Sophos Intercept X for Mobile is a Mobile Threat Defense (MTD) solution for your Android device, iPhone. Manually remove the Google account from the device. When you run it, the Sophos Virus Removal Tool will identify and remove malware from a single Windows endpoint computer. The tool comes with the latest identities included. In order to stay current with the latest detections, the tool should be downloaded again when a new scan is required.
- In this video Jelan from Sophos Support shows you how to use the Sophos ZAP tool to remove Sophos Endpoint or Server Protection Software from a Windows Devic.
- To remove malware from a local computer: From the taskbar, open Sophos Endpoint Security and Control by double-clicking the Sophos shield. If you are prompted by User Account Control (UAC) to allow the action, select Yes. Click Manage quarantine items.
1. Goal of the article
As you know to remove Sophos Endpoint software we need to have Tamper Protection password or disable Tamper Protection on Sophos Central for that computer.
So what if we accidentally delete that device on Sophos Central, at this point we will not be able to get the Tamper Protection password or turn it off.
Through this article, techbast will guide you how to uninstall Sophos Endpoint when encountering the above cases.
2. Configuration scenarios
We will prepare 2 computers running Windows 10 with Sophos Endpoint installed, DESKTOP-6C2AIT6 and PC01.
We then delete the device from Sophos Central as well. And perform uninstall Sophos Endpoint on those 2 computers.
We will have 2 ways to remove, the first is to remove with Recover Tamper Protection password and the second way is to enter Safe Mode to remove.
Method 1 will be done on PC01 and method 2 will be done on computer DESKTOP-6C2AIT6.
3. Configuration
3.1 Remove Sophos Endpoint by Recover Tamper Protection password
Recover Tamper Protection password is a very convenient little feature of Sophos that will save Tamper Protection passwords of deleted devices or we accidentally delete them.
Also note that Recover Tamper Protection password will only save passwords for 60 days from the date of deletion.
To perform the first step we need to remove PC01 from Sophos Central.
To delete login to Sophos Central with admin account> Device> select PC01> press Delete twice.
After deleting the device, the deleted device will be saved in the Recover Tamper Protection password.
Go to Logs & Reports > Report > Endpoint & Server Protection > Recover Tamper Protection passwords.
After entering we will see the PC01 device that we just deleted, to get back Tamper Protection for this device we click on View password details it will display we just need to copy this password.
Next, log on to PC01, double click on the Sophos icon on the clock side of the computer.
Sophos panel appears, click on Admin sign-in.
Enter the password you just copied into the box and click Admin sign-in.
After logging in, click on Settings> check Override Sophos Central Policy for up to 4 hours to troubleshoot> left click on the switch next to Tamper Protection to disable this feature.
Once turned off, go to Control Panel> Programs> Programs and Features> right click on Sophos Endpoint Agent> select Uninstall to uninstall.
Next select Uninstall to uninstall Sophos Endpoint Agent.
Wait about 5 minutes for the uninstallation to complete.
After successful uninstallation, click Close and the computer will automatically restart.
3.2 Uninstall using Safe Mode on Windows.
This uninstall method is only used when you accidentally erase the device on Sophos Central and it is no longer saved on the Recover Tamper Protection password because you have left it for more than 60 days from the date of deletion.
To do this you need to access Safe Mode on Windows.
I will do this on the DESKTOP-6C2AIT6 computer
You can perform into Safe Mode by Restart your computer and press F8 or Shift + F8.
There is also a way for you to enter Safe Mode as follows.
In the Windows search box, type System Configuration and turn it on.
Switch to the Boot tab in the Boot Option section, select Safe Mode Minimal and click OK to save and click Restart to boot into Safe mode.
This is the screen for Safe Mode.
Next in the Windows search box type services.msc and open it up.
Find the Sophos Anti-Virus service and select Properties.
Select Disable at Startup type and click OK
Next, we type in the search box regedit.exe and turn it on.
Go to the path HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services Sophos MCS Agent and set the value of Start to 0x00000004
Next go to HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services Sophos Endpoint Defense TamperProtection Config and set SAVEnabled and SEDEnabled to 0.
Next we need to set the value of Enable to 0 according to the following path:
32 bit : HKEY_LOCAL_MACHINESOFTWARESophosSAVServiceTamperProtection
64 bit : HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeSophosSAVServiceTamperProtection
Here we will configure the 64 bit path used by Windows 10 is 64 bit.
After the configuration is complete, Tamper Protection will be turned off after we restart the computer in normal mode.
For machines using the F8 or Shift + F8 key combination we just need to Restart the machine while for machines entering Safe Mode using System Configuration like techbast just above we will type System Configuration in the search box.
On the Boot tab, we will uncheck Safe Mode under Boot options.
Click OK and Restart to restart the computer.
After restarting the computer in normal mode we can remove Sophos Endpoint because Tamper Protection is disabled.
To uninstall go to Control Panel> Programs> Programs and Features> right click on Sophos Endpoint Agent> select Uninstall to uninstall.
Next select Uninstall to uninstall Sophos Endpoint Agent.
Wait about 5 minutes for the uninstallation to complete.
After successful uninstallation, click Close and the computer will automatically restart.
YOU MAY ALSO INTEREST
By . Published on May 2, 2018
Removing Sophos Antivirus from Mac OS X –
- Access your Applications folder
- Double-Click on the Remove Sophos Endpoint* application
- Click on the Continue button
- If prompted, enter your Username and Password
- Click on the OK button
- OnThe removal was successful window, click on the Close button
- The Sophos Antivirus Shield will also be removed from the menu bar indicating a successful uninstall
- Reboot your computer when finished
*If you are not able to locate the Remove Sophos Endpoint application, you may need to download and run the Sophos Anti-Virus for Mac: Removal Tool.