MS Security Eseentials error message from CRT

Hello all,

I am testing the Sophos Cloud agent, and upon installing it to a few machines, it has left them all with an error message during startup. I believe the MS security essentials was uninstalled correctly, but it is still trying to boot upon turning on the machine.

This is going to be a big issue, as we have 200 computers in our network with MS security essentials, and CRT is leaving all comptuers with an error... is there any plans to have this fixed in the near future?

  • Hi  

    This link contains the list of third party products Sophos detects. Sophos CRT only detects Microsoft Security Essentials and you will need to remove it manually. You can request new third-party security software is added to the CRT or that detect-only functionality is expanded to automatically remove the software. The required steps are:

    1. Run the Sophos Diagnostic Utility on the endpoint computer (to gather third-party software information).
    2. Use our Support Query web form to open a support case:
      1. Attach the SDU output file from the endpoint computer.
      2. Clearly, state that you are requesting an additional detection be added to the CRT.

    Important: The CRT update may take several weeks to complete. If there is an urgent need to add detection you can contact your Sales Account Manager and discuss a bespoke solution using the 'standalone' version of the CRT.

  • Hi Dollie,

    From what I've seen I believe an uninstall of MS Security Essentials doesn't remove its uninstall keys which Sophos CRT detects.

    You can throw this in a batch file to run via GPO start-up to remove the leftover keys on all your machines if MS Security Essentials has already been removed from all of them.  Make sure to test this on an endpoint before rolling it out to the rest of your environment.

    REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client" /f
    REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{774088D4-0777-4D78-904D-E435B318F5D2}" /f
    REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" /f