I have been tasked with uninstalling Sophos on over 1,000 endpoints and I am not sure the best way to go about it.
While in central.sophos.com, clicking on a computer, this is what I see installed on it:
Is there anything that I can do from Sophos central, for example, see the red underline in image below. i.e. can I uninstall the software from each endpoint from here? What does delete do?
If I can't uninstall from Sophos Central, what approach would you recommend for uninstalling on all 1,000+ Endpoints. I'd imagine there must be a solution here other than manually going on each computer and uninstalling it.
Thanks for your help.
Thanks for reaching out to the Sophos Community Forum.
If you're looking to remove Sophos from all devices in your environment, starting with the UI you highlighted here would be a good idea…
If you're looking to remove Sophos from all devices in your environment, starting with the UI you highlighted here would be a good idea. You can select "No protection (Remove any current protection)".
Once these components are removed, the device will need to be rebooted, otherwise, the next step may not succeed.
Now, the number of items needing to be removed from the devices will be much fewer, and the uninstall process will be much quicker. You can then remove all remaining components by running the following command line.- C:\Program Files\Sophos\Sophos Endpoint Agent\uninstallcli.exe
You can use the following guide to create a startup or shutdown script to run the uninstall command as well. - Sophos Central Windows Endpoint: Automate the software deployment to computers
The uninstallcli.exe will also work to uninstall all components for you, though users may see some UI windows come up asking for reboots to be performed.
Thanks for the reply. One issue I ran into is that we can't uninstall without turning tamper protection off.
Is there a way to turn off tamper protection on all devices quickly like you can with uninstalling services in sophos central? The only way that I see to turn off tamper protection is to (while in sophos central) click on an individual device and turn it off.
You can turn off Tamper Protection from the menu under "Global Settings > Tamper Protection". This will disable Tamper Protection on all devices, both endpoints and servers.
You may need to wait a few minutes for the devices to check in with Sophos Central to update their respective policies to apply this change.
Last question then I think I'm good to go.
If I wanted to automate the uninstall process as outlined in the link you shared about automating the install, the only line in the .bat file that I create would need to be the following, correct?
- "C:\Program Files\Sophos\Sophos Endpoint Agent\uninstallcli.exe”
That's correct, yes. You won’t need the dash in the beginning though you will need to enclose the command with quotations so that the file path is understood correctly.