Sophos Uninstall

Content Authoring
1

We have a script that is currently not functioning. We have 32-bit and 64-bit version of Windows 7 that we are needing to completely remove Sophos on. We are testing on a 64-bit machine, the code is below. Hoping someone can tell us what we are missing?

//64-bit
//Endpoint Defense
if {exists folder “C:\Program Files\Sophos\Endpoint Defense”}
waithidden “C:\Program Files\Sophos\Endpoint Defense\uninstall.exe” /quiet
delete folder “C:\Program Files\Sophos\Endpoint Defense”

//System Protection
elseif {exists folder “C:\Program Files (x86)\Sophos\Sophos System Protection”}
waithidden MsiExec.exe /X{{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6} /quiet /norestart
delete folder “C:\Program Files (x86)\Sophos\Sophos System Protection”

//AutoUpdate
elseif {exists folder “C:\Program Files (x86)\Sophos\AutoUpdate”}
waithidden MsiExec.exe /X{{65323B2D-83D4-470D-A209-D769DB30BBDB} /quiet /norestart
delete folder “C:\Program Files (x86)\Sophos\AutoUpdate”

//RemoteManagement
elseif {exists folder “C:\Program Files (x86)\Sophos\Remote Management System”}
waithidden MsiExec.exe /X{{FED1005D-CBC8-45D5-A288-FFC7BB304121} /quiet /norestart
delete folder “C:\Program Files (x86)\Sophos\Remote Management System”

//Anti Virus
elseif {exists folder “C:\Program Files (x86)\Sophos\Sophos Anti-Virus”}
waithidden MsiExec.exe /X{{65323B2D-83D4-470D-A209-D769DB30BBDB} /quiet /norestart
delete folder “C:\Program Files (x86)\Sophos\Sophos Anti-Virus”

//Network Threat
elseif {exists folder “C:\Program Files\Sophos\Sophos Network Threat Protection”}
waithidden MsiExec.exe /X{{66967E5F-43E8-4402-87A4-04685EE5C2CB} /quiet /norestart
delete folder “C:\Program Files\Sophos\Sophos Network Threat Protection”

else
dos echo "nothing"
endif

//Delete Sophos Directory
delete folder "C:\Program Files\Sophos"
delete folder “C:\Program Files (x86)\Sophos”

2

Do you have a client log of the outcome of this action that you can share?

3

Is this what you’re wanting?

At 10:40:20 -0500 - actionsite
Command started - waithidden “C:\Program Files\Sophos\Endpoint Defense\uninstall.exe” /quiet (action:704)
At 10:40:35 -0500 -
Report posted successfully
At 10:40:35 -0500 - actionsite
Command succeeded (Exit Code=0) waithidden “C:\Program Files\Sophos\Endpoint Defense\uninstall.exe” /quiet (action:704)
Command succeeded delete No ‘C:\Program Files (x86)\BigFix Enterprise\BES Client__BESData\actionsite\folder’ exists to delete, no failure reported (action:704)
Command succeeded delete No ‘C:\Program Files (x86)\BigFix Enterprise\BES Client__BESData\actionsite\folder’ exists to delete, no failure reported (action:704)
Command succeeded delete No ‘C:\Program Files (x86)\BigFix Enterprise\BES Client__BESData\actionsite\folder’ exists to delete, no failure reported (action:704)
At 10:40:35 -0500 -
ActionLogMessage: (action:704) ending action
Not Relevant - Uninstall “All Sophos” Files - 64bit (fixlet:704)

4

By the looks of it, your script is completing successfully. Is the console reporting a failure?

5

No, the console is showing completed, however all instances of Sophos are still installed.

6

If you were to invoke the string on the command line of a machine manually, does the uninstall complete successfully?

I also believe that if the uninstall completes, the folders should remove with the uninstaller so a removal of the folders shouldn’t be necessary.

7

Yes, running the uninstall string from the command prompt uninstalls the program correctly.

8

This command will check the 32 bit directory so I doubt thats what you want. Use x64 folder https://developer.bigfix.com/relevance/reference/string.html#x64-folder-string-folder to get to the 64 bit program files.

I’d actually change these to the following to be cleaner

For 64 bit the pattern is

if {exists folder "Endpoint Defense" of folder "Sophos" of program files x64 folder}

For 32 bit the pattern is

if {exists folder "Endpoint Defense" of folder "Sophos" of program files x32 folder}

The whole thing is a lot simpler if you just had relevance on the action to look for the directories you want like:

exists folder "Sophos" of program files x32 folder OR exists folder "Sophos" of program files x64 folder

edit: I missed that there was an uninstall command

Then the actionscript of the following to delete them: (they will handle the folders missing)

<uninstall command so you may need to look for them again>
folder delete {pathname of folder "Sophos" of program files x32 folder}
folder delete {pathname of folder "Sophos" of program files x64 folder}

https://developer.bigfix.com/relevance/reference/folder.html#program-files-x64-folder-folder
https://developer.bigfix.com/relevance/reference/folder.html#program-files-x32-folder-folder
https://developer.bigfix.com/action-script/reference/file/folder-delete.html

1 Like
9

I would also ask if these installations have tamper protection turned on that is preventing uninstalls from happening? You say that running the command on the command line has no problem but you continue to have issues running with BigFix which doesn’t make much sense. If your command works manually, in pretty much every case I’ve seen, it should work automatically.

Is Sophos getting removed and your now orphaned folders just not getting deleted?

https://community.sophos.com/kb/en-us/124377

10

So I did take some time and create something that may be a little more flexible when it comes to removing Sophos and components. It’s not based on static removals values so it should work with, presumably, any version of Sophos. I also included logging on the removal of the components in the event that needs to be investigated.

This action builds a single batch file and removes everything progressively.