Uninstall Sophos components using GUID by Powershell

Sophos Anti-Virus and its components can be uninstalled by using GUID and ‘MsiExec.exe’ (Windows Installer). This GUID’s can be found from “Registry Editor” (regedit.exe).

The paths in Registry Editor for 64bit windows OS are:
‘HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall‘ (64bit node) & ‘HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall‘ (32 bit node).

Before dive down into Powershell Scripting, let us member, Sophos components needs to be uninstalled in a particular order and it depends on Sophos version and can be found in Sophos Support portal.
First Sophos services needs to be identified and stopped before proceeding to uninstall.

Below is the Powershell snippet to identify Sophos services and stop the services:
Get-Service | ? {$_.DisplayName -like "Sophos*"} | Stop-Service

Next, need to find the GUID’s of components and uninstall path of Sophos Endpoint Defense

$64bitNode = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
$32bitNode = 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall'
$uninstallPath = Get-ChildItem -Path $64bitNode,$32bitNode | Get-ItemProperty | ? {$_.DisplayName -match "Sophos*" }
$uninstall=$uninstallPath | Select-Object -Property DisplayName, DisplayVersion, UninstallString

Hashtables can be used to create key value pairs of Components (key) and uninstall string (value)
$uninstallGUID = @{}
foreach($un in $uninstall){
$uninstallGUID+=@{$un.displayname = $un.uninstallstring}
}
Now comes the components list to be uninstalled
$sophosComponents = @("Comp1", "Comp2","Comp3","Sophos Endpoint Defense")
Note: Replace Comp* with name of component name

Uninstall the Components using GUID’s and uninstall path for Sophos Endpoint Defense
foreach($s in $sophosComponents){
if ($uninstallGUID[$s] -like "msiexec*") {
try{
Start-Process msiexec.exe -ArgumentList $uninstallGUID[$s].Split(" ")[1] " /qn REBOOT=SUPPRESS -Wait
}
catch{ write-host "Error uninstalling" }
}
else
{
Start-Process $uninstallGUID[$s] -Wait -NoNewWindow
}
}

Authored by: Shaik Moula, Cyber Security, TCS

Rate this article: 
No votes yet
Article category: