Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Answers 2 answers
  • Subscribers 16 subscribers
  • Views 55373 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Manual Uninstall?

Paul Hutchings

Is there a guide somewhere on how to do a totally manual uninstall?

As in the client is FUBAR so tamper protection cannot be disabled, and a total rip n replace is needed?

I've seen a few guides but nothing that seems to come down to the level of removing reg keys and folders, it all seems to assume that you can do a clean uninstalled from either add/remove or from the command prompt using msiexec - I want the nuclear option :)



This thread was automatically locked due to age.
  • +2

    Hello

    Have you started with: https://community.sophos.com/kb/en-us/124377 in order to at least disable SED.  This will have to be done to stand a chance of removing much of Sophos components if it is enabled.

    Then back in a regular boot rather than Safe Mode, I would then run this batch file:

    https://community.sophos.com/kb/en-us/122126

    This will removall all that MSI can.  Maybe check the sub-keys of:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
    For Sophos products, using the UninstallString values.

    At that point, reboot twice.  With LSPs on Windows 7/2008 and lower, loading into processes from a very early point in the boot, 2 reboots may be required to ensure all processes no longer reference some of the DLLs from "C:\ProgramData\Sophos\Web Intelligence\".

    Then you're into manual work if needed:

    SC.exe commands to delete remaining services if there are any, e.g. "sc delete savservice", etc...

    Deleting files/registry keys: 
    "C:\Program Files (x86)\Sophos\"
    "C:\Program Files\Sophos\"
    "C:\Program Files (x86)\Common Files\Sophos\"
    "HKEY_CURRENT_USER\Software\Sophos"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Sophos"

    It may well be then worth re-installing with a view to either leave it if you're re-installing of course or then run the uninstaller which should then remove the rest, i.e. unregister DLLs etc to clean up the registry.

    Regards,

    Jak

  • 0 in reply to jak

    Perfect (and worked) - thank you!

  • 0 in reply to jak

    There are a few other locations (like ProgramData) too. I made a pretty comprehensive list and built out some batch files to help. I don't like downloading files from forums so I added the content of the batch files instead. That way you know what you're getting.

     

    Remove Services - To stop, disable and delete services (don't ask why I didn't just delete them... I'm a bit OCD)

    sc config savservice start= disabled
    sc stop savservice
    sc delete savservice
    sc config savadminservice start= disabled
    sc stop savadminservice
    sc delete savadminservice
    sc config "Sophos AutoUpdate Service" start= disabled
    sc stop "Sophos AutoUpdate Service"
    sc delete "Sophos AutoUpdate Service"
    sc config "sophos device control service" start= disabled
    sc stop "sophos device control service"
    sc delete "sophos device control service"
    sc config "sophos web control service" start= disabled
    sc stop "sophos web control service"
    sc delete "sophos web control service"
    sc config swi_filter start= disabled
    sc stop swi_filter
    sc delete swi_filter
    sc config swi_service start= disabled
    sc stop swi_service
    sc delete swi_service
    sc config "Sophos Clean Service" start= disabled
    sc stop "Sophos Clean Service"
    sc delete "Sophos Clean Service"
    sc config "Sophos File Scanner Service" start= disabled
    sc stop "Sophos File Scanner Service"
    sc delete "Sophos File Scanner Service"
    sc config "Sophos Health Service" start= disabled
    sc stop "Sophos Health Service"
    sc delete "Sophos Health Service"
    sc config "Sophos MCS Agent" start= disabled
    sc stop "Sophos MCS Agent"
    sc delete "Sophos MCS Agent"
    sc config "Sophos MCS Client" start= disabled
    sc stop "Sophos MCS Client"
    sc delete "Sophos MCS Client"
    sc config "SntpService" start= disabled
    sc stop "SntpService"
    sc delete "SntpService"
    sc config "Sophos Safestore Service" start= disabled
    sc stop "Sophos Safestore Service"
    sc delete "Sophos Safestore Service"
    sc config "Sophos System Protection Service" start= disabled
    sc stop "Sophos System Protection Service"
    sc delete "Sophos System Protection Service"

     

    Remove Registry - To delete all registry keys (that I could find anyway...)

    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos Clean" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos Endpoint Agent" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos Endpoint Defense" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos Standalone Engine" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2831282D-8519-4910-B339-2302840ABEF3}" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{604350BF-BE9A-4F79-B0EB-B1C22D889E2D}" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB36D9C2-6AE5-4AB2-BC91-ECD247092BD8}" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D29542AE-287C-42E4-AB28-3858E13C1A3E}" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2C14E1A2-C4EB-466E-8374-81286D723D3A}" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4627F5A1-E85A-4394-9DB3-875DF83AF6C2}" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6654537D-935E-41C0-A18A-C55C2BF77B7E}" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{72E136F7-3751-422E-AC7A-1B2E46391909}" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E44AF5E6-7D11-4BDF-BEA8-AA7AE5FE6745}" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Sophos" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos" /f

     

    Remove Directories - I had some problems with some directories so I threw in some cmds to take ownership to help. Oft times there will still be some dll's leftover in the Program Files (x86) directory so it may not be a silver bullet.

    rmdir /s /q "C:\Program Files\Sophos"

    takeown /f "C:\Program Files (x86)\Sophos" /a /r /d y

    rmdir /s /q "C:\Program Files (x86)\Sophos"
    rmdir /s /q "C:\Program Files\Common Files\Sophos"

    takeown /f C:\ProgramData\Sophos\ /a /r /d y

    cmd /k rmdir /s /q C:\ProgramData\Sophos\

Unfiltered HTML