Sophos AV AntiVirus Central managed client can not uninstall

Posted by on April 26, 2023 Leave a comment (0) Go to comments

Sophos Antivirus Central managed client – can not be uninstalled

  1. On the Windows sign-in screen, press and hold the Shift key while you select Power  > Restart.
  2. On Choose an option, click Troubleshoot, then click Advanced options and Command Prompt:
  3. Following the restart, select an administrative account to continue and enter the password.
  4. Open Command Prompt.
  5. Type C: and click Enter.
  6. Type cd Windows\System32\drivers and click Enter.
  7. Type ren SophosED.sys SophosED.sys.old and click Enter.
  8. Type exit and click Enter.
  9. Click Continue.
    Once back to normal Windows mode, follow these steps: 
  10. Click Start followed by Run then type services.msc
  11. Right-click the Sophos Anti-Virus service then Properties
  12. Set the Startup type to Disabled then click the OK button.
    Repeat for Sophos MCS Agent service
  13. In Run, type regedit.exe then click the OK button.
  14. Back-up the registry
  15. Navigate to
     HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos MCS Agent 
    set the Value data of Start to 0x00000004
  16. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVService  and set the Value data of Start to 0x00000004
  17. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos AutoUpdate Service  and set the Value data of Start to 0x00000004
  18. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Services and under every subkey in this location set the Value data of Protected to 0.
    • Example:
      • Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Services\SAVService and set the Value data of Protected to 0.
  19. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config and set the Value data of SAVEnabled and SEDEnabled to 0.
  20. Set the Value data of Enabled to 0 in the following:
    • 32-bit: 
      HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVService\TamperProtection
    • 64-bit: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\SAVService\TamperProtection
  21. Restart the computer
  22. download SophosZAP tool
  23. Open Command Prompt with admin privilege.
  24. Change the path to the current location of SophosZap.exe.
  25. Run the command SophosZap --confirm.
  26. You might have to restart PC and run SophosZAP tool again


Uncategorized

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.