Manual Remove Sophos
To remove malware from a local computer: From the taskbar, open Sophos Endpoint Security and Control by double-clicking the Sophos shield. If you are prompted by User Account Control (UAC) to allow the action, select Yes. Click Manage quarantine items. Double-Click on the Remove Sophos Endpoint. application. Click on the Continue button. If prompted, enter your Username and Password. Click on the OK button. On The removal was successful window, click on the Close button. The Sophos Antivirus Shield will also be removed from the menu bar indicating a successful uninstall.
- From my experience with Sophos, it's is like a bad virus to get rid of. First stop, put as manual, and remove all Sophos services Second kill all Sophos processes Third uninstall all Sophos products. Has always worked for me (99 percent of the time).
- Part 1: How To Manually Uninstall Sophos Anti-Virus on Mac. Keep it in mind that you cannot uninstall the Sophos Anti-virus program by dragging it from the Applications folder to the Trash, even most of Mac apps strictly follow this principle.
- Windows 7 computers. Click on the Start button Control Panel. Click Programs and Features. Double-click on Sophos Home from the list of the installed programs. Note: In some cases, you may be prompted to restart the computer first before uninstalling Sophos Home. Simply click on Close and reboot the machine first.
Instructions if you are unable to uninstall Sophos because of Tamper Protection needs to be turned off or the tamper protection password is lost and the client cannot receive a new policy without a known password.
To recover a tamper protected system, you must disable Enhanced Tamper Protection.
NOTE: Do a backup of your registry before you attempt this procedure.
Applies to the following Sophos products and versions
Sophos Endpoint Security and Control 10.6.4
Sophos Cloud Managed Endpoint
2 Steps total
Step 1: Sophos Enterprise Console managed client
1. Boot the system into Safe Mode.
2. Click Start > Run > services.msc > right-click Sophos Anti-Virus service > properties > set to disabled > OK
3. Click Start > Run and type regedit and then click OK.
4. Go to the following location in the registry editor:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSophos Endpoint DefenseTamperProtectionConfig
5. Set the following DWORD values to 0: SAVEnabled and SEDEnabled
6. Go to the following location in the registry editor:
HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeSophosSAVServiceTamperProtection and set the REG_DWORD Enabled to 0
7. Reboot the system in normal mode.
Step 2: Sophos Central managed client
1. Boot the system into Safe Mode.
2. Click Start > Run > services.msc > right-click Sophos Anti-Virus service > properties > set to disabled > OK
3. Click Start > Run and type regedit and then click OK.
4. Go to the following location in the registry editor:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSophos MCS Agent and set the REG_DWORD Start to 0x00000004
5. Go to the following location in the registry editor:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSophos Endpoint DefenseTamperProtectionConfig and set the following REG_DWORD values SAVEnabled and SEDEnabled to 0
6. Go to the following location in the registry editor:
HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeSophosSAVServiceTamperProtection and set the REG_DWORD Enabled to 0
7. Reboot the system in normal mode.
Enhanced Tamper Protection is now disabled.
You should now be able to uninstall Sophos Protection.
References
Manual Removal Sophos
- Sophos Endpoint Defense: How to recover a tamper protected system
2 Comments
- Jalapenojimarnold Aug 2, 2019 at 01:08pm
There might be an easier way:
If you log into the admin portal for Sophos, then go to Logs & Reports, there is a report under the 'Endpoint & Server Protection' category called 'Recover Tamper Protection Passwords'
If you run this report, it allows you to search for the deleted computer name and provides you with the tamper protection password for that computer. This allows you then to 'login' on the client software to override the policy and turn off tamper protection for 4 hours. This should be enough time to uninstall.
I found myself cursing the Sophos portal until I discovered this little nudget of gold!
- Pimientospicehead-3jrws Aug 10, 2021 at 03:56am
What do I need to do if I go to the safe mode to change the computer's registry as indicated above but the registry does not allow me to modify the values on it?
By . Published on May 2, 2018
Manually Remove Sophos Endpoint Protection
Removing Sophos Antivirus from Mac OS X –
- Access your Applications folder
- Double-Click on the Remove Sophos Endpoint* application
- Click on the Continue button
- If prompted, enter your Username and Password
- Click on the OK button
- OnThe removal was successful window, click on the Close button
- The Sophos Antivirus Shield will also be removed from the menu bar indicating a successful uninstall
- Reboot your computer when finished
*If you are not able to locate the Remove Sophos Endpoint application, you may need to download and run the Sophos Anti-Virus for Mac: Removal Tool.