Need to uninstall Sophos on my client/server machines

Although you would have to do some testing and add a specific line for each different aspect installed this would more than likely work as long as you did not have tamper protection enabled.

wmic product where "name like 'Sophos%%'" call uninstall /nointeractive

Or something else similar, like I said you would have to test it and you may need to run multiple lines of it to completely uninstall but once you had it you could just rinse and repeat on each computer.

This is an age old problem with sohpos and problem that so far sohpos has not been able to solve.

Servers are a problem because if something goes wrong you have other problems.

For workstations

IMPORTANT:  We are not using sohpos central.  We are using on premise sohpos enterprise central (SEC).

Make sure your admin account that you are using is a member of the local administrators group.  The last i checked sohpos doesn't support nested groups for administrating sohpos endpoint.

I have yet to figure out a good order for ripping out sohpos av.

disabled firewall

set UAC to lowest level.

If you are using Group Policies then i recommend that you move the PC to the default computer OU as this is OU normally has little to no Group Policies applied.

restart PC.

from an administrative command prompt run gpupdate /force.  This should clear out any applied Group Policies.  should..

restart PC.

uninstall and much of sohpos as you can.

restart PC.

run the scripts as administrator

restart PC

Go to Microsoft and download and run the force uninstall utility against sohpos av.

restart PC.

Search the registry for the different part of sohpos.  Search words: RMS, SAVXP, Sophos, and try shortened path names for sohpos.

Delete these keys.  Like always use caution when deleting any registry key.

restart PC.

Last search the windows file structure for any left over sohpos folders.  remember to look in the hidden folders also.

restart PC.

Now you should be ready to attempt a re-install of sohpos if that was your goal after ripping sohpos av out.

I would leave the PC in the default computer OU.  If you are doing AD sync with your SEC then force a re-sync so SEC knows what OU the PC is now in.  If you have not setup AD with your default computer OU, which can be a normal configuration, move the PC to non-AD synced folder (group) in SEC which has polices assigned.  This can be important as sohpos can get confused when it can't apply a policy that has the path to the update folder.

I have ran these steps many times and have gotten lucky more time than not. But way your time and decide if it is just better to re-image or rebuild.

If you are using imaging make sure you never include sohpos in the image.

If you have created a custom installer for sohpos av then copy it to the PC and as administrator.

If you get a good install of sohpos av and a green light in SEC then move the PC back to it's correct OU and do a grupdate /force, restart PC, and then force sohpos av to the PC.

Good luck and hope this helps.

Lasty make the wind is not blowing out side as this can affect the process.

This is an age old problem with sohpos and problem that so far sohpos has not been able to solve.

Servers are a problem because if something goes wrong you have other problems.

For workstations

IMPORTANT:  We are not using sohpos central.  We are using on premise sohpos enterprise central (SEC).

Make sure your admin account that you are using is a member of the local administrators group.  The last i checked sohpos doesn't support nested groups for administrating sohpos endpoint.

I have yet to figure out a good order for ripping out sohpos av.

disabled firewall

set UAC to lowest level.

If you are using Group Policies then i recommend that you move the PC to the default computer OU as this is OU normally has little to no Group Policies applied.

restart PC.

from an administrative command prompt run gpupdate /force.  This should clear out any applied Group Policies.  should..

restart PC.

uninstall and much of sohpos as you can.

restart PC.

run the scripts as administrator

restart PC

Go to Microsoft and download and run the force uninstall utility against sohpos av.

restart PC.

Search the registry for the different part of sohpos.  Search words: RMS, SAVXP, Sophos, and try shortened path names for sohpos.

Delete these keys.  Like always use caution when deleting any registry key.

restart PC.

Last search the windows file structure for any left over sohpos folders.  remember to look in the hidden folders also.

restart PC.

Now you should be ready to attempt a re-install of sohpos if that was your goal after ripping sohpos av out.

I would leave the PC in the default computer OU.  If you are doing AD sync with your SEC then force a re-sync so SEC knows what OU the PC is now in.  If you have not setup AD with your default computer OU, which can be a normal configuration, move the PC to non-AD synced folder (group) in SEC which has polices assigned.  This can be important as sohpos can get confused when it can't apply a policy that has the path to the update folder.

I have ran these steps many times and have gotten lucky more time than not. But way your time and decide if it is just better to re-image or rebuild.

If you are using imaging make sure you never include sohpos in the image.

If you have created a custom installer for sohpos av then copy it to the PC and as administrator.

If you get a good install of sohpos av and a green light in SEC then move the PC back to it's correct OU and do a grupdate /force, restart PC, and then force sohpos av to the PC.

Good luck and hope this helps.

Lasty make the wind is not blowing out side as this can affect the process.