My PC (Windows XP) has been running Sophos endpoint security and control for many years i a domain environment.
When I retired the PC was disconnected from the domain and the updates are not running any longer.
I still have the PC and need to uninstall this software.
In Add or Remove programs three Sophos entries:
Sophos Anti-Virus
Sophos AutoUpdate
Sophos Remote Management System
How should I do?
I am also trying to uninstall Sophos Endpoint from an XP Pro (SR3) computer too. I have disabled Tamper Protection and been able (through Control Panel - Remove Programs) to remove the SOPHOS AUTO-UPDATING.
I then tried to remove the FIREWALL program but got ERROR 1324. The path My Pictures contains an invalid character.
How do I proceed?
Paul
Hi Christian
Yes the error on uninstalling Sophos Anti Virus is Fatal error during installation.
The error log show:
=== Verbose logging started: 12/4/2017 17:47:34 Build type: SHIP UNICODE 3.01.4001.5512 Calling process: C:\windows\system32\msiexec.exe ===
MSI (c) (EC:B0) [17:47:34:815]: Resetting cached policy values
MSI (c) (EC:B0) [17:47:34:815]: Machine policy value 'Debug' is 0
MSI (c) (EC:B0) [17:47:34:815]: ******* RunEngine:
******* Product: {09863DA9-7A9B-4430-9561-E04D178D7017}
******* Action:
******* CommandLine: **********
MSI (c) (EC:B0) [17:47:34:815]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (EC:B0) [17:47:34:815]: Grabbed execution mutex.
MSI (c) (EC:B0) [17:47:34:875]: Cloaking enabled.
MSI (c) (EC:B0) [17:47:34:875]: Attempting to enable all disabled priveleges before calling Install on Server
MSI (c) (EC:B0) [17:47:34:885]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (F8:A8) [17:47:34:905]: Grabbed execution mutex.
MSI (s) (F8:9C) [17:47:34:905]: Resetting cached policy values
MSI (s) (F8:9C) [17:47:34:905]: Machine policy value 'Debug' is 0
MSI (s) (F8:9C) [17:47:34:905]: ******* RunEngine:
******* Product: {09863DA9-7A9B-4430-9561-E04D178D7017}
******* Action:
******* CommandLine: **********
MSI (s) (F8:9C) [17:47:34:905]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (F8:9C) [17:47:34:905]: MainEngineThread is returning 1605
MSI (c) (EC:B0) [17:47:34:905]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (EC:B0) [17:47:34:905]: MainEngineThread is returning 1605
=== Verbose logging stopped: 12/4/2017 17:47:34 ===
Paul
Hello Paul,
somewhat strange - 1605 is ERROR_UNKNOWN_PRODUCT This action is only valid for products that are currently installed. Is it still in Add/Remove, if so - please check both HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ and HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\. There should be an UninstallString in one of these locations (might or might not name 09863DA9-... as the product). Retry the msiexec.exe with this product code as before but omit the /qn switch.
Christian
Hello Paul,
and SAV is still in Add/Remove? Similar data is under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ (in case of User type installs under the user's SID), if you can't find the ProductID you should find at least the DisplayName (Sophos Anti-Virus).
Christian
Thanks Christian.
There is nothing at that location either and yes SAV is still is showing in Add/Remove Programs. Pushing the Remove it gathers all the information etc. then rolls back and Fails with the Fatal error during installation still.
Paul
Hello Paul,
strange that Add/Remove and the Installer disagree in this manner (usually it's the other way round, not in Add/Remove but the Installer considers it installed). Please search the registry for 09863DA9-7A9B-4430-9561-E04D178D7017 and 9AD36890B9A7034459160ED471D80771.
Apart from it being listed in Add/Remove - is SAV installed (e.g. the Sophos Anti-Virus service still present and running)? You want to remove Sophos because you are considering another and still supported AV product? You still have a thirds XP machine with Sophos 10.6.3 installed? If so do not uninstall.
Christian
Hi Christian
I searched on both 09863DA9-7A9B-4430-9561-E04D178D7017 and 9AD36890B9A7034459160ED471D80771 and came up with nothing.
Yes, because Sophos no longer supports AV for XP-Pro (and AVAST do) I am migrating all our network to AVAST. Installing AVAST while there are any remnants of SOPHOS around causes issues. After this current XP machine I still have one further machine on XP and then one on Windows 10 to go.
Am I correct in thinking (given the timing of your replies) that you are in the UK? I am very pleased that we are making some progress - one machine done and 3 to go - but it is slow progress!! Thank you for hanging in with this.
Paul
Christian
Well having played around a bit with msconfig and regedit I have got rid of everything now except SavShellExt.dll in C:\Program Files\Sophos\Sophos Anti-Virus.
When I try to delete this file I get the message
Cannot delete SavShellExt.dll Access is denied
Presumably because the file is still getting loaded somehow or other.
How do I proceed please?
Thanks
Christian
Well having played around a bit with msconfig and regedit I have got rid of everything now except SavShellExt.dll in C:\Program Files\Sophos\Sophos Anti-Virus.
When I try to delete this file I get the message
Cannot delete SavShellExt.dll Access is denied
Presumably because the file is still getting loaded somehow or other.
How do I proceed please?
Thanks
Hello Paul,
not U.K., Austria, Vienna.
SavShellExt.dll is a shell extension (there are several references in the registry), loaded by Explorer when you right-click to get the context menu. You can delete it after the login provided you don't open the context menu. The Sysinternals MoveFile utility lets you schedule the deletion.
Christian
SO I wrote the following bat file:
C:\Documents_and_Settings\Paul\My_Documents\Downloads\pendmoves.exe C:\Program_Files\Sophos\Sophos_Anti-Virus\SavShellExt.dll DELETE
and ran it and i got the reply from CMD The system cannot find the path specified.
What did I do wrong please? Microsoft webpage was not helpful.
Paul
Hello Paul,
did you indeed use underscores? Normally you'd put a path with special characters like blank between double quotes like this: "C:\Documents and Settings\Paul\My Documents\Downloads\pendmoves.exe". Same for the DLL of course.
Christian
Hello Paul,
with blanks in both the command's and the target's path it's "\path to\command.exe" "\path to\the target" parameter. Cannot find the path suggests that either you didn't put quotes around the full path of the DLL or it isn't there.
Christian
And this is a copy from the batch file Christian
"C:\Documents_and_Settings\Paul\My_Documents\Downloads\pendmoves.exe" "C:\Program_Files\Sophos\Sophos_Anti-Virus\SavShellExt.dll" DELETE
What did I get wrong?
Paul
