Sophos endpoint agent fail to uninstall

Hi People,

Please help, i have tried severally to uninstall Sophos Intercept X endpoint agent from a server with the aim of reinstalling it, but the agent failed to uninstall, i tried several times then i didnt see it in my programs again but the services are still running though it is not getting updates. And the agent has been deleting certain applications despite having exempted them on Sophos Central.

I was thinking this could be as a result of issue with the update cache on the server the devices are getting updates from.

Please assist.

  • Hi  

    Would you please specify the error you are receiving while you are uninstalling the software? Please check this article and see if it helps to completely uninstall Sophos. 

  • Hi Kayode,

    There should be a Sophos Agent Uninstall log located in %temp%.  If you scroll to the bottom of this there should be a component that failed to uninstall.  Can you share us a copy of the failed uninstall log?  It should also be located in %temp%.

  • In reply to Shweta:

    First you need to remove the tamper protected system, you must disable Enhanced Tamper Protection.

    Do the following:

    Boot the system into Safe Mode.

    Click Start > Run and type regedit and then click OK.

    Go to the following location in the registry editor:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos MCS Agent and set the REG_DWORD Start to 0x00000004

    Go to the following location in the registry editor:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config

    Set the following DWORD values to 0: SAVEnabled and SEDEnabled

    Reboot the system in normal mode.

    Taken from Article 124377

     

    Then run the script-

    net stop "Sophos Anti-Virus"
    net stop "Sophos AutoUpdate Service"
    :Sophos AutoUpdate
    MsiExec.exe /qn /X{7CD26A0C-9B59-4E84-B5EE-B386B2F7AA16} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{BCF53039-A7FC-4C79-A3E3-437AE28FD918} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{9D1B8594-5DD2-4CDC-A5BD-98E7E9D75520} REBOOT=ReallySuppress
    :Sophos Anti-Virus (Endpoint)
    MsiExec.exe /qn /X{8123193C-9000-4EEB-B28A-E74E779759FA} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{36333618-1CE1-4EF2-8FFD-7F17394891CE} REBOOT=ReallySuppress
    :Sophos Anti-Virus (Server)
    MsiExec.exe /qn /X{72E30858-FC95-4C87-A697-670081EBF065} REBOOT=ReallySuppress
    :Sophos System Protection
    MsiExec.exe /qn /X{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6} REBOOT=ReallySuppress
    :Sophos Network Threat Protection
    MsiExec.exe /qn /X{66967E5F-43E8-4402-87A4-04685EE5C2CB} REBOOT=ReallySuppress
    :Sophos Health
    MsiExec.exe /qn /X{A5CCEEF1-B6A7-4EB4-A826-267996A62A9E} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{D5BC54B8-1DA1-44F4-AE6F-86E05CDB0B44} REBOOT=ReallySuppress
    :SDU (1.x)
    MsiExec.exe /qn /X{4627F5A1-E85A-4394-9DB3-875DF83AF6C2} REBOOT=ReallySuppress
    :Heartbeat
    MsiExec.exe /qn /X{DFFA9361-3625-4219-82C2-9EF011E433B1} REBOOT=ReallySuppress
    :Sophos Management Communications System
    MsiExec.exe /qn /X{A1DC5EF8-DD20-45E8-ABBD-F529A24D477B} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{1FFD3F20-5D24-4C9A-B9F6-A207A53CF179} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{D875F30C-B469-4998-9A08-FE145DD5DC1A} REBOOT=ReallySuppress
    MsiExec.exe /qn /X{2C14E1A2-C4EB-466E-8374-81286D723D3A} REBOOT=ReallySuppress

     

    I have had the best luck this route, occasionally you will need to still go into the control panel after the script has ran and uninstall from there as well.  Not 100% if this will work but I have to say it has worked the best for me in the past.