Sophos Antivirus Central managed client – can not be uninstalled
- On the Windows sign-in screen, press and hold the Shift key while you select Power > Restart.
- On Choose an option, click Troubleshoot, then click Advanced options and Command Prompt:
- Following the restart, select an administrative account to continue and enter the password.
- Open Command Prompt.
- Type
C:
and click Enter. - Type
cd Windows\System32\drivers
and click Enter. - Type
ren SophosED.sys SophosED.sys.old
and click Enter. - Type
exit
and click Enter. - Click Continue.
Once back to normal Windows mode, follow these steps: - Click Start followed by Run then type
services.msc
- Right-click the Sophos Anti-Virus service then Properties.
- Set the Startup type to Disabled then click the OK button.
Repeat for Sophos MCS Agent service - In Run, type
regedit.exe
then click the OK button. - Back-up the registry.
- Navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos MCS Agent
set the Value data of Start to0x00000004
- Go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVService
and set the Value data of Start to0x00000004
- Go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos AutoUpdate Service
and set the Value data of Start to0x00000004
- Go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Services
and under every subkey in this location set the Value data of Protected to 0.- Example:
- Go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Services\SAVService
and set the Value data of Protected to 0.
- Go to
- Example:
- Go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config
and set the Value data of SAVEnabled and SEDEnabled to0
. - Set the Value data of Enabled to
0
in the following:- 32-bit:
HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVService\TamperProtection
- 64-bit:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\SAVService\TamperProtection
- 32-bit:
- Restart the computer
- download SophosZAP tool
- Open Command Prompt with admin privilege.
- Change the path to the current location of
SophosZap.exe
. - Run the command
SophosZap --confirm
. - You might have to restart PC and run SophosZAP tool again
0 Comments.