{"id":2981,"date":"2014-01-17T08:20:06","date_gmt":"2014-01-17T08:20:06","guid":{"rendered":"http:\/\/blog.ed.gs\/?p=2981"},"modified":"2014-01-17T08:20:06","modified_gmt":"2014-01-17T08:20:06","slug":"sophos-removal","status":"publish","type":"post","link":"https:\/\/ed.gs\/2014\/01\/17\/sophos-removal\/","title":{"rendered":"Sophos Removal"},"content":{"rendered":"

I’ve created a DOS batch script to remove Sophos along with it’s services and registry as much as possible. It needs to be run either as administrator or with elevated privileges. It also requires Windows Installer Cleanup Tool (msizap.exe)<\/a> to be downloaded and included in the same folder as the script.<\/p>\n

@ECHO OFF\nECHO ====================================================================\nECHO Sophos Removal v1.0 - Ed Cooper 2014\nECHO Removes Sophos v7 - v10 \nECHO ====================================================================\nECHO.\nECHO.\nIF NOT EXIST "%~dp0\\msizap.exe" GOTO MSIZAPNOTFOUND\nECHO Administrative permissions required. Detecting permissions...\nECHO.\nnet session >NUL 2>&1\nIF %errorLevel% == 0 (\n    ECHO All good, let's go!\n    GOTO GO\n) ELSE (\n    ECHO Nah, you ain't no admin! Try again with Run as Administrator.\n    ECHO.\n    PAUSE\n    EXIT\n)\n\n:GO\nECHO.\nECHO ====================================================\nECHO Modifying Services\nECHO ====================================================\nnet stop "Sophos Agent" >NUL 2>&1\nnet stop "Sophos Anti-Virus" >NUL 2>&1\nnet stop "Sophos Anti-Virus status reporter" >NUL 2>&1\nnet stop "Sophos AutoUpdate Service" >NUL 2>&1\nnet stop "Sophos Message Router" >NUL 2>&1\nnet stop "Sophos Web Intelligence Service" >NUL 2>&1\nnet stop "Sophos Client Firewall" >NUL 2>&1\nnet stop "Sophos Client Firewall Manager" >NUL 2>&1\nnet stop "Sophos Web Control Service" >NUL 2>&1\nsc config sharedaccess start= disabled >NUL 2>&1\nsc config browser start= auto >NUL 2>&1\nsc config remoteregistry start= auto >NUL 2>&1\nsc config lanmanserver start= auto >NUL 2>&1\nsc config schedule start= auto >NUL 2>&1\nsc config msiserver start= auto >NUL 2>&1\nsc config lanmanworkstation start= auto >NUL 2>&1\nnet stop sharedaccess >NUL 2>&1\nnet start lanmanworkstation >NUL 2>&1\nnet start msiserver >NUL 2>&1\nnet start schedule >NUL 2>&1\nnet start lanmanserver >NUL 2>&1\nnet start remoteregistry >NUL 2>&1\nnet start browser >NUL 2>&1\nECHO.\nECHO Done\nECHO.\nECHO ====================================================\nECHO Performing MSI Uninstall\nECHO ====================================================\nmsiexec.exe /x "c:\\program files\\sophos\\autoupdate\\cache\\savxp\\sophos anti-virus.msi" /q /norestart >NUL 2>&1\nmsiexec.exe /x "c:\\program files\\sophos\\autoupdate\\cache\\rms\\sophos remote management system.msi" /q /norestart >NUL 2>&1\nmsiexec.exe /x "c:\\program files\\sophos\\autoupdate\\cache\\sau\\sophos autoupdate.msi" /q /norestart >NUL 2>&1\nmsiexec.exe /x "c:\\program files\\sophos\\autoupdate\\cache\\scf\\sophos client firewall.msi" /q /norestart >NUL 2>&1\nreg delete HKLM\\Software\\Sophos /f >NUL 2>&1\nreg delete HKCU\\Software\\Sophos /f >NUL 2>&1\nreg delete "HKLM\\SYSTEM\\CurrentControlSet\\Services\\Sophos Agent" /f >NUL 2>&1\nreg delete "HKLM\\SYSTEM\\CurrentControlSet\\Services\\SavService" /f >NUL 2>&1\nreg delete "HKLM\\SYSTEM\\CurrentControlSet\\Services\\SAVAdminService" /f >NUL 2>&1\nreg delete "HKLM\\SYSTEM\\CurrentControlSet\\Services\\Sophos AutoUpdate Agent" /f >NUL 2>&1\nreg delete "HKLM\\SYSTEM\\CurrentControlSet\\Services\\Sophos AutoUpdate Service" /f >NUL 2>&1\nreg delete "HKLM\\SYSTEM\\CurrentControlSet\\Services\\Sophos Certification Manager" /f >NUL 2>&1\nreg delete "HKLM\\SYSTEM\\CurrentControlSet\\Services\\Sophos EMLib Update Agent" /f >NUL 2>&1\nreg delete "HKLM\\SYSTEM\\CurrentControlSet\\Services\\SEMscheduler" /f >NUL 2>&1\nreg delete "HKLM\\SYSTEM\\CurrentControlSet\\Services\\Sophos Management Service" /f >NUL 2>&1\nreg delete "HKLM\\SYSTEM\\CurrentControlSet\\Services\\Sophos Message Router" /f >NUL 2>&1\nreg delete "HKLM\\SYSTEM\\CurrentControlSet\\Services\\SQLAgent$SOPHOS" /f >NUL 2>&1\nreg delete "HKLM\\SYSTEM\\CurrentControlSet\\Services\\MSSQL$SOPHOS" /f >NUL 2>&1\nreg delete "HKLM\\System\\CurrentControlSet\\Services\\Eventlog\\Sophos" /f >NUL 2>&1\nreg delete "HKEY_CLASSES_ROOT\\ISPSheet" /f >NUL 2>&1\nreg delete "HKEY_CLASSES_ROOT\\ISPSheet.1" /f >NUL 2>&1\nreg delete "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{061CC07B-BA7A-44D1-81FA-D36BE1CE55D9}" /f >NUL 2>&1\nTASKKILL /F /IM "Almon.exe" >NUL 2>&1\nTASKKILL /F /IM "swc_service.exe" >NUL 2>&1\nECHO.\nECHO Done\nECHO.\nECHO ====================================================\nECHO Performing MSI Cleanup\nECHO ====================================================\n"%~dp0\\MSIZAP.EXE" tw {15C418EB-7675-42be-B2B3-281952DA014D} >NUL 2>&1\n"%~dp0\\MSIZAP.EXE" tw {09C6BF52-6DBA-4A97-9939-B6C24E4738BF} >NUL 2>&1\n"%~dp0\\MSIZAP.EXE" tw {9ACB414D-9347-40B6-A453-5EFB2DB59DFA} >NUL 2>&1\n"%~dp0\\MSIZAP.EXE" tw {C12953C2-4F15-4A6C-91BC-511B96AE2775} >NUL 2>&1\n"%~dp0\\MSIZAP.EXE" tw {FF11005D-CBC8-45D5-A288-25C7BB304121} >NUL 2>&1\n"%~dp0\\MSIZAP.EXE" tw {FED1005D-CBC8-45D5-A288-FFC7BB304121} >NUL 2>&1\n"%~dp0\\MSIZAP.EXE" tw {12C00299-B8B4-40D3-9663-66ABEA3198AB} >NUL 2>&1\nECHO.\nECHO Done\nECHO.\nECHO ====================================================\nECHO Performing Registry Cleanup\nECHO ====================================================\nreg delete HKLM\\Software\\Sophos /f >NUL 2>&1\nreg delete HKCU\\Software\\Sophos /f >NUL 2>&1\nreg delete "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\AppInit_DLLs" /f >NUL 2>&1\nreg delete "HKLM\\SYSTEM\\CurrentControlSet\\Services\\Sophos Agent" /f >NUL 2>&1\nreg delete "HKLM\\SYSTEM\\CurrentControlSet\\Services\\SavService" /f >NUL 2>&1\nreg delete "HKLM\\SYSTEM\\CurrentControlSet\\Services\\SAVAdminService" /f >NUL 2>&1\nreg delete "HKLM\\SYSTEM\\CurrentControlSet\\Services\\Sophos AutoUpdate Agent" /f >NUL 2>&1\nreg delete "HKLM\\SYSTEM\\CurrentControlSet\\Services\\Sophos AutoUpdate Service" /f >NUL 2>&1\nreg delete "HKLM\\SYSTEM\\CurrentControlSet\\Services\\Sophos Certification Manager" /f >NUL 2>&1\nreg delete "HKLM\\SYSTEM\\CurrentControlSet\\Services\\Sophos EMLib Update Agent" /f >NUL 2>&1\nreg delete "HKLM\\SYSTEM\\CurrentControlSet\\Services\\SEMscheduler" /f >NUL 2>&1\nreg delete "HKLM\\SYSTEM\\CurrentControlSet\\Services\\Sophos Management Service" /f >NUL 2>&1\nreg delete "HKLM\\SYSTEM\\CurrentControlSet\\Services\\Sophos Message Router" /f >NUL 2>&1\nreg delete "HKLM\\SYSTEM\\CurrentControlSet\\Services\\SQLAgent$SOPHOS" /f >NUL 2>&1\nreg delete "HKLM\\SYSTEM\\CurrentControlSet\\Services\\MSSQL$SOPHOS" /f >NUL 2>&1\nreg delete "HKLM\\System\\CurrentControlSet\\Services\\Eventlog\\Sophos" /f >NUL 2>&1\nreg delete "HKEY_CLASSES_ROOT\\ISPSheet" /f >NUL 2>&1\nreg delete "HKEY_CLASSES_ROOT\\ISPSheet.1" /f >NUL 2>&1\nreg delete "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\{061CC07B-BA7A-44D1-81FA-D36BE1CE55D9}" /f >NUL 2>&1\nECHO REGEDIT4 > %TEMP%\\SOTMP.REG\nECHO. >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_CLASSES_ROOT\\Installer\\Products\\25FB6C90ABD679A499936B2CE47483FB] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_CLASSES_ROOT\\Installer\\Products\\BE814C515767eb242B3B829125AD10D4] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_CLASSES_ROOT\\Installer\\Products\\2C35921C51F4C6A419CB15B169EA7257] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_CLASSES_ROOT\\Installer\\Products\\D50011FF8CBC5D542A88527CBB031412] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_CLASSES_ROOT\\Installer\\Features\\25FB6C90ABD679A499936B2CE47483FB] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_CLASSES_ROOT\\Installer\\Features\\BE814C515767eb242B3B829125AD10D4] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_CLASSES_ROOT\\Installer\\Features\\2C35921C51F4C6A419CB15B169EA7257] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_CLASSES_ROOT\\Installer\\Features\\D50011FF8CBC5D542A88527CBB031412] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_CLASSES_ROOT\\Installer\\UpgradeCodes\\E932B7952303A1943A2218777329E5A8] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_CLASSES_ROOT\\Installer\\UpgradeCodes\\0D6888B32A8929940ACA98A3DEBB94B4] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_CLASSES_ROOT\\Installer\\UpgradeCodes\\A2ECF5789F971654CBB5476964870E94] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Features\\25FB6C90ABD679A499936B2CE47483FB] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Features\\BE814C515767eb242B3B829125AD10D4] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Features\\2C35921C51F4C6A419CB15B169EA7257] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Features\\D50011FF8CBC5D542A88527CBB031412] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Products\\25FB6C90ABD679A499936B2CE47483FB] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Products\\BE814C515767eb242B3B829125AD10D4] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Products\\2C35921C51F4C6A419CB15B169EA7257] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Products\\D50011FF8CBC5D542A88527CBB031412] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\UpgradeCodes\\E932B7952303A1943A2218777329E5A8] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\UpgradeCodes\\0D6888B32A8929940ACA98A3DEBB94B4] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\UpgradeCodes\\A2ECF5789F971654CBB5476964870E94] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UpgradeCodes\\E932B7952303A194 3A2218777329E5A8] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UpgradeCodes\\0D6888B32A892994 0ACA98A3DEBB94B4] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UpgradeCodes\\A2ECF5789F971654 CBB5476964870E94] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\25FB6C90ABD679A499936B2CE47483FB] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\BE814C515767eb242B3B829125AD10D4] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\2C35921C51F4C6A419CB15B169EA7257] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\D50011FF8CBC5D542A88527CBB031412] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_CURRENT_USER\\Software\\Sophos] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\Software\\Sophos] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{09C6BF52-6DBA-4A97-9939-B6C24E4738BF}] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{15C418EB-7675-42be-B2B3-281952DA014D}] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C12953C2-4F15-4A6C-91BC-511B96AE2775}] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{FF11005D-CBC8-45D5-A288-25C7BB304121}] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Enum\\Root\\LEGACY_SAVADMINSERVICE] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Enum\\Root\\LEGACY_SAVONACCESS_CONTROL] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Enum\\Root\\LEGACY_SAVONACCESS_FILTER] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Enum\\Root\\LEGACY_SAVSERVICE] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Enum\\Root\\LEGACY_SOPHOS_AGENT] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Enum\\Root\\LEGACY_SOPHOS_AUTOUPDATE_AGENT] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Enum\\Root\\LEGACY_SOPHOS_AUTOUPDATE_SERVICE] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Enum\\Root\\LEGACY_SOPHOS_MESSAGE_ROUTER] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Eventlog\\Application\\SophosAntiVirus] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Eventlog\\System\\SAVOnAccess Control] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Eventlog\\System\\SAVOnAccess Filter] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\SAVAdminService] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\SAVOnAccess Control] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\SAVOnAccess Filter] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\SAVService] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Sophos Agent] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Sophos AutoUpdate Agent] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Sophos AutoUpdate Service] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Sophos Message Router] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Enum\\Root\\LEGACY_SAVADMINSERVICE] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Enum\\Root\\LEGACY_SAVONACCESS_CONTROL] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Enum\\Root\\LEGACY_SAVONACCESS_FILTER] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Enum\\Root\\LEGACY_SOPHOS_AGENT] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Enum\\Root\\LEGACY_SAVSERVICE] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Enum\\Root\\LEGACY_SOPHOS_AUTOUPDATE_AGENT] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Enum\\Root\\LEGACY_SOPHOS_AUTOUPDATE_SERVICE] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Enum\\Root\\LEGACY_SOPHOS_MESSAGE_ROUTER] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Eventlog\\Application\\SophosAntiVirus] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Eventlog\\System\\SAVOnAccess Control] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Eventlog\\System\\SAVOnAccess Filter] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SAVAdminService] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SAVOnAccess Control] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SAVOnAccess Filter] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SAVService] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Sophos Agent] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Sophos AutoUpdate Agent] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Sophos AutoUpdate Service] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Sophos Message Router] >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SharedDlls] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\Sophos Anti-Virus\\\\public.pem"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SharedDlls] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\Sophos Anti-Virus\\\\BackgroundScanClient.exe"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SharedDlls] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\Sophos Anti-Virus\\\\WSCClient.exe"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SharedDlls] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\Sophos Anti-Virus\\\\DataControlManagement.dll"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SharedDlls] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\Sophos Anti-Virus\\\\DetectionFeedback.dll"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SharedDlls] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\Sophos Anti-Virus\\\\ComponentManager.dll"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SharedDlls] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\Sophos Anti-Virus\\\\Configuration.dll"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SharedDlls] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\Sophos Anti-Virus\\\\DriveProcessor.dll"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SharedDlls] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\Sophos Anti-Virus\\\\EEConsumer.dll"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SharedDlls] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\Sophos Anti-Virus\\\\ICAdapter.dll"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SharedDlls] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\Sophos Anti-Virus\\\\SAVControl.dll"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SharedDlls] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\Sophos Anti-Virus\\\\SIPSManagement.dll"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SharedDlls] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\Sophos Anti-Virus\\\\SWIManagement.dll"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SharedDlls] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\Sophos Anti-Virus\\\\SavProgress.exe"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SharedDlls] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\Sophos Anti-Virus\\\\ScanManagement.dll"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SharedDlls] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\Sophos Anti-Virus\\\\SystemInformation.dll"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SharedDlls] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\Sophos Anti-Virus\\\\TamperProtectionControl.dll"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SharedDlls] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\Sophos Anti-Virus\\\\TamperProtectionManagement.dll"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SharedDlls] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\Sophos Anti-Virus\\\\TamperProtectionPlugin.dll"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SharedDlls] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\Sophos Anti-Virus\\\\ThreatDetection.dll"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SharedDlls] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\Sophos Anti-Virus\\\\VirusDetection.dll"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\AutoUpdate\\\\Cache\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\AutoUpdate\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\AutoUpdate\\\\Config\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\AutoUpdate\\\\data\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\AutoUpdate\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\AutoUpdate\\\\Logs\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\AutoUpdate\\\\zh_cn\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\AutoUpdate\\\\zh_tw\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\AutoUpdate\\\\DefaultConfig\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\AutoUpdate\\\\en\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\AutoUpdate\\\\fr\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\AutoUpdate\\\\de\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\AutoUpdate\\\\it\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\AutoUpdate\\\\ja\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\AutoUpdate\\\\es\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Windows\\\\Installer\\\\{15C418EB-7675-42be-B2B3-281952DA014D}\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\Remote Management System\\\\3\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\Remote Management System\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\Remote Management System\\\\3\\\\Agent\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\Remote Management System\\\\3\\\\Agent\\\\AdapterStorage\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\Remote Management System\\\\3\\\\Agent\\\\AdapterStorage\\\\ALC\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\Remote Management System\\\\3\\\\Agent\\\\Logs\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\Remote Management System\\\\3\\\\EMLib\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\Remote Management System\\\\3\\\\EMLib\\\\Logs\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\Remote Management System\\\\3\\\\Router\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\Remote Management System\\\\3\\\\Router\\\\Envelopes\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\Remote Management System\\\\3\\\\Agent\\\\AdapterStorage\\\\NAC\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\Remote Management System\\\\3\\\\Router\\\\NetworkReport\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\Remote Management System\\\\3\\\\Router\\\\Logs\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\Remote Management System\\\\3\\\\Agent\\\\AdapterStorage\\\\SAV\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\Remote Management System\\\\3\\\\Agent\\\\AdapterStorage\\\\SCF\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\Remote Management System\\\\3\\\\Agent\\\\AdapterStorage\\\\SDDM\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Windows\\\\Installer\\\\{FED1005D-CBC8-45D5-A288-FFC7BB304121}\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Sophos\\\\Sophos Endpoint Security and Control\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Sophos\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\Sophos Anti-Virus\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\Sophos Anti-Virus\\\\Config\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Windows\\\\Installer\\\\{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\Sophos Anti-Virus\\\\INFECTED\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\Sophos Anti-Virus\\\\Temp\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\Sophos Anti-Virus\\\\Cache\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\Sophos Data Control\\\\logs\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\Sophos Data Control\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\Sophos Device Control\\\\logs\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\Sophos Device Control\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\Sophos Tamper Protection\\\\logs\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\ProgramData\\\\Sophos\\\\Sophos Tamper Protection\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\Sophos Anti-Virus\\\\Web Control\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Folders] >> %TEMP%\\SOTMP.REG\nECHO "C:\\\\Program Files\\\\Sophos\\\\Sophos Anti-Virus\\\\Web Intelligence\\\\"=- >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\Sophos Web Control Service] >> %TEMP%\\SOTMP.REG\nECHO [-HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\swi_update] >> %TEMP%\\SOTMP.REG\nECHO [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] >> %TEMP%\\SOTMP.REG\nECHO "Sophos AutoUpdate Monitor"=- >> %TEMP%\\SOTMP.REG\nSC create SopReg binpath= "cmd /K START /WAIT REGEDIT /S %TEMP%\\SOTMP.REG" type= own type= interact >NUL 2>&1 >NUL\nsc start "SopReg" >NUL 2>&1 >NUL\nsc delete "SopReg" >NUL 2>&1 >NUL\nECHO.\nECHO Done\nECHO.\nECHO ====================================================\nECHO Deleting Sophos Services\nECHO ====================================================\nsc delete SAVService >NUL 2>&1\nsc delete SAVAdminService >NUL 2>&1\nsc delete "Sophos Agent" >NUL 2>&1\nsc delete "Sophos AutoUpdate Agent" >NUL 2>&1\nsc delete "Sophos AutoUpdate Service" >NUL 2>&1\nsc delete "Sophos Message Router" >NUL 2>&1\nsc delete "swi_service" >NUL 2>&1\nsc delete "Sophos Client Firewall" >NUL 2>&1\nsc delete "Sophos Client Firewall Manager" >NUL 2>&1\nsc delete "Sophos Web Control Service" >NUL 2>&1\nECHO.\nECHO Done\nECHO.\nECHO ====================================================\nECHO Unregistering DLLs\nECHO ====================================================\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\Sophos Anti-Virus\\backgroundscanning.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\Sophos Anti-Virus\\componentmanager.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\Sophos Anti-Virus\\configuration.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\Sophos Anti-Virus\\desktopmessaging.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\Sophos Anti-Virus\\driveprocessor.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\Sophos Anti-Virus\\eeconsumer.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\Sophos Anti-Virus\\filterprocessors.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\Sophos Anti-Virus\\fsdecomposer.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\Sophos Anti-Virus\\icadapter.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\Sophos Anti-Virus\\icmanagement.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\Sophos Anti-Virus\\icprocessors.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\Sophos Anti-Virus\\legacyconsumers.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\Sophos Anti-Virus\\localisation.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\Sophos Anti-Virus\\logging.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\Sophos Anti-Virus\\persistance.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\Sophos Anti-Virus\\SAVI0.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\Sophos Anti-Virus\\SAVMSCM.DLL" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\Sophos Anti-Virus\\savshellext.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\Sophos Anti-Virus\\scaneditexports.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\Sophos Anti-Virus\\scaneditfacade.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\Sophos Anti-Virus\\scanmanagement.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\Sophos Anti-Virus\\security.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\Sophos Anti-Virus\\sophtaineradapter.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\Sophos Anti-Virus\\systeminformation.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\Sophos Anti-Virus\\threatdetection.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\Sophos Anti-Virus\\threatmanagement.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\Sophos Anti-Virus\\translators.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\Sophos Anti-Virus\\virusdetection.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\AutoUpdate\\cidsync.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\AutoUpdate\\config.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\AutoUpdate\\inetconn.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\AutoUpdate\\InstlMgr.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\AutoUpdate\\ispsheet.dll" >NUL 2>&1\nregsvr32 /u /s "%PROGRAMFILES%\\Sophos\\AutoUpdate\\logger.dll" >NUL 2>&1\nECHO.\nECHO Done\nECHO.\nECHO ====================================================\nECHO Removing the Sophos Installation Files\nECHO ====================================================\nRD /s /Q %TEMP% >NUL 2>&1\nMD %TEMP% >NUL 2>&1\nRD /s /Q %WINDIR%\\TEMP\\ >NUL 2>&1\nMD %WINDIR%\\Temp >NUL 2>&1\nRD /S /Q "%PROGRAMFILES%\\SOPHOS\\AutoUpdate" >NUL 2>&1\nRD /S /Q "%PROGRAMFILES%\\SOPHOS\\Sophos Anti-Virus" >NUL 2>&1\nRD /S /Q "%PROGRAMFILES%\\SOPHOS\\Remote Management System" >NUL 2>&1\nRD /S /Q "%PROGRAMFILES%\\SOPHOS\\" >NUL 2>&1\nRD /S /Q "C:\\SAVXPSA" >NUL 2>&1\nRD /s /Q "%ALLUSERSPROFILE%\\Start Menu\\Programs\\Sophos" >NUL 2>&1\nRD /S /Q "%ALLUSERSPROFILE%\\Application Data\\Sophos" >NUL 2>&1\nRD /S /Q "%USERPROFILE%\\Application Data\\Sophos" >NUL 2>&1\nDEL /Q "%ALLUSERSPROFILE%\\Start Menu\\Programs\\Startup\\AutoUpdate Monitor.lnk" >NUL 2>&1\nRD /S /Q "%WINDIR%\\Installer\\{09C6BF52-6DBA-4A97-9939-B6C24E4738BF}" >NUL 2>&1\nRD /S /Q "%WINDIR%\\Installer\\{15C418EB-7675-42be-B2B3-281952DA014D}" >NUL 2>&1\nRD /S /Q "%WINDIR%\\Installer\\{C12953C2-4F15-4A6C-91BC-511B96AE2775}" >NUL 2>&1\nRD /S /Q "%WINDIR%\\Installer\\{FF11005D-CBC8-45D5-A288-25C7BB304121}" >NUL 2>&1\nRD /S /Q "%WINDIR%\\Installer\\{387EF71D-9F19-4059-B6E5-B29E521AF040}" >NUL 2>&1\nDEL /Q "%WINDIR%\\System32\\Drivers\\savonaccesscontrol. sys" >NUL 2>&1\nDEL /Q "%WINDIR%\\System32\\Drivers\\savonaccessfilter.s ys" >NUL 2>&1\nIF EXIST "C:\\Program Files\\Sophos" rmdir "C:\\Program Files\\Sophos" /s /q >NUL 2>&1\nIF EXIST "C:\\Program Files (x86)\\Sophos" rmdir "C:\\Program Files (x86)\\Sophos" /s /q >NUL 2>&1\nECHO.\nECHO Done\nECHO.\nECHO ====================================================\nECHO Deleting Sophos Accounts and Sophos Groups\nECHO ====================================================\nNet user SophosSAU%COMPUTERNAME%0 /DELETE >NUL 2>&1\nNet user SophosSAU%COMPUTERNAME%1 /DELETE >NUL 2>&1\nNet user SophosSAU%COMPUTERNAME%2 /DELETE >NUL 2>&1\nNet user SophosSAU%COMPUTERNAME%3 /DELETE >NUL 2>&1\nNet localgroup SophosAdministrator /DELETE >NUL 2>&1\nNet localgroup SophosOnAccess /DELETE >NUL 2>&1 \nNet localgroup SophosPowerUser /DELETE >NUL 2>&1 \nNet localgroup SophosUser /DELETE >NUL 2>&1 \nECHO.\nECHO Done\nECHO.\nGOTO DONE\n\n:MSIZAPNOTFOUND\nECHO msizap.exe not found, please copy it to this script's directory and run the script again\nPAUSE\nEXIT\n\n:DONE\nECHO.\nECHO ====================================================\nECHO All done!\nECHO ====================================================\nECHO.\nEXIT<\/pre>\n
Save the previous into a .bat file and double click to run it.<\/p>\n","protected":false},"excerpt":{"rendered":"
I’ve created a DOS batch script to remove Sophos along with it’s services and registry as much as possible. It needs to be run either as administrator or with elevated privileges. It also requires Windows Installer Cleanup Tool (msizap.exe) to be downloaded and included in the same folder as the script. @ECHO OFF ECHO ==================================================================== […]<\/p>\n","protected":false},"author":2,"featured_media":3432,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false},"categories":[6,9,70],"tags":[],"yoast_head":"\nSophos Removal - E<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/ed.gs\/2014\/01\/17\/sophos-removal\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Sophos Removal - E\" \/>\n<meta property=\"og:description\" content=\"I’ve created a DOS batch script to remove Sophos along with it’s services and registry as much as possible. It needs to be run either as administrator or with elevated privileges. It also requires Windows Installer Cleanup Tool (msizap.exe) to be downloaded and included in the same folder as the script. @ECHO OFF ECHO ==================================================================== […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/ed.gs\/2014\/01\/17\/sophos-removal\/\" \/>\n<meta property=\"og:site_name\" content=\"E\" \/>\n<meta property=\"article:published_time\" content=\"2014-01-17T08:20:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/static.ed.gs\/wp-content\/uploads\/2014\/01\/22.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2048\" \/>\n\t<meta property=\"og:image:height\" content=\"1365\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ed\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ed\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"27 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/ed.gs\/2014\/01\/17\/sophos-removal\/\",\"url\":\"https:\/\/ed.gs\/2014\/01\/17\/sophos-removal\/\",\"name\":\"Sophos Removal - E\",\"isPartOf\":{\"@id\":\"https:\/\/ed.gs\/#website\"},\"datePublished\":\"2014-01-17T08:20:06+00:00\",\"dateModified\":\"2014-01-17T08:20:06+00:00\",\"author\":{\"@id\":\"https:\/\/ed.gs\/#\/schema\/person\/d775615f2296ad0129fa3ea66346c628\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/ed.gs\/2014\/01\/17\/sophos-removal\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/ed.gs\/#website\",\"url\":\"https:\/\/ed.gs\/\",\"name\":\"E\",\"description\":\"automation, consultancy, project management, web\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/ed.gs\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/ed.gs\/#\/schema\/person\/d775615f2296ad0129fa3ea66346c628\",\"name\":\"Ed\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/ed.gs\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4fe1dfaed09e6bdceb557d3008f5cc47?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4fe1dfaed09e6bdceb557d3008f5cc47?s=96&d=mm&r=g\",\"caption\":\"Ed\"},\"url\":\"https:\/\/ed.gs\/author\/ed\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Sophos Removal - E","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/ed.gs\/2014\/01\/17\/sophos-removal\/","og_locale":"en_GB","og_type":"article","og_title":"Sophos Removal - E","og_description":"I’ve created a DOS batch script to remove Sophos along with it’s services and registry as much as possible. It needs to be run either as administrator or with elevated privileges. It also requires Windows Installer Cleanup Tool (msizap.exe) to be downloaded and included in the same folder as the script. @ECHO OFF ECHO ==================================================================== […]","og_url":"https:\/\/ed.gs\/2014\/01\/17\/sophos-removal\/","og_site_name":"E","article_published_time":"2014-01-17T08:20:06+00:00","og_image":[{"width":2048,"height":1365,"url":"https:\/\/static.ed.gs\/wp-content\/uploads\/2014\/01\/22.jpg","type":"image\/jpeg"}],"author":"Ed","twitter_misc":{"Written by":"Ed","Estimated reading time":"27 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/ed.gs\/2014\/01\/17\/sophos-removal\/","url":"https:\/\/ed.gs\/2014\/01\/17\/sophos-removal\/","name":"Sophos Removal - E","isPartOf":{"@id":"https:\/\/ed.gs\/#website"},"datePublished":"2014-01-17T08:20:06+00:00","dateModified":"2014-01-17T08:20:06+00:00","author":{"@id":"https:\/\/ed.gs\/#\/schema\/person\/d775615f2296ad0129fa3ea66346c628"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/ed.gs\/2014\/01\/17\/sophos-removal\/"]}]},{"@type":"WebSite","@id":"https:\/\/ed.gs\/#website","url":"https:\/\/ed.gs\/","name":"E","description":"automation, consultancy, project management, web","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/ed.gs\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/ed.gs\/#\/schema\/person\/d775615f2296ad0129fa3ea66346c628","name":"Ed","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/ed.gs\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4fe1dfaed09e6bdceb557d3008f5cc47?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4fe1dfaed09e6bdceb557d3008f5cc47?s=96&d=mm&r=g","caption":"Ed"},"url":"https:\/\/ed.gs\/author\/ed\/"}]}},"_links":{"self":[{"href":"https:\/\/ed.gs\/wp-json\/wp\/v2\/posts\/2981"}],"collection":[{"href":"https:\/\/ed.gs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ed.gs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ed.gs\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ed.gs\/wp-json\/wp\/v2\/comments?post=2981"}],"version-history":[{"count":0,"href":"https:\/\/ed.gs\/wp-json\/wp\/v2\/posts\/2981\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ed.gs\/wp-json\/wp\/v2\/media\/3432"}],"wp:attachment":[{"href":"https:\/\/ed.gs\/wp-json\/wp\/v2\/media?parent=2981"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ed.gs\/wp-json\/wp\/v2\/categories?post=2981"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ed.gs\/wp-json\/wp\/v2\/tags?post=2981"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}