Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 5794 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Endpoint and Security Manual Uninstallation

alexstef

Hi,

I hope somebody can help me. I have a really nasty situation here.

Sophos Client Firewall installed on one of users ignores the policy which pushed from the console and blocks everything.

I pushed the program from the console, but it didn't fix the issue. So I decided to uninstall and reinstall the firewall.

When I tried to uninstall, I ended up with "Fatal Error" and Firewall couldn't be removed.

I think I have to remove the Firewall manyall,

Anybody has a list of which folders, files, dll, registry need to be cleaned.

Your help would be greatly appreceated!

:21633


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Well that certainly has the error.  Unfortunately, I don't have a Windows XP machine handy with SCF installed to see exactly, only Win7 but I suspect a lookup is going on to find the inf file to uninstall the driver and this can't be found.

    On these machines, do they have, under the services keys an entry for "Oeminf", for example, on my machine I have:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\scfndis \OemInf

    Which has a value of: oem33.inf .  A quick search of the machine finds it in: "C:\Windows\inf\"

    So I suspect either the lookup fails because the registry value isn't there or the value has a file name but it can't be found.  As you're on a different OS, there might be more to unregister, so might be worth looking at other entries for SCF under the services key looking for SCF.

    I would think that Process Monitor would reveal all, at the point where it errors in the log.  It will show that either the key doesn't exit or the file the key points to doesn't.

    Ideally you can compare a working machine with one of these to see how they differ in this area of the registry.

    Hope this helps.  I'd be interested to know.

    Regards,

    Jak

    :21697
Reply
  • 0

    Hi,

    Well that certainly has the error.  Unfortunately, I don't have a Windows XP machine handy with SCF installed to see exactly, only Win7 but I suspect a lookup is going on to find the inf file to uninstall the driver and this can't be found.

    On these machines, do they have, under the services keys an entry for "Oeminf", for example, on my machine I have:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\scfndis \OemInf

    Which has a value of: oem33.inf .  A quick search of the machine finds it in: "C:\Windows\inf\"

    So I suspect either the lookup fails because the registry value isn't there or the value has a file name but it can't be found.  As you're on a different OS, there might be more to unregister, so might be worth looking at other entries for SCF under the services key looking for SCF.

    I would think that Process Monitor would reveal all, at the point where it errors in the log.  It will show that either the key doesn't exit or the file the key points to doesn't.

    Ideally you can compare a working machine with one of these to see how they differ in this area of the registry.

    Hope this helps.  I'd be interested to know.

    Regards,

    Jak

    :21697
Children
No Data