This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Disabling tamper protection to uninstall old version

I am attempting to uninstall an old version of Sophos Endpoint Protection from a client's PCs, but I do not know what the tamper protection password was set to. I've found some powershell scripts that have worked for me in the past, but they don't seem to be working for me this time. How can I uninstall this Sophos client so I can install the new client through Sophos Central?

 

For reference, the powershell scripts are:

 

Get-Service *SAV*, *Sophos* | Format-Table -Wrap -AutoSize

Get-Service SAVService,SAVAdminService, 'Sophos AutoUpdate Service', 'Sophos Web Control Service' | where {$_.status -eq 'running'} | Stop-Service -force

Get-Content ('C:\ProgramData\Sophos\Sophos Anti-Virus\Config\machine.xml').Replace('8EXXXXXXXXXXXXXXXXXXXXX1AD02', 'E8F97FBA9104D1EA5047948E6DFB67FACD9F5B73') | Set-Content 'C:\ProgramData\Sophos\Sophos Anti-Virus\Config\machine.xml'

 

When I run them, I get one of two errors during the last script. Either .Replace is an invalid command for SetObject[], or else it tells me it can't access machine.xml because it is already being used by another process. I have checked, and all Sophos related things are disabled in services as well as on start up.



This thread was automatically locked due to age.
  • Are you able to stop the Sophos Anti-Virus service even from Services.msc?  I see it's trying to update machine.xml.  The process that interacts with that is SAVService so if the second command isn't stopping the service that might explain it.

    Regards,

    Jak

  • Did you ever find a resolution?  I'm in the process of migrating our environment as well and can't get about 100 machines because they are Tamper Protected and the last system administrator didn't leave the password to disable.