Can't uninstall endpoint agent!

Disabled Tamper Protection and trying to uninstall as admin.  I even disabled all the Sophos services.  When I try to uninstall it says it can't because it's updating, but how can it update if all the services are stopped!?

Even ran the batch file from here https://community.sophos.com/kb/en-us/122126 and rebooted but it says the same thing!  WTH!!!

  • Hi,

    I am an individual mac user and ended up installing Sophos endpoint. In a hurry to remove it, I deleted my device from sophos central. Now when I try to remove the software from my mac, it needs the tamper protection password. Which I have no clue how to find or even get back. Please help me with uninstalling this software. Please!

  • I would suggest:

    Open Task Manager and check that the process SophosUpdate.exe isn't running.  It will be running as System and if so kill it.

    Open Regedit, navigate to:

    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\AutoUpdate\UpdateStatus

    Delete the following values if they exist:

    UpdateStartedTime
    IsUpdating
    IsInstalling

    Try an uninstall.

    Regards,

    Jak

  • In reply to jak:

    Service is not started and key doesn't exist.  Still getting that message.

  • Try to run a total uninstaller. I've had this issue in the past. Total Uninstaller will do the trick. You will be hunting reg keys and files with no end. If that does not work. Try to install sophos again and remove with total uninstaller. If you've ran the batch like you claim and total uninstaller does not pick it up... reinstall and remove from there. 

  • In reply to Louis Baumann:

    It appears to be a 32-bit computer, in which case:

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate\UpdateStatus

    I kind of assume everyone is running 64-bit now sorry.

    Regards,

    Jak

  • In reply to jak:

    Incredible, I never knew this. Had a laptop with Sophos Central hung on updating no matter what. The service was not running, but deleting those 3 keys allowed me to uninstall right away (Tamper protection was already off from Central--and user has Sophos Administrators group rights of course)