This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote removal of Sophos Endpoint Via Bat file and GPO

Hi,

I am trying to remove Sophos Endpoint Security for one of the companies we look after who are going to be supported by another company soon who will be installing their own AV.

I've see already that this can't be done from the Partner Portal and that it requires a bat file and a GPO created to run it as a startup script. As such I've been looking at https://community.sophos.com/kb/en-us/109668 to try and achieve this.

However I've hit a couple of problems. 1) I can't find some of the endpoint components that the article lists (see below) and 2) For some of the uninstall strings it doesn't have something like MsiExec.exe /X {9ACB414D-9347-40B6-A453-5EFB2DB59DFA} it has an uninstall path such as C:\Program Files\Sophos\Endpoint Defense\uninstall.exe - can anyone help / advise on this? Thanks.

 

Here's the list in the article with the uninstall strings / paths I've found beneath them:

Sophos Patch Agent

Sophos Compliance Agent (NAC)

Sophos Network Threat Protection (NTP)

MsiExec.exe /X{604350BF-BE9A-4F79-B0EB-B1C22D889E2D}

Sophos System Protection (SSP)

Sophos Client Firewall (SCF)

Sophos Anti-Virus (SAV)

MsiExec.exe /X{6CA90A07-433B-4859-A785-006771D72109}

Sophos Exploit Prevention (SEP)

Sophos Remote Management System (RMS)

Sophos Management Communication System (MCS)

Sophos AutoUpdate (SAU)

Sophos Endpoint Defense (SED)

C:\Program Files\Sophos\Endpoint Defense\uninstall.exe

 

Here's the details I've found in the registry which include the ones above and also ones I haven't been able to match up to anything:-

x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

Sophos Endpoint Firewall
MsiExec.exe /X{2831282D-8519-4910-B339-2302840ABEF3}

Sophos Network Threat Protection
MsiExec.exe /X{604350BF-BE9A-4F79-B0EB-B1C22D889E2D}

Sophos Endpoint Self Help
MsiExec.exe /X{9F69FA12-E3FE-4754-B7E3-B4DEEC8F6B5D}

Sophos Endpoint
MsiExec.exe /X{D29542AE-287C-42E4-AB28-3858E13C1A3E}

x64
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

Sophos Diagnostic Utility
MsiExec.exe /X{4627F5A1-E85A-4394-9DB3-875DF83AF6C2}

Sophos Anti-Virus
MsiExec.exe /X{6CA90A07-433B-4859-A785-006771D72109}

Sophos AutoUpdate XG
MsiExec.exe /X{72E136F7-3751-422E-AC7A-1B2E46391909}

Sophos Health
MsiExec.exe /X{E44AF5E6-7D11-4BDF-BEA8-AA7AE5FE6745}

Log File Creation
MsiExec.exe /X{9ACB414D-9347-40B6-A453-5EFB2DB59DFA} /qn REBOOT=SUPPRESS /L*v %windir%\Temp\Uninstall_SAV9-10_Log.txt

--------------------------------------------------------------

Sophos File Scanner
C:\Program Files\Sophos\Sophos File Scanner\Uninstall.exe

Sophos Clean
C:\Program Files (x86)\Sophos\Clean\uninstall.exe

Sophos Endpoint Agent
C:\Program Files\Sophos\Sophos Endpoint Agent\uninstallgui.exe

Sophos Endpoint Defense
C:\Program Files\Sophos\Endpoint Defense\uninstall.exe

Sophos Standalone Engine
C:\Program Files\Sophos\Sophos Standalone Engine\Uninstall.exe



This thread was automatically locked due to age.
Parents
  • Hello Simon Court,

    is this an on-premise SESC installation or Central/Intercept X. I assume the latter as you list Self Help and Health. OTOH the communication component - MCS - should also be present. SESC uses RMS but this can't be absent in an unmanaged installation.

    Don't expect all components, it's either MCS or RMS but never both, NAC has long since been retired, Patch is not available with Central and so on. Furthermore, the article has last been updated June 2017 and thus the list is likely not complete. More up to date and specifically for Central is this article.

    Use the uninstall strings you find, they are not necessarily msiexec (heard Sophos considers ditching the Windows Installer).

    Christian

Reply
  • Hello Simon Court,

    is this an on-premise SESC installation or Central/Intercept X. I assume the latter as you list Self Help and Health. OTOH the communication component - MCS - should also be present. SESC uses RMS but this can't be absent in an unmanaged installation.

    Don't expect all components, it's either MCS or RMS but never both, NAC has long since been retired, Patch is not available with Central and so on. Furthermore, the article has last been updated June 2017 and thus the list is likely not complete. More up to date and specifically for Central is this article.

    Use the uninstall strings you find, they are not necessarily msiexec (heard Sophos considers ditching the Windows Installer).

    Christian

Children
No Data