In my examples I was using remote cmd management tool to run powershell commands but you can use them directly. Powershell.exe "Get-WmiObject -Namespace root\Securit圜enter2 -Class AntiVirusProduct | ForEach-Object "
User instanceGuid property to determine which one you want to delete. Than you find the obsolete one by comparing timestamp property I have used this command to get all anti viruses installed.Ĭ:\>powershell "Get-WmiObject -Namespace root\Securit圜enter2 -Class AntiVirusProduct" My solution was to manually cleanup WMI Registry. Uninstall/Reinstall of Sophos on same machine didn't help with WMI Repository cleanup.
One is Windows Defender and 2 Sophos anti viruses, where one Sophos was outdated. I had a situation that there are 3 anti viruses on some machine.
In my opinion, Sophos installer somehow didn't update WMI Repository on appropriate way. (Not antivirus database update but rather application itself update). I think it was related to Sophos Endpoint client update.
How can the Anti-virus status be updated to reflect the software is no longer installed? Windows installer parameters The uninstall strings copied from the registry may contain MsiExec.exe parameters. If Sophos does not uninstall, close all open. Log in to the endpoint or server using an admin account.
Find the Remove Sophos Endpoint icon and click it. On Windows, go to control Panel uninstall program Select Sophos to start uninstalling, then restart your PC. A connection to the computer opens in another browser tab. In Session purpose, summarize your session. To start Live Response, do as follows: Click Live Response. Therefore reorder your uninstall strings (that you extracted from the registry editor) as shown below.I've uninstalled all Sophos components from nearly all our PCs and performed a rescan, but about 15 or so PCs still show as having outdates Sophos under the Anti-virus section of the Asset Summary. To uninstall the Sophos Endpoint software from a Mac, do as follows. Before you start, ensure Live Response is turned on in Overview > Global Settings > Endpoint Protection > Live Response. The order in which the endpoint components are removed is important. A command line such as the following can be used. Prior to uninstalling the endpoint components, you should stop the Sophos AutoUpdate Service to prevent a potential update of the endpoint software during the removal. If you need further information on Windows Installer (MSIEXEC.exe) and associated parameters we recommend you consult up to date Microsoft documentation.
MsiExec.exe /X /qn REBOOT=SUPPRESS /L*v %windir%\Temp\Uninstall_SAV9-10_Log.txt For example the uninstall string for Sophos Anti-Virus v10 is:
The uninstall strings copied from the registry may contain MSIEXEC.exe parameters or you may want to add your own parameters to control what the end user sees on screen and how the computer behaves. Repeat steps three to five for all other component you need to remove. In the list of values find the ‘UninstallString’, right-click it and select ‘Modify’. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\UninstallĬlick through the list and locate the first Sophos component you need to uninstall. Note: On a 64-bit computer you will need to check both the key above and the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ On an endpoint computer open the registry editor (Start | Run | Type: regedit.exe | Press return).Įxpand the left hand tree to the following key: