Software Name : Sophos Intercept X
Software Version Tested : 2.10
Tested on : Windows 10 64/32bit
Note:
1.Run as Local system user
2.The script won't work if tamper protection is on .Kindly disable tamper protection.
3.The script contains bat file .These bat files won't work if drive encryption enabled (Bit locker encrpytion) .
import os
import re
import ctypes
import time
import subprocess
start=time.time()
class disable_file_system_redirection:
_disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
_revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
def __enter__(self):
self.old_value = ctypes.c_long()
self.success = self._disable(ctypes.byref(self.old_value))
def __exit__(self, type, value, traceback):
if self.success:
self._revert(self.old_value)
def Uninstall(path):
with disable_file_system_redirection():
print "Sophos endpoint uninstallation has started"
process = subprocess.Popen([path],stdout=subprocess.PIPE,stderr=subprocess.PIPE)
stdout = process.communicate()[0]
cmd=os.popen("wmic product get name").read()
if 'Sophos' in cmd:
print "Sophos need to restart your system and run the script Again"
else:
print "Sophos endpoint protection uninstalled successfully"
arch=os.popen("""powershell.exe "systeminfo | Select-String 'System Type:'""").read().strip()
oss=os.popen("""powershell.exe "systeminfo | Select-String 'OS Name:'""").read().strip()
# if "Microsoft Windows 10" in oss:
# #print True
print(oss)
if "x64" in arch:
#print True
print(arch)
cmd1="REG QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall /s /f SOPHOS"
cmd2='REG QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall /s /f SOPHOS | findstr "UninstallString"'
#Uninstallguid
sp1=os.popen(cmd1).read()
#Uninstallstrings
sp2=os.popen(cmd2).read()
#print sp2
else:
print(arch)
cmd1="REG QUERY HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall /s /f SOPHOS"
cmd2='REG QUERY HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall /s /f SOPHOS | findstr "UninstallString"'
#Uninstallguid
sp1=os.popen(cmd1).read()
#Uninstallstrings
sp2=os.popen(cmd2).read()
#print sp2
#uninstall_guid
uninstall_guid=re.findall("{\w*.*}",sp1)
#unistallstring
uninstallstring=re.findall('".*"',sp2)
#print unistallstring
if uninstall_guid==[] and uninstallstring==[]:
print("Sophos is not installed")
else:
uninstall_using_guid=["msiexec /x {} /qn REBOOT=ReallySuppress".format(i.strip()) for i in uninstall_guid]
#Creating a .bat file:
bat_content1="\n".join(uninstall_using_guid)
bat_content2="\n".join([i+" /uninstall /quiet" for i in uninstallstring])
bat_file="""
net stop "savservice"
net stop "Sophos AutoUpdate Service"
"%systemdrive%\program files\Sophos\Sophos Endpoint Agent\uninstallcli.exe"
{}
{}
EXIT /B
""".format(bat_content1,bat_content2)
with open("C:\\sophos.bat","wb") as f:
f.write(bat_file)
#Uninstalling sophos
path="C:\\sophos.bat"
Uninstall(path)
if os.path.exists(path):
try:
os.remove(path)
except:
pass
list_prods = ['Sophos AutoUpdate', 'Sophos Anti-Virus', 'Sophos Remote Management System', 'Sophos Network Threat Protection']
for proName in list_prods:
out=os.popen('wmic product where name="%s" call uninstall'%(proName)).read()
end=time.time()
print("Execution Time: {:.2f} ".format(end-start))
Comments