Remove Endpoint Clients using Sophos Deployment
We are a split environment requiring two different AV products due to business security policies. Currently our entire environment is Endpoint 11. However we have a mandate to change over about half of our desktops to Sophos in order to abide by regulations with that side of the companies business unit.
When trying to install Sophos clients and choose the automatic uninstall option it will not remove Endpoint on these computers a comes back with an error. The error that is indicated on Sophos's site indicates this is likely due to tamper protection. I have ensured that tamper protection, uninstall password and management password has been disabled in the policies effecting these PC's and it has had several hours to take effect. It works fine on any of our clients with version 10.x but not with our EP 11.x clients. Sophos claims their unintstall utility is able to handle EP clients and I tend to believe them.
Can someone provide some insight into this?
Comments
What version of SEP do you have installed?
Does Sophos support automated uninstall of that version properly?
Surely you are testing this first?
You can always use SCSCleanwipe or just a script that calls the MSI uninstall.
Z
We are using 11.0.3.
Yes this is a test environment currently. Sophos claims they support automatic uninstall of EndPoint as well as the older 10.x versions.
I am somewhat familiar scsleanwipe but I would prefer another method as we dont like the number of reboots required when using that method and the scripting involved to ensure its working correctly.
How could we script the calling of the msi uninstaller from a central network path? That sounds like a cleaner way to handle the job.
Thanks
To uninstall a product, Its just a one liner always
%windir%\system32\msiexec.exe /q /x %pcd% %lgn% %rst%
where you can set the parameters.
pcd : The product code you will find under HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\ProductCode
lgn : Use extensive logging like /LIME switch
rst : Forcerestart after uninstall (recommended)
An Example
%windir%\system32\msiexec.exe /q /x {CEC76ED2-35A7-4931-90CF-C44E54ED5CE9} /LIME /forcerestart
Save it as a bat file and publish it via GPO
Hi,
The version mentioned may not be of a known SEP type by the Sophos removal tool. A quick search on the Sophos site details what versions of SEP are covered in the removal tool. Sophos support can assist / advise on how to add in detection / removal capabilities into their removal tool. It is a pretty easy process I would suggest contacting them to get the additional detection / removal for this particular version of SEP.
This link details what versions of products Sophos can remove:
This link details sophos contact information:
http://www.sophos.com/products/enterprise/endpoint/security-and-control/8.0/management/removal-tool.html
I hope this helps regards.
[Edited: Removed personal information per the community rules and regulations.]
Thanks for the link therootguy! I searched the site and never came across an actual version mentioned aside from the KB arcticle mentioning version EndPoint Security and prior versions.
http://www.tuscanynetworks.c
http://www.tuscanynetworks.com/solutions/uk/it-security/Endpoint.php
http://www.scmagazineus.com/Sophos-Endpoint-Securi...
hope its help you to somewat..
Would you like to reply?
Login or Register to post your comment.