As the licence for Sophos was soon about to expire, we decided to look for another AV solution. This would need to include a decent protection, centralized administration and reduced costs. Since my company is a Microsoft partner, we posess enough licences to install the new corporate Microsoft anti-virus solution. I am talking about FEP 2010.

But before any migration or installation could occur, I needed to find out how to remove Sophos entirely from domain and network. While googling around, I did not find any suitable solution. There were some scripts, but those scripts were made for older versions of Sophos. Something like 5 or 6. Our console was updated to version 4, and clients were running on 9.5 version.

Since it was unacceptable for me to come across or connect to every single computer in the network  and commit uninstall, I contacted our local Sophos retailer, hoping they had some sort of solution for my problem. And they did… here is the script that removes Sophos entirely from Windows:

MSIEXEC /X {15C418EB-7675-42be-B2B3-281952DA014D} /qn
MSIEXEC /X {C12953C2-4F15-4A6C-91BC-511B96AE2775} /qn
MSIEXEC /X {FF11005D-CBC8-45D5-A288-25C7BB304121} /qn
MSIEXEC /X {FED1005D-CBC8-45D5-A288-FFC7BB304121} /qn
MSIEXEC /X {09C6BF52-6DBA-4A97-9939-B6C24E4738BF} REBOOT=SUPPRESS /qn
MSIEXEC /X {034759DA-E21A-4795-BFB3-C66D17FAD183} REBOOT=SUPPRESS /qn
MSIEXEC /X {17071117-5BB2-4737-B05B-C5FABD367313} REBOOT=SUPPRESS /qn
MSIEXEC /X {FF11005D-CBC8-45D5-A288-25C7BB304121} /qn

I packed the script into the batch file and released it through the GPO. The script was published as logon and startup script both. If you are unsure, you can do this by:

Create a new text file, paste the script inside it. Save the file as script.bat (or any other name, but extension should be .bat) and then run the file. This will cause the script inside the file to occur.

For some reason, while testing the new GPO, my network adapter would not initialize on time, so the GPO would not complete and the script was not ran. To fix this and make sure the script runs on other computers, I included some other GPO options into my new GPO.

Under policies\administrative templates\system\scripts\Run logon scripts synchronously -> Enabled

This setting can be turned on both on user and computer configuration. But on slow computers, this would cause the script to run slowly and the black screen was on the monitor until the script was done. This was frustrating for some users, so after few days I turned off this option, when most of the machines did ran the script.