This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot instal Sophos Endpoint Security and Control because existing 3rd party AV software could not be uninstalled

Please note, I have only basic IT skills

I have a Windows 10 laptop which was happily running Sophos ECC for several years but recently stopped updating. I was advised by Sophos tech support to uninstall and reinstall. But reinstall stops because it detects 3rd party software - presumably Windows Defender as there is no other AV software. Strangely, Windows defender states that Sophos is providing the AV protection even though uninstalled but I cannot open the Sophos app via Defender console.

I have tried seting up new DWORD DisableAvCheck = 1 and restarting but this has not solved the problem. Sophos Tech support says they cannot do anything else to help but I now have a laptop which is currently not protected (Sophos not installed but Defender is not protecting it because it thinks Sophos is installed). Sophos Tech Support suggested I should upgrade to Sophos Cloud but I don't know whether it would be right for me. I like Endpoint.

Any suggestions?



This thread was automatically locked due to age.
Parents Reply Children
  • Thanks for looking at this for me. I coudn't find a way of uploading the file so here it is in full. I hope this is what you were looking for.

    29 Oct 2021 15:30:23 Info: ==============================================
    29 Oct 2021 15:30:23 Info: Running OS: Microsoft Windows 10 [Version 10.00.19043]
    29 Oct 2021 15:30:23 Info: Current Competitor Removal Tool Settings
    29 Oct 2021 15:30:23 Info: Product Version: Version 2.19.0.33
    29 Oct 2021 15:30:23 Info: Using Product Catalog: Default
    29 Oct 2021 15:30:23 Info: Run On Servers: True
    29 Oct 2021 15:30:23 Info: Detection Only: False
    29 Oct 2021 15:30:23 Info: Remove Anti-Virus: True
    29 Oct 2021 15:30:23 Info: Remove Product Suites: False
    29 Oct 2021 15:30:23 Info: Remove Firewalls: False
    29 Oct 2021 15:30:23 Info: Remove Update Tools: False
    29 Oct 2021 15:30:23 Info: Send Telemetry: False
    29 Oct 2021 15:30:23 Info: Log Tracing: False
    29 Oct 2021 15:30:23 Info: Log to C:\Users\User\AppData\Local\Temp\avremove.log
    29 Oct 2021 15:30:23 Info: Default system language: en_GB
    29 Oct 2021 15:30:23 Info: Default character encoding: cp1252
    29 Oct 2021 15:30:23 Info: Operating system is 64-bit: True
    29 Oct 2021 15:30:23 Info: Detected Microsoft Security Client version 4.5.x, 4.8.0204.0
    29 Oct 2021 15:30:23 Info: ==============================================
    29 Oct 2021 15:30:23 Info: Removing detected products...
    29 Oct 2021 15:30:23 Info: Checking to see if Microsoft Security Client version 4.5.x, 4.8.0204.0 is installed
    29 Oct 2021 15:30:23 Info: Starting removal of Microsoft Security Client version 4.5.x, 4.8.0204.0
    29 Oct 2021 15:30:23 Info: Creating new process C:\Windows\System32\\MsiExec.exe /X {D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6} /q REBOOT=ReallySuppress
    29 Oct 2021 15:30:29 Info: Removal process ended normally: exit code 1603
    29 Oct 2021 15:30:29 Failure: Removal of Microsoft Security Client version 4.5.x, 4.8.0204.0 failed, last error 0
    29 Oct 2021 15:30:29 Failure: Return code 1603
    29 Oct 2021 15:30:29 Info: Competitor Removal Tool exit code 16
    29 Oct 2021 15:30:29 Info: AVRemove finished. 1 product found, 0 products removed. Report logged to : C:\Users\User\AppData\Local\Temp\avremove.log
    Sophos Anti-Virus software detector - Version 2.19.0.33
    Copyright (C) 2003-2021 Sophos Limited. All rights reserved.
    Running OS: Microsoft Windows 10 [Version 10.00.19043]
    Removing detected products...
    AVRemove finished. 1 product found, 0 products removed. Report logged to : C:\Users\User\AppData\Local\Temp\avremove.log
    29 Oct 2021 15:52:10 Info: ==============================================
    29 Oct 2021 15:52:10 Info: Running OS: Microsoft Windows 10 [Version 10.00.19043]
    29 Oct 2021 15:52:10 Info: Current Competitor Removal Tool Settings
    29 Oct 2021 15:52:10 Info: Product Version: Version 2.19.0.33
    29 Oct 2021 15:52:10 Info: Using Product Catalog: Default
    29 Oct 2021 15:52:10 Info: Run On Servers: True
    29 Oct 2021 15:52:10 Info: Detection Only: False
    29 Oct 2021 15:52:10 Info: Remove Anti-Virus: True
    29 Oct 2021 15:52:10 Info: Remove Product Suites: False
    29 Oct 2021 15:52:10 Info: Remove Firewalls: False
    29 Oct 2021 15:52:10 Info: Remove Update Tools: False
    29 Oct 2021 15:52:10 Info: Send Telemetry: False
    29 Oct 2021 15:52:10 Info: Log Tracing: False
    29 Oct 2021 15:52:10 Info: Log to C:\Users\User\AppData\Local\Temp\avremove.log
    29 Oct 2021 15:52:10 Info: Default system language: en_GB
    29 Oct 2021 15:52:10 Info: Default character encoding: cp1252
    29 Oct 2021 15:52:10 Info: Operating system is 64-bit: True
    29 Oct 2021 15:52:10 Info: Detected Microsoft Security Client version 4.5.x, 4.8.0204.0
    29 Oct 2021 15:52:10 Info: ==============================================
    29 Oct 2021 15:52:10 Info: Removing detected products...
    29 Oct 2021 15:52:10 Info: Checking to see if Microsoft Security Client version 4.5.x, 4.8.0204.0 is installed
    29 Oct 2021 15:52:10 Info: Starting removal of Microsoft Security Client version 4.5.x, 4.8.0204.0
    29 Oct 2021 15:52:10 Info: Creating new process C:\Windows\System32\\MsiExec.exe /X {D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6} /q REBOOT=ReallySuppress
    29 Oct 2021 15:52:14 Info: Removal process ended normally: exit code 1603
    29 Oct 2021 15:52:14 Failure: Removal of Microsoft Security Client version 4.5.x, 4.8.0204.0 failed, last error 0
    29 Oct 2021 15:52:14 Failure: Return code 1603
    29 Oct 2021 15:52:14 Info: Competitor Removal Tool exit code 16
    29 Oct 2021 15:52:14 Info: AVRemove finished. 1 product found, 0 products removed. Report logged to : C:\Users\User\AppData\Local\Temp\avremove.log
    Sophos Anti-Virus software detector - Version 2.19.0.33
    Copyright (C) 2003-2021 Sophos Limited. All rights reserved.
    Running OS: Microsoft Windows 10 [Version 10.00.19043]
    Removing detected products...
    AVRemove finished. 1 product found, 0 products removed. Report logged to : C:\Users\User\AppData\Local\Temp\avremove.log
    29 Oct 2021 16:05:30 Info: ==============================================
    29 Oct 2021 16:05:30 Info: Running OS: Microsoft Windows 10 [Version 10.00.19043]
    29 Oct 2021 16:05:30 Info: Current Competitor Removal Tool Settings
    29 Oct 2021 16:05:30 Info: Product Version: Version 2.19.0.33
    29 Oct 2021 16:05:30 Info: Using Product Catalog: Default
    29 Oct 2021 16:05:30 Info: Run On Servers: True
    29 Oct 2021 16:05:30 Info: Detection Only: False
    29 Oct 2021 16:05:30 Info: Remove Anti-Virus: True
    29 Oct 2021 16:05:30 Info: Remove Product Suites: False
    29 Oct 2021 16:05:30 Info: Remove Firewalls: False
    29 Oct 2021 16:05:30 Info: Remove Update Tools: False
    29 Oct 2021 16:05:30 Info: Send Telemetry: False
    29 Oct 2021 16:05:30 Info: Log Tracing: False
    29 Oct 2021 16:05:30 Info: Log to C:\Users\User\AppData\Local\Temp\avremove.log
    29 Oct 2021 16:05:30 Info: Default system language: en_GB
    29 Oct 2021 16:05:30 Info: Default character encoding: cp1252
    29 Oct 2021 16:05:30 Info: Operating system is 64-bit: True
    29 Oct 2021 16:05:30 Info: Detected Microsoft Security Client version 4.5.x, 4.8.0204.0
    29 Oct 2021 16:05:31 Info: ==============================================
    29 Oct 2021 16:05:31 Info: Removing detected products...
    29 Oct 2021 16:05:31 Info: Checking to see if Microsoft Security Client version 4.5.x, 4.8.0204.0 is installed
    29 Oct 2021 16:05:31 Info: Starting removal of Microsoft Security Client version 4.5.x, 4.8.0204.0
    29 Oct 2021 16:05:31 Info: Creating new process C:\Windows\System32\\MsiExec.exe /X {D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6} /q REBOOT=ReallySuppress
    29 Oct 2021 16:05:35 Info: Removal process ended normally: exit code 1603
    29 Oct 2021 16:05:35 Failure: Removal of Microsoft Security Client version 4.5.x, 4.8.0204.0 failed, last error 0
    29 Oct 2021 16:05:35 Failure: Return code 1603
    29 Oct 2021 16:05:35 Info: Competitor Removal Tool exit code 16
    29 Oct 2021 16:05:35 Info: AVRemove finished. 1 product found, 0 products removed. Report logged to : C:\Users\User\AppData\Local\Temp\avremove.log
    Sophos Anti-Virus software detector - Version 2.19.0.33
    Copyright (C) 2003-2021 Sophos Limited. All rights reserved.
    Running OS: Microsoft Windows 10 [Version 10.00.19043]
    Removing detected products...
    AVRemove finished. 1 product found, 0 products removed. Report logged to : C:\Users\User\AppData\Local\Temp\avremove.log

  • Is anyone able to help me with this, please?

  • Hello Christine, 

    Thank you for uploading the logs. With the "Microsoft Security Client" that is detected, I recommend using the following "MsFixIt" tool.
    - Fix problems that block programs from being installed or removed

    I have used this successfully in previous instances where Microsoft Security Client has been detected on a device. Let me know if this works for you.

    Kushal Lakhan
    Global Community Support Engineer
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Apologies for being thick but could you advise whether I should be using the MSFixit tool to uninstall Microsoft Securuty Client or instll Sophos Endpoint Security & Control in which case how can I get the MSI as it is not listed.

    Chris

  • Hello Christine, 

    I recommend removing the "Microsoft Security Client" using this tool. I don't recommend using the tool to remove Sophos AV from the device. In general, I only recommend using the MsFixit tool on Microsoft/Windows' software. 

    If you need to clean up a Sophos installation, you'll want to use "Sophos Zap." 

    Kushal Lakhan
    Global Community Support Engineer
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • That has allowed me to install Sophos Endpoint Securuty. Many thanks Qoosh