Scripted Uninstall of Sophos

I've had great luck with the removal tools here with are just scripts build in AutoIT. This is not my website and I am not recommending any services or products provided therein.

http://www.sunbeltsoftware.com/Business/Agent-Uninstallers/

since im getting more than a few people ask for it ive uploaded my script to rapidshare, if for some reason that doesnt work or you cant use rapidshare, PM me with your email address and i will send it to you

https://rapidshare.com/files/749811531/RemoveSophos.zip

Do NOT run it on the server with your console installed, it will mess it up, it takes a bit of fiddling to recover as well.

if i have not replied to you then you have private messaging disabled so i have been unable to

Just to clarify a few points:

1. Sophos no longer supports any removal batch file (e.g., remsav*.bat) for uninstalling endpoint software.  You could make things worse by running the script.
2. If you need to uninstall endpoint software via a script see article 109668 for instructions on customizing the commands for your own network.
3. In checking the script linked above and which is currently hosted on RapidShare: it's a modified version of Remsav*.bat which use to have the exact wording of: "DO NOT DISTRIBUTE WITHOUT THE PRIOR CONSENT OF SOPHOS TECHNICAL SUPPORT." included at the top.  The person who re-authored it obviously removed those lines and hoped no one would notice.
4. The zip file hosted on RapidShare contains a copy of 'miszap.exe' - a program Microsoft no longer supports and hence should not be used.

Short answer:  please don't use the script - for your own sake.

We don't so much care about people exchanging our scripts as we do about preventing problems arising from unsupported and potentially dangerous advice.

We stopped support for the removal batch files as they seriously prevent us from identifying genuine installer issues and getting those problems addressed inside the product.  The continued publishing of the above script will only hurt in the long run.

So...

• If you have a problem installing/upgrading/removing a Sophos endpoint software component: check the knowledgebase for any errors you see on screen, reported to the console, or find in the installer logs on the endpoint (C:\Windows\Temp\ folder).
• If you can't resolve the issue yourself: run the SDU program and send the log file to Support explaining what you're wanting to do and what's not working as expected (provide context on the problem and the number of computers you have tested on so far).
• If you want a script to uninstall endpoint software you can create one yourself by following article 109668.
• If you really don't have the time to troubleshoot the problem (and help us fix the problem for next time) then look at the newer Microsoft fix it tool.  See Fix problems with programs that can't be installed or uninstalled.  We can't support that either (as we didn't write it) but at least Microsoft do.

Just to re-emphasie this.

The older remsav scripts will not remove Sophos Endpoint installations fully or correctly and will break the machine leaving it with a part installation. (The .bat was last supported for SAV v7)

DO NOT USE THE SCRIPTS.

The msiexec uninstall string will work if there are no problems with the machine, if there is an issue with the machine then resolving this is recommended so that the msiexec uninstall will work.

Hi Herpderp,

can you give me the script for uninstall please?

To try and make this as clear as possible...

There are generally two reasons why you may think a script is the answer:

• You have attempted to uninstall/upgrade one or more installed components and this fails (for any number of reasons).
  Or... 
• You have a large number of computers that you need to remove Sophos Endpoint Protection from and you want to avoid visiting each workstation.

In the first case a script is not the answer. It is no more powerful than trying to remove via 'Add/Remove Programs' (or ' Programs and Features' on Vista+).  That's the key point here: scripts have no special abilities to workaround the error.

In the second case article 109668 is your answer.  Any script not created by you cannot be guaranteed to work on your computers.  As the article states you have to check what is installed on one computer (a typical computer that represents the large number of computers you are attempting to remove software from) and copy out the 'UninstallString' registry values you need.  It's the only way to get it perfect.

Hi i really need a uninstall script for Sophos 9.

After last night the clients want to update to version 10 but they got a message with client installation error.

We have about 200 computers here and i dont want to manual uninstall version 9

Hi,

What was the error?  It might be easier to fix that?

Have you looked at the MSI and custom action log file from \windows\temp on one or two of the failing machines?

Feel free to provide links to the files here if you can host them somewhere.

Regards,

Jak

CustomActions log:

2012-07-27 09:15:48 RemoveSAVI: Action started
2012-07-27 09:15:50 RemoveSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate
2012-07-27 09:15:50 RemoveSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__
2012-07-27 09:15:50 RemoveSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate
2012-07-27 09:15:50 RemoveSAVI: UpdateRequest signalled
2012-07-27 09:15:50 RemoveSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended
2012-07-27 09:15:50 RemoveSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__
2012-07-27 09:15:50 RemoveSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended
2012-07-27 09:15:50 RemoveSAVI: Action succeeded
2012-07-27 09:16:00 DeleteUserGroups: Action started
2012-07-27 09:16:00 DeleteUserGroups: We are not a domain controller: Attempting to delete local user groups
2012-07-27 09:16:00 DeleteUserGroups: Action succeeded
2012-07-27 09:16:35 RollbackUpdateSavAdapterDll: Action started
2012-07-27 09:16:35 RollbackUpdateSavAdapterDll: Action succeeded
2012-07-27 09:16:35 DeleteOtherFiles: Action started
2012-07-27 09:16:35 Error deleting file: C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll.stf00 with error: Toegang geweigerd.
.
2012-07-27 09:16:35 Error deleting file: C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll.stf01 with error: Toegang geweigerd.
.
2012-07-27 09:16:35 Error deleting file: C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll.stf02 with error: Toegang geweigerd.
.
2012-07-27 09:16:35 Error deleting file: C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll.stf03 with error: Toegang geweigerd.
.
2012-07-27 09:16:35 DeleteOtherFiles: GetRidOfExistingDetoured - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll detoured exists, proceeding to rename it & mark for delete.
2012-07-27 09:16:35 DeleteOtherFiles: PROCESSOR_ARCHITECTURE environment variable is: x86
2012-07-27 09:16:35 DeleteOtherFiles: GetRidOfExistingDetoured - C:\Program Files\Sophos\Sophos Anti-Virus\detoured.dll does not exist, no further action.
2012-07-27 09:16:35 DeleteOtherFiles: Deleting config file folder
2012-07-27 09:16:35 DeleteOtherFiles: Failed to delete config folder, 2
2012-07-27 09:16:35 DeleteOtherFiles: Action succeeded
2012-07-27 09:16:35 ForceDeleteFiles: Action started
2012-07-27 09:16:35 ForceDeleteFiles: Error deleting DesktopMessaging registry key. Returned error was: Het systeem kan het opgegeven bestand niet vinden.

2012-07-27 09:16:35 ForceDeleteFiles: Action succeeded
2012-07-27 09:16:36 RunErrorScripts: Action started
2012-07-27 09:16:36 RunErrorScripts: Action succeeded
2012-07-27 09:16:36 RestoreMovedFiles: Action started
2012-07-27 09:16:36 RestoreMovedFiles: Action succeeded
2012-07-27 09:16:36 SetUpdateFailed: Action started
2012-07-27 09:16:36 SetUpdateFailed: Unable to create an instance of ComponentManager - SystemInformation cannot be informed of end of update
2012-07-27 09:16:36 SetUpdateFailed: Action succeeded

Major install log:

Property(S): UNINSTALLCLASSFILTER = 1
Property(S): UNINSTALLDRIVERS = 1
Property(S): UNINSTALLERROR = An older version of Sophos Anti-Virus has not been fully removed from your machine. Please reboot your machine before attempting to install Sophos Anti-Virus.
Property(S): UNINSTALLKMSDRIVERS = 1
Property(S): UPDATEBOOTDRIVERS = 1
Property(S): UPDATECLASSFILTER = 1
Property(S): VIRUSDATAUPDATE = 0
Property(S): ISReleaseFlags = SAV
Property(S): RollBackInstallDeviceControl = C:\Program Files\Sophos\Sophos Anti-Virus\
Property(S): AdminUser = 1
Property(S): ROOTDRIVE = C:\
Property(S): ACTION = INSTALL
Property(S): UILevel = 2
Property(S): OriginalDatabase = C:\Program Files\Sophos\AutoUpdate\cache\savxp\Sophos Anti-Virus.msi
Property(S): DATABASE = C:\WINDOWS\Installer\20bda3.msi
Property(S): InstallShieldTempProp = 0
Property(S): Privileged = 1
Property(S): RedirectedDllSupport = 2
Property(S): MsiWin32AssemblySupport = 5.1.2600.3019
Property(S): MsiNetAssemblySupport = 2.0.50727.3053
Property(S): Date = 27-7-2012
Property(S): Time = 9:16:36
Property(S): TTCSupport = 1
Property(S): ColorBits = 32
Property(S): TextHeight = 16
Property(S): BorderSide = 1
Property(S): BorderTop = 1
Property(S): CaptionHeight = 26
Property(S): ScreenY = 1200
Property(S): ScreenX = 1920
Property(S): SystemLanguageID = 1043
Property(S): ComputerName = DT110WXP0108
Property(S): UserLanguageID = 1043
Property(S): USERNAME = Dell
Property(S): UserSID = S-1-5-18
Property(S): LogonUser = SYSTEM
Property(S): VirtualMemory = 3460
Property(S): PhysicalMemory = 2005
Property(S): Intel = 6
Property(S): ShellAdvtSupport = 1
Property(S): OLEAdvtSupport = 1
Property(S): GPTSupport = 1
Property(S): MyPicturesFolder = C:\WINDOWS\system32\config\systemprofile\Mijn documenten\Mijn afbeeldingen\
Property(S): RecentFolder = C:\WINDOWS\system32\config\systemprofile\Onlangs geopend\
Property(S): PrintHoodFolder = C:\WINDOWS\system32\config\systemprofile\Netwerkprinteromgeving\
Property(S): PersonalFolder = C:\WINDOWS\system32\config\systemprofile\Mijn documenten\
Property(S): NetHoodFolder = C:\WINDOWS\system32\config\systemprofile\NetHood\
Property(S): AppDataFolder = C:\WINDOWS\system32\config\systemprofile\Application Data\
Property(S): RemoteAdminTS = 1
Property(S): MsiNTProductType = 1
Property(S): ServicePackLevelMinor = 0
Property(S): ServicePackLevel = 2
Property(S): WindowsBuild = 2600
Property(S): VersionMsi = 3.01
Property(S): VersionDatabase = 200
Property(S): CLIENTPROCESSID = 2652
Property(S): CLIENTUILEVEL = 3
Property(S): CURRENTDIRECTORY = C:\WINDOWS\system32
Property(S): WEBCONTROL = 1
Property(S): UPDATEKMSDRIVERS = 1
Property(S): REBOOT = ReallySuppress
Property(S): PackagecodeChanging = 1
Property(S): ProductState = -1
Property(S): PackageCode = {8610DF5B-50F1-4BBA-9571-6F9E537CC5FE}
Property(S): CostingComplete = 1
Property(S): OutOfDiskSpace = 0
Property(S): OutOfNoRbDiskSpace = 0
Property(S): PrimaryVolumeSpaceAvailable = 0
Property(S): PrimaryVolumeSpaceRequired = 0
Property(S): PrimaryVolumeSpaceRemaining = 0
Property(S): SOURCEDIR = C:\Program Files\Sophos\AutoUpdate\cache\savxp\
Property(S): SourcedirProduct = {9ACB414D-9347-40B6-A453-5EFB2DB59DFA}
Property(S): ProductToBeRegistered = 1
MSI (s) (1C:74) [09:16:36:627]: Note: 1: 1708
MSI (s) (1C:74) [09:16:36:627]: Product: Sophos Anti-Virus -- Installation operation failed.

MSI (s) (1C:74) [09:16:36:627]: Cleaning up uninstalled install packages, if any exist
MSI (s) (1C:74) [09:16:36:627]: MainEngineThread is returning 1603
MSI (s) (1C:B8) [09:16:36:737]: Destroying RemoteAPI object.
MSI (s) (1C:88) [09:16:36:737]: Custom Action Manager thread ending.
=== Logging stopped: 27-7-2012 9:16:36 ===
MSI (c) (5C:A8) [09:16:36:768]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (5C:A8) [09:16:36:768]: MainEngineThread is returning 1603
=== Verbose logging stopped: 27-7-2012 9:16:36 ===

2012-07-27 09:16:36 ERROR: Installation failed