This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote removal of Sophos Endpoint Via Bat file and GPO

Hi,

I am trying to remove Sophos Endpoint Security for one of the companies we look after who are going to be supported by another company soon who will be installing their own AV.

I've see already that this can't be done from the Partner Portal and that it requires a bat file and a GPO created to run it as a startup script. As such I've been looking at https://community.sophos.com/kb/en-us/109668 to try and achieve this.

However I've hit a couple of problems. 1) I can't find some of the endpoint components that the article lists (see below) and 2) For some of the uninstall strings it doesn't have something like MsiExec.exe /X {9ACB414D-9347-40B6-A453-5EFB2DB59DFA} it has an uninstall path such as C:\Program Files\Sophos\Endpoint Defense\uninstall.exe - can anyone help / advise on this? Thanks.

 

Here's the list in the article with the uninstall strings / paths I've found beneath them:

Sophos Patch Agent

Sophos Compliance Agent (NAC)

Sophos Network Threat Protection (NTP)

MsiExec.exe /X{604350BF-BE9A-4F79-B0EB-B1C22D889E2D}

Sophos System Protection (SSP)

Sophos Client Firewall (SCF)

Sophos Anti-Virus (SAV)

MsiExec.exe /X{6CA90A07-433B-4859-A785-006771D72109}

Sophos Exploit Prevention (SEP)

Sophos Remote Management System (RMS)

Sophos Management Communication System (MCS)

Sophos AutoUpdate (SAU)

Sophos Endpoint Defense (SED)

C:\Program Files\Sophos\Endpoint Defense\uninstall.exe

 

Here's the details I've found in the registry which include the ones above and also ones I haven't been able to match up to anything:-

x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

Sophos Endpoint Firewall
MsiExec.exe /X{2831282D-8519-4910-B339-2302840ABEF3}

Sophos Network Threat Protection
MsiExec.exe /X{604350BF-BE9A-4F79-B0EB-B1C22D889E2D}

Sophos Endpoint Self Help
MsiExec.exe /X{9F69FA12-E3FE-4754-B7E3-B4DEEC8F6B5D}

Sophos Endpoint
MsiExec.exe /X{D29542AE-287C-42E4-AB28-3858E13C1A3E}

x64
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

Sophos Diagnostic Utility
MsiExec.exe /X{4627F5A1-E85A-4394-9DB3-875DF83AF6C2}

Sophos Anti-Virus
MsiExec.exe /X{6CA90A07-433B-4859-A785-006771D72109}

Sophos AutoUpdate XG
MsiExec.exe /X{72E136F7-3751-422E-AC7A-1B2E46391909}

Sophos Health
MsiExec.exe /X{E44AF5E6-7D11-4BDF-BEA8-AA7AE5FE6745}

Log File Creation
MsiExec.exe /X{9ACB414D-9347-40B6-A453-5EFB2DB59DFA} /qn REBOOT=SUPPRESS /L*v %windir%\Temp\Uninstall_SAV9-10_Log.txt

--------------------------------------------------------------

Sophos File Scanner
C:\Program Files\Sophos\Sophos File Scanner\Uninstall.exe

Sophos Clean
C:\Program Files (x86)\Sophos\Clean\uninstall.exe

Sophos Endpoint Agent
C:\Program Files\Sophos\Sophos Endpoint Agent\uninstallgui.exe

Sophos Endpoint Defense
C:\Program Files\Sophos\Endpoint Defense\uninstall.exe

Sophos Standalone Engine
C:\Program Files\Sophos\Sophos Standalone Engine\Uninstall.exe



This thread was automatically locked due to age.
Parents
  • I am also trying to remove Sophos like this here is what I have gathered but I can get it to run on the GPO yet 

     

    @ECHO OFF
    net stop "Sophos AutoUpdate Service"
    net stop "SAVService"
    MsiExec.exe /X{5565E71F-091B-42B8-8514-7E8944860BFD} /qn REBOOT=ReallySuppress
    MsiExec.exe /X{66967E5F-43E8-4402-87A4-04685EE5C2CB} /qn REBOOT=ReallySuppress
    MsiExec.exe /X{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6} /qn REBOOT=ReallySuppress
    MsiExec.exe /X{C4EDC7DA-3AF8-4E99-ACAC-4C1A70F88CFB} /qn REBOOT=ReallySuppress
    MsiExec.exe /X{FED1005D-CBC8-45D5-A288-FFC7BB304121} /qn REBOOT=ReallySuppress
    MsiExec.exe /X{AFBCA1B9-496C-4AE6-98AE-3EA1CFF65C54} /qn REBOOT=ReallySuppress
    MsiExec.exe /X{5565E71F-091B-42B8-8514-7E8944860BFD} /qn REBOOT=ReallySuppress
    MsiExec.exe /X{66967E5F-43E8-4402-87A4-04685EE5C2CB} /qn REBOOT=ReallySuppress
    MsiExec.exe /X{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6} /qn REBOOT=ReallySuppress
    MsiExec.exe /X{C4EDC7DA-3AF8-4E99-ACAC-4C1A70F88CFB} /qn REBOOT=ReallySuppress
    MsiExec.exe /X{FED1005D-CBC8-45D5-A288-FFC7BB304121} /qn REBOOT=ReallySuppress
    MsiExec.exe /X{AFBCA1B9-496C-4AE6-98AE-3EA1CFF65C54} /qn REBOOT=ReallySuppress
    MsiExec.exe /qn /X{7CD26A0C-9B59-4E84-B5EE-B386B2F7AA16} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{BCF53039-A7FC-4C79-A3E3-437AE28FD918} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{9D1B8594-5DD2-4CDC-A5BD-98E7E9D75520} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{AFBCA1B9-496C-4AE6-98AE-3EA1CFF65C54} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{E82DD0A8-0E5C-4D72-8DDE-41BB0FC06B3E} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{72E136F7-3751-422E-AC7A-1B2E46391909} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{8123193C-9000-4EEB-B28A-E74E779759FA} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{36333618-1CE1-4EF2-8FFD-7F17394891CE} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{DFDA2077-95D0-4C5F-ACE7-41DA16639255} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{CA3CE456-B2D9-4812-8C69-17D6980432EF} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{CA524364-D9C5-4804-92DE-2800BDAC1AA4} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{3B998572-90A5-4D61-9022-00B288DD755D} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{4BAF6F55-FFE4-4A3A-8367-CC2EBB0F11C3} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{BA8752FE-75E5-43DD-9913-23509EFEB409} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{72E30858-FC95-4C87-A697-670081EBF065} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{66967E5F-43E8-4402-87A4-04685EE5C2CB} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{2519A41E-5D7C-429B-B2DB-1E943927CB3D} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{6654537D-935E-41C0-A18A-C55C2BF77B7E} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{934BEF80-B9D1-4A86-8B42-D8A6716A8D27} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{604350BF-BE9A-4F79-B0EB-B1C22D889E2D} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{A5CCEEF1-B6A7-4EB4-A826-267996A62A9E} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{D5BC54B8-1DA1-44F4-AE6F-86E05CDB0B44} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{E44AF5E6-7D11-4BDF-BEA8-AA7AE5FE6745} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{4627F5A1-E85A-4394-9DB3-875DF83AF6C2} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{DFFA9361-3625-4219-82C2-9EF011E433B1} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{A1DC5EF8-DD20-45E8-ABBD-F529A24D477B} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{1FFD3F20-5D24-4C9A-B9F6-A207A53CF179} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{D875F30C-B469-4998-9A08-FE145DD5DC1A} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{2C14E1A2-C4EB-466E-8374-81286D723D3A} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{D29542AE-287C-42E4-AB28-3858E13C1A3E} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{2831282D-8519-4910-B339-2302840ABEF3} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{4EFCDD15-24A2-4D89-84A4-857D1BF68FA8} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{BB36D9C2-6AE5-4AB2-BC91-ECD247092BD8} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{77F92E90-ED4F-4CFF-8F60-3E3E4AEB705C} REBOOT=ReallySuppress
    "C:\Program Files (x86)\Sophos\Management Communication System\Endpoint\uninstall.exe" /uninstall /quiet
    "C:\Program Files\Sophos\Management Communication System\Endpoint\uninstall.exe" /uninstall /quiet
    C:\Program Files\Sophos\Endpoint Defense\uninstall.exe
    C:\Program Files\Sophos\Sophos Endpoint Agent\uninstallcli.exe
    "C:\Program Files\Sophos\Sophos File Scanner\Uninstall.exe"
    "C:\Program Files\Sophos\Sophos Standalone Engine\uninstall.exe"
    "C:\Program Files\Sophos\Sophos ML Engine\uninstall.exe"
    "C:\Program Files\Sophos\Sophos Endpoint Agent\uninstallgui.exe"
    "C:\Program Files (x86)\Sophos\Clean\uninstall.exe"
    "C:\Program Files\Sophos\Endpoint Defense\uninstall.exe"
    "C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe" /uninstall /quiet
    "C:\Program Files (x86)\HitmanPro.Alert\uninstall.exe"
    "C:\Program Files\HitmanPro\HitmanPro.exe" /uninstall /quietC:\Program Files\Sophos\Endpoint Defense\uninstall.exe

     

Reply
  • I am also trying to remove Sophos like this here is what I have gathered but I can get it to run on the GPO yet 

     

    @ECHO OFF
    net stop "Sophos AutoUpdate Service"
    net stop "SAVService"
    MsiExec.exe /X{5565E71F-091B-42B8-8514-7E8944860BFD} /qn REBOOT=ReallySuppress
    MsiExec.exe /X{66967E5F-43E8-4402-87A4-04685EE5C2CB} /qn REBOOT=ReallySuppress
    MsiExec.exe /X{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6} /qn REBOOT=ReallySuppress
    MsiExec.exe /X{C4EDC7DA-3AF8-4E99-ACAC-4C1A70F88CFB} /qn REBOOT=ReallySuppress
    MsiExec.exe /X{FED1005D-CBC8-45D5-A288-FFC7BB304121} /qn REBOOT=ReallySuppress
    MsiExec.exe /X{AFBCA1B9-496C-4AE6-98AE-3EA1CFF65C54} /qn REBOOT=ReallySuppress
    MsiExec.exe /X{5565E71F-091B-42B8-8514-7E8944860BFD} /qn REBOOT=ReallySuppress
    MsiExec.exe /X{66967E5F-43E8-4402-87A4-04685EE5C2CB} /qn REBOOT=ReallySuppress
    MsiExec.exe /X{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6} /qn REBOOT=ReallySuppress
    MsiExec.exe /X{C4EDC7DA-3AF8-4E99-ACAC-4C1A70F88CFB} /qn REBOOT=ReallySuppress
    MsiExec.exe /X{FED1005D-CBC8-45D5-A288-FFC7BB304121} /qn REBOOT=ReallySuppress
    MsiExec.exe /X{AFBCA1B9-496C-4AE6-98AE-3EA1CFF65C54} /qn REBOOT=ReallySuppress
    MsiExec.exe /qn /X{7CD26A0C-9B59-4E84-B5EE-B386B2F7AA16} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{BCF53039-A7FC-4C79-A3E3-437AE28FD918} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{9D1B8594-5DD2-4CDC-A5BD-98E7E9D75520} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{AFBCA1B9-496C-4AE6-98AE-3EA1CFF65C54} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{E82DD0A8-0E5C-4D72-8DDE-41BB0FC06B3E} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{72E136F7-3751-422E-AC7A-1B2E46391909} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{8123193C-9000-4EEB-B28A-E74E779759FA} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{36333618-1CE1-4EF2-8FFD-7F17394891CE} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{DFDA2077-95D0-4C5F-ACE7-41DA16639255} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{CA3CE456-B2D9-4812-8C69-17D6980432EF} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{CA524364-D9C5-4804-92DE-2800BDAC1AA4} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{3B998572-90A5-4D61-9022-00B288DD755D} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{4BAF6F55-FFE4-4A3A-8367-CC2EBB0F11C3} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{BA8752FE-75E5-43DD-9913-23509EFEB409} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{72E30858-FC95-4C87-A697-670081EBF065} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{66967E5F-43E8-4402-87A4-04685EE5C2CB} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{2519A41E-5D7C-429B-B2DB-1E943927CB3D} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{6654537D-935E-41C0-A18A-C55C2BF77B7E} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{934BEF80-B9D1-4A86-8B42-D8A6716A8D27} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{604350BF-BE9A-4F79-B0EB-B1C22D889E2D} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{A5CCEEF1-B6A7-4EB4-A826-267996A62A9E} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{D5BC54B8-1DA1-44F4-AE6F-86E05CDB0B44} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{E44AF5E6-7D11-4BDF-BEA8-AA7AE5FE6745} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{4627F5A1-E85A-4394-9DB3-875DF83AF6C2} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{DFFA9361-3625-4219-82C2-9EF011E433B1} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{A1DC5EF8-DD20-45E8-ABBD-F529A24D477B} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{1FFD3F20-5D24-4C9A-B9F6-A207A53CF179} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{D875F30C-B469-4998-9A08-FE145DD5DC1A} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{2C14E1A2-C4EB-466E-8374-81286D723D3A} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{D29542AE-287C-42E4-AB28-3858E13C1A3E} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{2831282D-8519-4910-B339-2302840ABEF3} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{4EFCDD15-24A2-4D89-84A4-857D1BF68FA8} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{BB36D9C2-6AE5-4AB2-BC91-ECD247092BD8} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{77F92E90-ED4F-4CFF-8F60-3E3E4AEB705C} REBOOT=ReallySuppress
    "C:\Program Files (x86)\Sophos\Management Communication System\Endpoint\uninstall.exe" /uninstall /quiet
    "C:\Program Files\Sophos\Management Communication System\Endpoint\uninstall.exe" /uninstall /quiet
    C:\Program Files\Sophos\Endpoint Defense\uninstall.exe
    C:\Program Files\Sophos\Sophos Endpoint Agent\uninstallcli.exe
    "C:\Program Files\Sophos\Sophos File Scanner\Uninstall.exe"
    "C:\Program Files\Sophos\Sophos Standalone Engine\uninstall.exe"
    "C:\Program Files\Sophos\Sophos ML Engine\uninstall.exe"
    "C:\Program Files\Sophos\Sophos Endpoint Agent\uninstallgui.exe"
    "C:\Program Files (x86)\Sophos\Clean\uninstall.exe"
    "C:\Program Files\Sophos\Endpoint Defense\uninstall.exe"
    "C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe" /uninstall /quiet
    "C:\Program Files (x86)\HitmanPro.Alert\uninstall.exe"
    "C:\Program Files\HitmanPro\HitmanPro.exe" /uninstall /quietC:\Program Files\Sophos\Endpoint Defense\uninstall.exe

     

Children
No Data