Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 12 subscribers
  • Views 36745 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Uninstalling Sophos Endpoint Agent

ChrisBacker1

I am getting "Uninstallation Failed. Unable to locate Sophos Anti-Virus MSI. 

Not sure what to do here? Anyone run into this before?

Thank you. 



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Do you have an MSI uninstall log? To get one, typically I would suggest set the key:

    HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\
    Reg_SZ: Logging
    Value: voicewarmupx!

    ...as per: 
    support.microsoft.com/.../how-to-enable-windows-installer-logging

    This way every time Windows Installer runs and MSI you are guaranteed to get an MSI log without worrying about setting arguments.  

    In this case, running the uninstaller as your logged on user, the log will be under %temp% as MSI[aaaaa].LOG.  Sorting by date modified should find it easily.

    In the log, do you see something like:

    MSI (s) (10:14) [20:53:17:033]: Original package ==> C:\WINDOWS\Installer\10ab8d.msi
    MSI (s) (10:14) [20:53:17:035]: Package we're running from ==> C:\WINDOWS\Installer\10ab8d.msi

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\56BA44C6A819C384A95F387DD1878A2B\InstallProperties
    "LocalPackage" has this value, in the above case of: "C:\WINDOWS\Installer\10ab8d.msi".    

    You can search from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products for "Sophos Anti-Virus" if needed to find this path.

    So I suspect that either:
    1. The registry is not correct, i.e. the LocalPackage value doesn't point to a msi file that exists under: C:\WINDOWS\Installer\
    2. The C:\WINDOWS\Installer\ directory has been purged in some way.
    3. There is some sort of version mismatch.

    If you can get the SAV MSI file (Sophos Anti-Virus.msi) from another computer (from the directory: C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\), which is the same version, then you could drop it into this computer with the same random name as referenced in the registry.  In the above example 10ab8d.msi.  The uninstall should then be happy.

    To check the version of SAV the "Sophos Anti-Virus.msi" file relates to, I would typically install Orca (msdn.microsoft.com/.../aa370557(v=vs.85).aspx), open the MSI, in the "Property" table there is the ProductVersion property.  You want the MSI SAV version that matches the value under: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\56BA44C6A819C384A95F387DD1878A2B\InstallProperties\DisplayVersion

    Hope it helps.

    Regards,

    Jak

     

Reply
  • 0

    Hi,

    Do you have an MSI uninstall log? To get one, typically I would suggest set the key:

    HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\
    Reg_SZ: Logging
    Value: voicewarmupx!

    ...as per: 
    support.microsoft.com/.../how-to-enable-windows-installer-logging

    This way every time Windows Installer runs and MSI you are guaranteed to get an MSI log without worrying about setting arguments.  

    In this case, running the uninstaller as your logged on user, the log will be under %temp% as MSI[aaaaa].LOG.  Sorting by date modified should find it easily.

    In the log, do you see something like:

    MSI (s) (10:14) [20:53:17:033]: Original package ==> C:\WINDOWS\Installer\10ab8d.msi
    MSI (s) (10:14) [20:53:17:035]: Package we're running from ==> C:\WINDOWS\Installer\10ab8d.msi

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\56BA44C6A819C384A95F387DD1878A2B\InstallProperties
    "LocalPackage" has this value, in the above case of: "C:\WINDOWS\Installer\10ab8d.msi".    

    You can search from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products for "Sophos Anti-Virus" if needed to find this path.

    So I suspect that either:
    1. The registry is not correct, i.e. the LocalPackage value doesn't point to a msi file that exists under: C:\WINDOWS\Installer\
    2. The C:\WINDOWS\Installer\ directory has been purged in some way.
    3. There is some sort of version mismatch.

    If you can get the SAV MSI file (Sophos Anti-Virus.msi) from another computer (from the directory: C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\), which is the same version, then you could drop it into this computer with the same random name as referenced in the registry.  In the above example 10ab8d.msi.  The uninstall should then be happy.

    To check the version of SAV the "Sophos Anti-Virus.msi" file relates to, I would typically install Orca (msdn.microsoft.com/.../aa370557(v=vs.85).aspx), open the MSI, in the "Property" table there is the ProductVersion property.  You want the MSI SAV version that matches the value under: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\56BA44C6A819C384A95F387DD1878A2B\InstallProperties\DisplayVersion

    Hope it helps.

    Regards,

    Jak

     

Children
No Data
Unfiltered HTML