Security Best Practices

Uninstall Sophos components using GUID by Powershell

Sophos Anti-Virus and its components can be uninstalled by using GUID and ‘MsiExec.exe’ (Windows Installer). This GUID’s can be found from “Registry Editor” (regedit.exe).

The paths in Registry Editor for 64bit windows OS are:
‘HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall‘ (64bit node) & ‘HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall‘ (32 bit node).

Before dive down into Powershell Scripting, let us member, Sophos components needs to be uninstalled in a particular order and it depends on Sophos version and can be found in Sophos Support portal.
First Sophos services needs to be identified and stopped before proceeding to uninstall.

Below is the Powershell snippet to identify Sophos services and stop the services:
Get-Service | ? {$_.DisplayName -like "Sophos*"} | Stop-Service

Next, need to find the GUID’s of components and uninstall path of Sophos Endpoint Defense

Subscribe to RSS - Security Best Practices