This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot instal Sophos Endpoint Security and Control because existing 3rd party AV software could not be uninstalled

Please note, I have only basic IT skills

I have a Windows 10 laptop which was happily running Sophos ECC for several years but recently stopped updating. I was advised by Sophos tech support to uninstall and reinstall. But reinstall stops because it detects 3rd party software - presumably Windows Defender as there is no other AV software. Strangely, Windows defender states that Sophos is providing the AV protection even though uninstalled but I cannot open the Sophos app via Defender console.

I have tried seting up new DWORD DisableAvCheck = 1 and restarting but this has not solved the problem. Sophos Tech support says they cannot do anything else to help but I now have a laptop which is currently not protected (Sophos not installed but Defender is not protecting it because it thinks Sophos is installed). Sophos Tech Support suggested I should upgrade to Sophos Cloud but I don't know whether it would be right for me. I like Endpoint.

Any suggestions?



This thread was automatically locked due to age.
Parents
  • Hello Christine, 

    Could you upload the log C:\Windows\Temp\avremove.log? The log file will list what application was detected and what is preventing the install from proceeding. 

    Depending on what is detected, I can try suggesting some more user-friendly cleanup tools that you can use to remove any references of the competitor AV. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Thanks for looking at this for me. I coudn't find a way of uploading the file so here it is in full. I hope this is what you were looking for.

    29 Oct 2021 15:30:23 Info: ==============================================
    29 Oct 2021 15:30:23 Info: Running OS: Microsoft Windows 10 [Version 10.00.19043]
    29 Oct 2021 15:30:23 Info: Current Competitor Removal Tool Settings
    29 Oct 2021 15:30:23 Info: Product Version: Version 2.19.0.33
    29 Oct 2021 15:30:23 Info: Using Product Catalog: Default
    29 Oct 2021 15:30:23 Info: Run On Servers: True
    29 Oct 2021 15:30:23 Info: Detection Only: False
    29 Oct 2021 15:30:23 Info: Remove Anti-Virus: True
    29 Oct 2021 15:30:23 Info: Remove Product Suites: False
    29 Oct 2021 15:30:23 Info: Remove Firewalls: False
    29 Oct 2021 15:30:23 Info: Remove Update Tools: False
    29 Oct 2021 15:30:23 Info: Send Telemetry: False
    29 Oct 2021 15:30:23 Info: Log Tracing: False
    29 Oct 2021 15:30:23 Info: Log to C:\Users\User\AppData\Local\Temp\avremove.log
    29 Oct 2021 15:30:23 Info: Default system language: en_GB
    29 Oct 2021 15:30:23 Info: Default character encoding: cp1252
    29 Oct 2021 15:30:23 Info: Operating system is 64-bit: True
    29 Oct 2021 15:30:23 Info: Detected Microsoft Security Client version 4.5.x, 4.8.0204.0
    29 Oct 2021 15:30:23 Info: ==============================================
    29 Oct 2021 15:30:23 Info: Removing detected products...
    29 Oct 2021 15:30:23 Info: Checking to see if Microsoft Security Client version 4.5.x, 4.8.0204.0 is installed
    29 Oct 2021 15:30:23 Info: Starting removal of Microsoft Security Client version 4.5.x, 4.8.0204.0
    29 Oct 2021 15:30:23 Info: Creating new process C:\Windows\System32\\MsiExec.exe /X {D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6} /q REBOOT=ReallySuppress
    29 Oct 2021 15:30:29 Info: Removal process ended normally: exit code 1603
    29 Oct 2021 15:30:29 Failure: Removal of Microsoft Security Client version 4.5.x, 4.8.0204.0 failed, last error 0
    29 Oct 2021 15:30:29 Failure: Return code 1603
    29 Oct 2021 15:30:29 Info: Competitor Removal Tool exit code 16
    29 Oct 2021 15:30:29 Info: AVRemove finished. 1 product found, 0 products removed. Report logged to : C:\Users\User\AppData\Local\Temp\avremove.log
    Sophos Anti-Virus software detector - Version 2.19.0.33
    Copyright (C) 2003-2021 Sophos Limited. All rights reserved.
    Running OS: Microsoft Windows 10 [Version 10.00.19043]
    Removing detected products...
    AVRemove finished. 1 product found, 0 products removed. Report logged to : C:\Users\User\AppData\Local\Temp\avremove.log
    29 Oct 2021 15:52:10 Info: ==============================================
    29 Oct 2021 15:52:10 Info: Running OS: Microsoft Windows 10 [Version 10.00.19043]
    29 Oct 2021 15:52:10 Info: Current Competitor Removal Tool Settings
    29 Oct 2021 15:52:10 Info: Product Version: Version 2.19.0.33
    29 Oct 2021 15:52:10 Info: Using Product Catalog: Default
    29 Oct 2021 15:52:10 Info: Run On Servers: True
    29 Oct 2021 15:52:10 Info: Detection Only: False
    29 Oct 2021 15:52:10 Info: Remove Anti-Virus: True
    29 Oct 2021 15:52:10 Info: Remove Product Suites: False
    29 Oct 2021 15:52:10 Info: Remove Firewalls: False
    29 Oct 2021 15:52:10 Info: Remove Update Tools: False
    29 Oct 2021 15:52:10 Info: Send Telemetry: False
    29 Oct 2021 15:52:10 Info: Log Tracing: False
    29 Oct 2021 15:52:10 Info: Log to C:\Users\User\AppData\Local\Temp\avremove.log
    29 Oct 2021 15:52:10 Info: Default system language: en_GB
    29 Oct 2021 15:52:10 Info: Default character encoding: cp1252
    29 Oct 2021 15:52:10 Info: Operating system is 64-bit: True
    29 Oct 2021 15:52:10 Info: Detected Microsoft Security Client version 4.5.x, 4.8.0204.0
    29 Oct 2021 15:52:10 Info: ==============================================
    29 Oct 2021 15:52:10 Info: Removing detected products...
    29 Oct 2021 15:52:10 Info: Checking to see if Microsoft Security Client version 4.5.x, 4.8.0204.0 is installed
    29 Oct 2021 15:52:10 Info: Starting removal of Microsoft Security Client version 4.5.x, 4.8.0204.0
    29 Oct 2021 15:52:10 Info: Creating new process C:\Windows\System32\\MsiExec.exe /X {D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6} /q REBOOT=ReallySuppress
    29 Oct 2021 15:52:14 Info: Removal process ended normally: exit code 1603
    29 Oct 2021 15:52:14 Failure: Removal of Microsoft Security Client version 4.5.x, 4.8.0204.0 failed, last error 0
    29 Oct 2021 15:52:14 Failure: Return code 1603
    29 Oct 2021 15:52:14 Info: Competitor Removal Tool exit code 16
    29 Oct 2021 15:52:14 Info: AVRemove finished. 1 product found, 0 products removed. Report logged to : C:\Users\User\AppData\Local\Temp\avremove.log
    Sophos Anti-Virus software detector - Version 2.19.0.33
    Copyright (C) 2003-2021 Sophos Limited. All rights reserved.
    Running OS: Microsoft Windows 10 [Version 10.00.19043]
    Removing detected products...
    AVRemove finished. 1 product found, 0 products removed. Report logged to : C:\Users\User\AppData\Local\Temp\avremove.log
    29 Oct 2021 16:05:30 Info: ==============================================
    29 Oct 2021 16:05:30 Info: Running OS: Microsoft Windows 10 [Version 10.00.19043]
    29 Oct 2021 16:05:30 Info: Current Competitor Removal Tool Settings
    29 Oct 2021 16:05:30 Info: Product Version: Version 2.19.0.33
    29 Oct 2021 16:05:30 Info: Using Product Catalog: Default
    29 Oct 2021 16:05:30 Info: Run On Servers: True
    29 Oct 2021 16:05:30 Info: Detection Only: False
    29 Oct 2021 16:05:30 Info: Remove Anti-Virus: True
    29 Oct 2021 16:05:30 Info: Remove Product Suites: False
    29 Oct 2021 16:05:30 Info: Remove Firewalls: False
    29 Oct 2021 16:05:30 Info: Remove Update Tools: False
    29 Oct 2021 16:05:30 Info: Send Telemetry: False
    29 Oct 2021 16:05:30 Info: Log Tracing: False
    29 Oct 2021 16:05:30 Info: Log to C:\Users\User\AppData\Local\Temp\avremove.log
    29 Oct 2021 16:05:30 Info: Default system language: en_GB
    29 Oct 2021 16:05:30 Info: Default character encoding: cp1252
    29 Oct 2021 16:05:30 Info: Operating system is 64-bit: True
    29 Oct 2021 16:05:30 Info: Detected Microsoft Security Client version 4.5.x, 4.8.0204.0
    29 Oct 2021 16:05:31 Info: ==============================================
    29 Oct 2021 16:05:31 Info: Removing detected products...
    29 Oct 2021 16:05:31 Info: Checking to see if Microsoft Security Client version 4.5.x, 4.8.0204.0 is installed
    29 Oct 2021 16:05:31 Info: Starting removal of Microsoft Security Client version 4.5.x, 4.8.0204.0
    29 Oct 2021 16:05:31 Info: Creating new process C:\Windows\System32\\MsiExec.exe /X {D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6} /q REBOOT=ReallySuppress
    29 Oct 2021 16:05:35 Info: Removal process ended normally: exit code 1603
    29 Oct 2021 16:05:35 Failure: Removal of Microsoft Security Client version 4.5.x, 4.8.0204.0 failed, last error 0
    29 Oct 2021 16:05:35 Failure: Return code 1603
    29 Oct 2021 16:05:35 Info: Competitor Removal Tool exit code 16
    29 Oct 2021 16:05:35 Info: AVRemove finished. 1 product found, 0 products removed. Report logged to : C:\Users\User\AppData\Local\Temp\avremove.log
    Sophos Anti-Virus software detector - Version 2.19.0.33
    Copyright (C) 2003-2021 Sophos Limited. All rights reserved.
    Running OS: Microsoft Windows 10 [Version 10.00.19043]
    Removing detected products...
    AVRemove finished. 1 product found, 0 products removed. Report logged to : C:\Users\User\AppData\Local\Temp\avremove.log

  • Is anyone able to help me with this, please?

  • Hello Christine, 

    Thank you for uploading the logs. With the "Microsoft Security Client" that is detected, I recommend using the following "MsFixIt" tool.
    - Fix problems that block programs from being installed or removed

    I have used this successfully in previous instances where Microsoft Security Client has been detected on a device. Let me know if this works for you.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Apologies for being thick but could you advise whether I should be using the MSFixit tool to uninstall Microsoft Securuty Client or instll Sophos Endpoint Security & Control in which case how can I get the MSI as it is not listed.

    Chris

  • Hello Christine, 

    I recommend removing the "Microsoft Security Client" using this tool. I don't recommend using the tool to remove Sophos AV from the device. In general, I only recommend using the MsFixit tool on Microsoft/Windows' software. 

    If you need to clean up a Sophos installation, you'll want to use "Sophos Zap." 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • That has allowed me to install Sophos Endpoint Securuty. Many thanks Qoosh

Reply Children
No Data