How to Run the Sophos ZAP Tool

Hi Community, 

In this video Jelan from Sophos Support shows you how to use the Sophos ZAP tool to remove Sophos Endpoint or Server Protection Software from a Windows Device.

More videos available on Sophos Techvids!
 
Have an idea or suggestion regarding our Documentation, Knowledgebase, or Videos? Please visit our User Assistance forum on the Community to share your feedback! https://community.sophos.com/community-chat/f/user-assistance-feedback


.
[edited by: FloSupport at 6:06 AM (GMT -7) on 18 May 2021]

Top Replies

  • I did follow the video on the YouTube channel and this is the result

    Microsoft Windows [Version 10.0.19041.572]
    (c) 2020 Microsoft Corporation. All rights reserved.

    C:\WINDOWS\system32>cd c:\Sophoszap

    c:\SophosZap>sophoszap --confirm
    Sophos Zap v1.0 - Uninstall Sophos Endpoint software
    Copyright 2019 Sophos Limited. All rights reserved.

    Extracting to temporary folder: C:\Users\lmrei\AppData\Local\Temp\SophosZap-673788389
    Logging to 'C:\Users\lmrei\AppData\Local\Temp\Sophos Windows Endpoint Zap log.txt'
    An error occurred. See log file for errors.

    c:\SophosZap>

  • I went to check out the log file and this is the information on that file

    Went to 'C:\Users\lmrei\AppData\Local\Temp\Sophos Windows Endpoint Zap log.txt'

     

    The Sophos windows endpoint logs I found stated

     

    2020-12-06T22:00:11.321Z 4708 INFO : ==== Started C:\\Users\\lmrei\\AppData\\Local\\Temp\\SophosZap-673788389\\SophosZapHelper.exe ====

    2020-12-06T22:00:11.322Z 4708 INFO : Running version 1.0.1853.0

    2020-12-06T22:00:11.330Z 4708 INFO : Parent process ID: 6372

    2020-12-06T22:00:11.330Z 4708 INFO : Running Zap functionality on 64 bit operating system

    2020-12-06T22:00:11.331Z 4708 INFO : Intialising COM subsystem.

    2020-12-06T22:00:11.334Z 4708 INFO : Performing prerequisite checks.

    2020-12-06T22:00:11.337Z 4708 INFO : Checking for presence of incompatible software: Sophos SafeGuard

    2020-12-06T22:00:11.340Z 4708 INFO : Checking for presence of incompatible software: AD Sync

    2020-12-06T22:00:11.341Z 4708 INFO : Checking for presence of incompatible software: SAV NetApp

    2020-12-06T22:00:11.341Z 4708 INFO : Checking for presence of incompatible software: Sophos PureMessage for Exchange

    2020-12-06T22:00:11.342Z 4708 INFO : Checking for presence of incompatible software: Sophos for Microsoft SharePoint

    2020-12-06T22:00:11.343Z 4708 INFO : Checking for presence of incompatible software: SAVDI

    2020-12-06T22:00:11.343Z 4708 INFO : Checking for presence of incompatible software: Sophos Enterprise Console

    2020-12-06T22:00:11.344Z 4708 INFO : Checking for presence of incompatible software: Sophos Transparent Authentication Suite

    2020-12-06T22:00:11.344Z 4708 INFO : Checking for presence of incompatible software: Sophos IPsec Client

    2020-12-06T22:00:11.345Z 4708 INFO : Checking for presence of incompatible software: Sophos Connect

    2020-12-06T22:00:11.345Z 4708 INFO : Checking for presence of incompatible software: Sophos Connect Admin

    2020-12-06T22:00:11.345Z 4708 INFO : Checking for presence of incompatible software: Sophos Update Manager

    2020-12-06T22:00:11.346Z 4708 INFO : Checking for presence of incompatible software: Invincea

    2020-12-06T22:00:11.346Z 4708 INFO : Checking for presence of incompatible software: Sophos Network Access Control

    2020-12-06T22:00:11.347Z 4708 INFO : Checking for presence of incompatible RMS Server

    2020-12-06T22:00:11.347Z 4708 INFO : Sophos Endpoint Defense is installed.

    2020-12-06T22:00:11.348Z 4708 INFO : Value 'SEDEnabled' under key 'SYSTEM\\CurrentControlSet\\services\\Sophos Endpoint Defense\\TamperProtection\\Config' is set to 1.

    2020-12-06T22:00:11.348Z 4708 INFO : Value 'IgnoreSAV' under key 'SYSTEM\\CurrentControlSet\\services\\Sophos Endpoint Defense\\TamperProtection\\Config' is set to 1.

    2020-12-06T22:00:11.349Z 4708 INFO : Tamper-protected by SED.

    2020-12-06T22:00:11.349Z 4708 ERROR : Zapper does not run with tamper protection on

    2020-12-06T22:00:11.349Z 4708 INFO : Outcome error flag: 1

    2020-12-06T22:00:11.350Z 4708 INFO : Outcome reboot required: 0

    2020-12-06T22:00:11.350Z 4708 INFO : Summary of errors, see above for details:

    2020-12-06T22:00:11.351Z 4708 INFO : Failure reason: Zapper does not run with tamper protection on

    I am running Sophos Home free edition and I can not find any way to disable the tamper protection from the information that I have found so far.  There is no option that I can find.

  • Hey ,

    The error you are getting is due to tamper protection which is currently enabled on your endpoint. Before running ZAP, ensure to disable tamper protection first. You may refer to this Article on how to disable tamper protection and once succeeded, you may now proceed on running sophos ZAP.

    GlennSen 
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • ZAP has been a very handy tool! Much more efficient than cleaning everything up manually.