goglfashion.blogg.se - How to uninstall sophos endpoint from registry

How to uninstall sophos endpoint from registry Patch#

New-Item -Path $SophosUninstallDir -ItemType Directory -Force The simple answer for how I got the "sophoszap.exe -confirm" to uninstall was using this: If "%KEY_STRING%" equ "" echo %COMPONENT_NAME% not found & goto :EOFĮcho %COMPONENT_NAME% located: %KEY_STRING%įor /f "usebackq tokens=2,*" %%a in (`reg query "%KEY_STRING%" /v UninstallString ^| find "UninstallString"`) do set "UI_STRING=%%b"įor /f "tokens=1,*" %%a in ("%UI_STRING%") do if /i "%%a" equ "msiexec.exe" set "UI_STRING=%%a /qn %%b REBOOT=ReallySuppress"Įcho -Įcho ERROR: This script needs to be run as Administrator

" %%a in (`reg query "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall" /s /f "%COMPONENT_NAME%" /d /e ^| find "HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall"`) do set "KEY_STRING=%%a".

If "%KEY_STRING%" equ "" for /f "usebackq tokens=1 delims=

" %%a in (`reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall" /s /f "%COMPONENT_NAME%" /d /e ^| find "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall"`) do set "KEY_STRING=%%a".

:: Subroutine to find uninstall string and use that to uninstall the softwareįor /f "usebackq tokens=1 delims= You can run this script again if you'd like to confirm.

How to uninstall sophos endpoint from registry Patch#

If "%PA_STATE%" equ "STOPPED" goto PatchAgentStoppedĮcho - Uninstall Sophos Components -Ĭall :UninstallSophosComponent "Sophos Remote Management System"Ĭall :UninstallSophosComponent "Sophos Network Threat Protection"Ĭall :UninstallSophosComponent "Sophos Client Firewall"Ĭall :UninstallSophosComponent "Sophos Anti-Virus"Ĭall :UninstallSophosComponent "Sophos AutoUpdate"Ĭall :UninstallSophosComponent "Sophos Diagnostic Utility"Ĭall :UninstallSophosComponent "Sophos Clean"Ĭall :UninstallSophosComponent "Sophos Patch Agent"Ĭall :UninstallSophosComponent "Sophos Endpoint Defense"Įcho All done.

If "%PA_STATE%" equ "" echo Sophos Patch Agent not running & goto PatchAgentStoppedĮcho Sophos Patch Agent state: %PA_STATE% :: Script to uninstall Sophos Endpoint components in the correct order using the uninstall strings from registry.Įcho - Stop Sophos Patch Agent -įor /f "tokens=4" %%a in ('sc query ^"Sophos Patch Agent^" ^| find ^"STATE^"') do set "PA_STATE=%%a" If I revisit the script, I'll add logging and the suggestions from off It was meant to run from elevated command prompt or right-click run as admin from File Explorer (hence the pauses). I wrote a batch file for this exact situation just last week so it didn't have much testing yet. HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\SAVService\TamperProtection\ is 0.

If is is still 1 then, the script may as well stop, especially if the $(get-service "sophos endpoint defense").status is also "Running". The script should probably also check before that, the SedEnabled DWORD under: "HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config" is set to 0 as a way to check tamper has been disabled by policy. Maybe add extra switches to the MSIs uninstall commands, e.g.

:: turn off tamper protection on the computer that Sophos will be uninstalled. I have also followed this thread in vain The line you have mentioned is in it but doesn't seem to work. Need to uninstall from 300pcs as we are moving from Sophos Endpoint, a variety of batch file uninstalls haven't worked so far and have had lots of time put into it correcting them.