- To remove malware from a local computer: From the taskbar, open Sophos Endpoint Security and Control by double-clicking the Sophos shield. If you are prompted by User Account Control (UAC) to allow the action, select Yes. Click Manage quarantine items. In the Quarantine Manager, click the Available actions column header to sort the list of.
- Go to Programs and Features and uninstall the Sophos components in the following order: Notes: If the component is not listed, it may not be installed. Proceed with the next component. A prompt to restart the computer will appear after uninstalling Sophos Exploit Prevention. Sophos Remote Management System; Sophos Network Threat Protection.
- The first removal step should always be to attempt removal by running the normal uninstaller: # /opt/sophos-av/ uninstall.sh. If running the normal uninstaller does not complete or will not run for some reason, the steps outlined in this knowledge base article can be used to remove SAV for Linux manually. The following sections are covered.
Sophos Intercept X for Mobile is a Mobile Threat Defense (MTD) solution for your Android device, iPhone. Manually remove the Google account from the device. Manually removing Sophos puremessage when it will not uninstall. Here are the steps: Stop Internet Information Services, Stop and disable the PureMessage related services and many more.
Manually Remove Sophos Endpoint
Instructions if you are unable to uninstall Sophos because of Tamper Protection needs to be turned off or the tamper protection password is lost and the client cannot receive a new policy without a known password.
To recover a tamper protected system, you must disable Enhanced Tamper Protection.
NOTE: Do a backup of your registry before you attempt this procedure.
Applies to the following Sophos products and versions
Sophos Endpoint Security and Control 10.6.4
Sophos Cloud Managed Endpoint
Manual Removal Sophos
2 Steps total
Step 1: Sophos Enterprise Console managed client
1. Boot the system into Safe Mode.
2. Click Start > Run > services.msc > right-click Sophos Anti-Virus service > properties > set to disabled > OK
3. Click Start > Run and type regedit and then click OK.
4. Go to the following location in the registry editor:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSophos Endpoint DefenseTamperProtectionConfig
5. Set the following DWORD values to 0: SAVEnabled and SEDEnabled
6. Go to the following location in the registry editor:
HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeSophosSAVServiceTamperProtection and set the REG_DWORD Enabled to 0
7. Reboot the system in normal mode.
Step 2: Sophos Central managed client
1. Boot the system into Safe Mode.
2. Click Start > Run > services.msc > right-click Sophos Anti-Virus service > properties > set to disabled > OK
3. Click Start > Run and type regedit and then click OK.
4. Go to the following location in the registry editor:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSophos MCS Agent and set the REG_DWORD Start to 0x00000004
5. Go to the following location in the registry editor:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSophos Endpoint DefenseTamperProtectionConfig and set the following REG_DWORD values SAVEnabled and SEDEnabled to 0
6. Go to the following location in the registry editor:
HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeSophosSAVServiceTamperProtection and set the REG_DWORD Enabled to 0
7. Reboot the system in normal mode.
Enhanced Tamper Protection is now disabled.
You should now be able to uninstall Sophos Protection.
References
- Sophos Endpoint Defense: How to recover a tamper protected system
2 Comments
Manually Remove Sophos Endpoint Protection
- Jalapenojimarnold Aug 2, 2019 at 01:08pm
There might be an easier way:
If you log into the admin portal for Sophos, then go to Logs & Reports, there is a report under the 'Endpoint & Server Protection' category called 'Recover Tamper Protection Passwords'
If you run this report, it allows you to search for the deleted computer name and provides you with the tamper protection password for that computer. This allows you then to 'login' on the client software to override the policy and turn off tamper protection for 4 hours. This should be enough time to uninstall.
I found myself cursing the Sophos portal until I discovered this little nudget of gold!
- Pimientospicehead-3jrws Aug 10, 2021 at 03:56am
What do I need to do if I go to the safe mode to change the computer's registry as indicated above but the registry does not allow me to modify the values on it?
By . Published on May 2, 2018
Removing Sophos Antivirus from Mac OS X –
- Access your Applications folder
- Double-Click on the Remove Sophos Endpoint* application
- Click on the Continue button
- If prompted, enter your Username and Password
- Click on the OK button
- OnThe removal was successful window, click on the Close button
- The Sophos Antivirus Shield will also be removed from the menu bar indicating a successful uninstall
- Reboot your computer when finished
*If you are not able to locate the Remove Sophos Endpoint application, you may need to download and run the Sophos Anti-Virus for Mac: Removal Tool.