Uninstall sophos endpoint/Intercept x antivirus from endpoint
Ratings
Release Time
08/29/2022
Downloads
479 times
Update Time
04/07/2025
Views
940 times
Share-it:
Categories
Action
Published on:
2 years ago
Software Name : Sophos Intercept X
Software Version Tested : 2.10
Tested on : Windows 10 64/32bit
Note:
1.Run as Local system user
2.The script won't work if tamper protection is on .Kindly disable tamper protection.
3.The script contains bat file .These bat files won't work if drive encryption enabled (Bit locker encrpytion) .
Procedure's Instructions
102
1
import os2
import re3
import ctypes4
import time5
import subprocess 6
7
start=time.time()8
9
class disable_file_system_redirection:10
_disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection11
_revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection12
def __enter__(self):13
self.old_value = ctypes.c_long()14
self.success = self._disable(ctypes.byref(self.old_value))15
def __exit__(self, type, value, traceback):16
if self.success:17
self._revert(self.old_value)18
19
def Uninstall(path):20
with disable_file_system_redirection():21
22
print "Sophos endpoint uninstallation has started"23
process = subprocess.Popen([path],stdout=subprocess.PIPE,stderr=subprocess.PIPE)24
stdout = process.communicate()[0]25
cmd=os.popen("wmic product get name").read()26
if 'Sophos' in cmd:27
28
print "Sophos need to restart your system and run the script Again"29
30
else:31
print "Sophos endpoint protection uninstalled successfully"32
33
arch=os.popen("""powershell.exe "systeminfo | Select-String 'System Type:'""").read().strip()34
oss=os.popen("""powershell.exe "systeminfo | Select-String 'OS Name:'""").read().strip()35
36
37
# if "Microsoft Windows 10" in oss:38
# #print True39
print(oss)40
if "x64" in arch:41
#print True42
print(arch)43
cmd1="REG QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall /s /f SOPHOS"44
cmd2='REG QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall /s /f SOPHOS | findstr "UninstallString"'45
#Uninstallguid46
sp1=os.popen(cmd1).read()47
#Uninstallstrings48
sp2=os.popen(cmd2).read()49
#print sp250
else:51
print(arch)52
cmd1="REG QUERY HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall /s /f SOPHOS"53
cmd2='REG QUERY HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall /s /f SOPHOS | findstr "UninstallString"'54
#Uninstallguid55
sp1=os.popen(cmd1).read()56
#Uninstallstrings57
sp2=os.popen(cmd2).read()58
#print sp259
60
61
62
63
#uninstall_guid64
uninstall_guid=re.findall("{\w*.*}",sp1)65
#unistallstring66
uninstallstring=re.findall('".*"',sp2)67
#print unistallstring68
if uninstall_guid==[] and uninstallstring==[]:69
print("Sophos is not installed")70
else:71
uninstall_using_guid=["msiexec /x {} /qn REBOOT=ReallySuppress".format(i.strip()) for i in uninstall_guid]72
#Creating a .bat file:73
bat_content1="\n".join(uninstall_using_guid)74
bat_content2="\n".join([i+" /uninstall /quiet" for i in uninstallstring])75
bat_file="""76
net stop "savservice"77
net stop "Sophos AutoUpdate Service"78
"%systemdrive%\program files\Sophos\Sophos Endpoint Agent\uninstallcli.exe"79
{}80
81
{}82
83
EXIT /B84
""".format(bat_content1,bat_content2)85
86
with open("C:\\sophos.bat","wb") as f:87
f.write(bat_file)88
89
#Uninstalling sophos90
path="C:\\sophos.bat"91
Uninstall(path)92
if os.path.exists(path):93
try:94
os.remove(path)95
except:96
pass97
list_prods = ['Sophos AutoUpdate', 'Sophos Anti-Virus', 'Sophos Remote Management System', 'Sophos Network Threat Protection']98
for proName in list_prods:99
out=os.popen('wmic product where name="%s" call uninstall'%(proName)).read()100
end=time.time()101
print("Execution Time: {:.2f} ".format(end-start))102
Leave a Comment
CONTACT US
Call now! 
(972) 649-9012
(972) 649-9012
---
Comments