Hi,
Please use this script procedure to uninstall Sophos,
Note:
- Customer should have tamper protection disabled on his endpoint
- Reboot is required once the script is executed
import _winreg
import os
def getUninstall(ProName, REGFLAG):
import _winreg
RES = []
with _winreg.OpenKey(getattr(_winreg, 'HKEY_LOCAL_MACHINE'), r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', 0, _winreg.KEY_READ | REGFLAG) as KEY:
INDEX = 0
FLAG = True
while FLAG:
try:
SUBKEY = _winreg.EnumKey(KEY, INDEX)
with _winreg.OpenKeyEx(KEY, SUBKEY) as INKEY:
try:
DisName, Value = _winreg.QueryValueEx(INKEY, 'DisplayName')
if ProName.lower() in str(DisName).lower():
UninString, UValue = _winreg.QueryValueEx(INKEY, 'UninstallString')
RES.append((DisName, UninString))
except:
pass
INDEX += 1
except:
FLAG = False
return RES
def ExecuteCMD(CMD, RES = False):
import ctypes
class disable_file_system_redirection:
_disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
_revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
def __enter__(self):
self.old_value = ctypes.c_long()
self.success = self._disable(ctypes.byref(self.old_value))
def __exit__(self, type, value, traceback):
if self.success:
self._revert(self.old_value)
from subprocess import PIPE, Popen
with disable_file_system_redirection():
OBJ = Popen(CMD, shell = True, stdout = PIPE, stderr = PIPE)
out, err = OBJ.communicate()
RET = OBJ.returncode
if RET == 0:
if RES == True:
if out:
return out.strip()
else:
return True
else:
return True
else:
if RES == True:
if err:
return err.strip()
else:
return False
else:
return False
def CollectReg(ProgramName):
import os
import _winreg
if 'PROGRAMW6432' in os.environ.keys():
REGFLAG = (_winreg.KEY_WOW64_64KEY, _winreg.KEY_WOW64_32KEY)
else:
REGFLAG = _winreg.KEY_WOW64_32KEY
if type(REGFLAG) is tuple:
US = []
for i in REGFLAG:
US.extend(getUninstall(ProgramName, i))
return US
else:
US = getUninstall(ProgramName, i)
return US
InstallOrder = ['Sophos Patch Agent', 'Sophos Compliance Agent', 'Sophos Network Threat Protection', 'Sophos System Protection', 'Sophos Client Firewall', 'Sophos Anti-Virus', 'Sophos Remote Management System', 'Sophos Management Communication System', 'Sophos AutoUpdate', 'Sophos Endpoint Defense']
US = CollectReg('sophos')
OrderedList = []
for i in InstallOrder:
for j in US:
if i == j[0]:
OrderedList.append(j)
if ExecuteCMD('net start | find /i "Sophos AutoUpdate Service"', True):
print ExecuteCMD('net stop "Sophos AutoUpdate Service"', True)
print '
'
if OrderedList:
for i in OrderedList:
if 'MsiExec.exe' in i[1]:
L = '%windir%\Temp\Uninstall_'+str(i[0].replace(' ', '-'))+'_Log.txt'
print L
C = str(i[1])+' /qn REBOOT=SUPPRESS /L*v '+L
print C
## print ExecuteCMD(C, True)
print ExecuteCMD('echo '+L, True)
print '
'
else:
print '.exe Uninstall String: '+i
print '
'
else:
print 'No Sophos Client Components'