: Microsoft Windows 10  [Version 10.00.19043]
Removing detected products...

There was a problem running the Competitor Removal tool
There was a problem running the removal script. Details: [Errno 13] Permission denied: 'C:\\ProgramData\\Sophos\\Sophos Anti-Virus\\AVRemoveTelem.json'

What can I do about it?



This thread was automatically locked due to age.
Parents
  • I would suggest:

    1. From the CRT directory, run from an admin prompt:

    avremove.exe -t -d

    2.Once complete, check the log:

    %temp%\avremove.log

    Search down the log for the text:

    detected

    E.g.

    10 Jan 2022 17:14:08 Debug: Opening key SOFTWARE\Microsoft\Windows\CurrentVersion\Installer (64-bit)
    10 Jan 2022 17:14:08 Debug: Opening key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bitdefender
    10 Jan 2022 17:14:08 Debug: Opening key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bitdefender (64-bit)
    10 Jan 2022 17:14:08 Debug: Key Bitdefender was found
    10 Jan 2022 17:14:08 Debug: Product in key Bitdefender not a Windows Installer package, treating as a standard uninstall
    10 Jan 2022 17:14:08 Info: Detected BitDefender version 18.20.x

    The proceeding lines will tell you what is being found. E.g. the registry key/value.

  • Hello,

    This is what is detected:

    10 Jan 2022 11:45:42 Debug: Opening key SOFTWARE\Microsoft\Windows\CurrentVersion\Installer (64-bit)
    10 Jan 2022 11:45:42 Debug: Opening key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BCF4CF24-88AB-45E1-A6E6-40C8278A70C5}
    10 Jan 2022 11:45:42 Debug: Key {BCF4CF24-88AB-45E1-A6E6-40C8278A70C5} was found
    10 Jan 2022 11:45:42 Info: Detected Kaspersky Security Center Network Agent version 9.x, 10.x

    Should I just delete these registry keys and try again?

    EDIT: I removed it successfully using this tool from Kaspersky: https://support.kaspersky.com/13088

    Thanks Sophos User930 for providing this information, I needed the exact registry key path in order to verify if I needed the removal tool.



    Added solution.
    [edited by: mmartinez at 6:26 PM (GMT -8) on 10 Jan 2022]
  • If the removal tool you used has removed all of the files and folders corresponding to the competitor product, it is safe to delete the registry keys mentioned. 

    Once this is done, you can trigger an update from the Sophos UI to allow the installation to complete fully.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply Children
No Data