API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 24th, 2014
155
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.36 KB | None | 0 0
raw download clone embed print report
  1. @rem Batch file to remove RMS, SAU, SCF and SAV sufficiently to allow re-installation via reprotect
  2. @set ScriptVersion=2.0
  3. @rem
  4. @rem Return codes:
  5. @rem 0 : Removal process completed, no reboot required.
  6. @rem 1 : Removal process completed, reboot required.
  7. @rem 2 : Administrator privileges required.
  8.  
  9. @echo off
  10. setlocal
  11.  
  12. @rem The mechanism for detecting when RMS should be left in place
  13. @rem might not be appropriate in all cases. If RMS needs to be
  14. @rem forcibly removed then change the following value to 1.
  15. set forceremoverms=0
  16.  
  17. call :SetLogFile
  18. echo %DATE% %TIME% > %LogFile%
  19. call :echo SophosForceRemove version %ScriptVersion%
  20. call :echo Log file location:
  21. call :echo %LogFile%
  22.  
  23. rem Must be an administrator
  24. NET SESSION >nul 2>nul
  25. if ERRORLEVEL 1 (
  26. call :echoNewLine
  27. call :echo Administator privileges are required to run this script.
  28. endlocal
  29. exit /B 2
  30. )
  31.  
  32. set ProgramDir=%ProgramFiles(x86)%
  33. if "%ProgramFiles(x86)%" == "" set ProgramDir=%ProgramFiles%
  34.  
  35. call :GetRMSConnectionCacheValueFromRegistry >>%LogFile% 2>>&1
  36. set remove=false
  37. if %connectioncachevalue% == 10 set remove=true
  38. if %forceremoverms% == 1 set remove=true
  39. if %remove% == true (
  40. call :echo Removing Sophos Remote Management System
  41. call :RemRMS >>%LogFile% 2>>&1
  42. ) else (
  43. call :echo Sophos Remote Management System will not be uninstalled because
  44. if %connectioncachevalue% == 0 (
  45. call :echo we could not detect if SEC, SCC or a messasge relay is installed.
  46. ) else (
  47. call :echo we detected that SEC, SCC or a messasge relay is installed.
  48. )
  49. )
  50.  
  51. call :echo Removing Sophos AutoUpdate
  52. call :RemSAU >>%LogFile% 2>>&1
  53. call :echo Removing Sophos Client Firewall
  54. call :RemSCF >>%LogFile% 2>>&1
  55. call :echo Removing Sophos Anti-Virus
  56. call :RemSAV >>%LogFile% 2>>&1
  57.  
  58. call :echoNewLine
  59. call :echo Removal process complete
  60.  
  61. set rebootRequired=0
  62. if exist "%Windir%\Temp\SophosRebootTest.txt" set rebootRequired=1
  63. if exist "%Windir%\Temp\SophosNoupgrade.txt" set rebootRequired=1
  64. if %rebootRequired%==1 (
  65. call :echoNewLine
  66. call :echo A restart is required before re-installing Sophos Anti-Virus.
  67. endlocal
  68. exit /B 1
  69. )
  70. endlocal
  71. exit /B 0
  72.  
  73.  
  74. :echoNewLine
  75. echo.
  76. echo. >>%LogFile% 2>>&1
  77. goto :EOF
  78.  
  79.  
  80. :echo
  81. echo %*
  82. echo %* >>%LogFile% 2>>&1
  83. goto :EOF
  84.  
  85.  
  86. :SetLogFile
  87. set BaseLogName=%TEMP%\SophosForceRemove_%RANDOM%
  88. set LogFile="%BaseLogName%_Log.txt"
  89. goto :EOF
  90.  
  91.  
  92. rem Remove RMS 2.0 & 3.2 +
  93. :RemRMS
  94. echo on
  95. MsiExec.exe /X{FF11005D-CBC8-45D5-A288-25C7BB304121} /qn rebootyesno="no" reboot="supress" /lv* "%BaseLogName%_UninstallRMS2.txt"
  96. MsiExec.exe /X{FED1005D-CBC8-45D5-A288-FFC7BB304121} /qn rebootyesno="no" reboot="supress" /lv* "%BaseLogName%_UninstallRMS3.txt"
  97. net stop "Sophos Agent"
  98. net stop "Sophos Message Router"
  99. taskkill /F /IM ManagementAgentNT.exe
  100. taskKill /F /IM RouterNT.exe
  101. taskKill /F /IM ClientMRInit.exe
  102. taskKill /F /IM AutoUpdateAgentNT.exe
  103. taskKill /F /IM EMLibUpdateAgentNT.exe
  104. rd "%ProgramDir%\Sophos\Remote Management System" /s /q
  105. call :DelRegKey "HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Remote Management System"
  106. call :DelRegKey "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Remote Management System"
  107. call :RemMSIReg FF11005D-CBC8-45D5-A288-25C7BB304121 D50011FF8CBC5D542A88527CBB031412
  108. call :RemMSIReg FED1005D-CBC8-45D5-A288-FFC7BB304121 D5001DEF8CBC5D542A88FF7CBB031412
  109. echo off
  110. goto :EOF
  111.  
  112.  
  113. rem SAU 2.x
  114. :RemSAU
  115. echo on
  116. MsiExec.exe /X{15C418EB-7675-42be-B2B3-281952DA014D} /qn rebootyesno="no" reboot="supress" /lv* "%BaseLogName%_UninstallSAU2.txt"
  117. net stop "Sophos AutoUpdate Service"
  118. taskkill /F /IM alsvc.exe
  119. taskkill /F /IM almon.exe
  120. taskkill /F /IM ALUpdate.exe
  121. rd "%ProgramDir%\Sophos\AutoUpdate" /s /q
  122. rd "%AllUsersProfile%\Sophos\AutoUpdate" /s /q
  123. call :DelRegKey "HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate"
  124. call :DelRegKey "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\AutoUpdate"
  125. call :RemMSIReg 15C418EB-7675-42be-B2B3-281952DA014D BE814C515767eb242B3B829125AD10D4
  126. echo off
  127. goto :EOF
  128.  
  129.  
  130. rem Firewall SCF 1.5 & 2.5+
  131. :RemSCF
  132. echo on
  133. MsiExec.exe /X{17071117-5BB2-4737-B05B-C5FABD367313} /qn rebootyesno="no" reboot="supress" /lv* "%BaseLogName%_UninstallSCF15.txt"
  134. MsiExec.exe /X{12C00299-B8B4-40D3-9663-66ABEA3198AB} /qn rebootyesno="no" reboot="supress" /lv* "%BaseLogName%_UninstallSCF25.txt"
  135. net stop "Sophos Client Firewall"
  136. net stop "Sophos Client Firewall Manager"
  137. taskkill /F /IM SCFService.exe
  138. taskkill /F /IM SCFManager.exe
  139. taskkill /F /IM DriverHelper_x64.exe
  140. taskkill /F /IM op_viewer.exe
  141. rd "%ProgramDir%\Sophos\Sophos Client Firewall" /s /q
  142. call :DelRegKey "HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Sophos Client Firewall"
  143. call :DelRegKey "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Sophos Client Firewall"
  144. call :RemMSIReg 17071117-5BB2-4737-B05B-C5FABD367313 711170712BB573740BB55CAFDB633731
  145. call :RemMSIReg 12C00299-B8B4-40D3-9663-66ABEA3198AB 99200C214B8B3D04693666BAAE1389BA
  146. echo off
  147. goto :EOF
  148.  
  149.  
  150. Rem SAV 7.x & 9.x & 10.0.x
  151. :RemSAV
  152. rem keep old log
  153. echo on
  154. copy "%ALLUSERSPROFILE%\Application Data\Sophos\Sophos Anti-Virus\Logs\sav.txt" "%ALLUSERSPROFILE%\Application Data\Sophos\Sophos Anti-Virus\Logs\removal-backup-txt" /Y
  155. copy "%ALLUSERSPROFILE%\Application Data\Sophos\Sophos Anti-Virus\Logs\sav.txt" "%BaseLogName%_SAVlog.txt" /Y
  156. if exist "%Windir%\Temp\SophosRebootTest.txt" (
  157. set rebootfileexists=1
  158. ) else (
  159. set rebootfileexists=0
  160. )
  161. MsiExec.exe /X{034759DA-E21A-4795-BFB3-C66D17FAD183} /qn rebootyesno="no" reboot="ReallySuppress" UNINSTALLDRIVERS="0" UNINSTALLCLASSFILTER="0" UNINSTALLBOOTDRIVERS="1" UNINSTALLKMSDRIVERS="1" CHECKFORSCF="0" /lv* "%BaseLogName%_UninstallSAV7.txt"
  162. MsiExec.exe /X{9ACB414D-9347-40B6-A453-5EFB2DB59DFA} /qn rebootyesno="no" reboot="ReallySuppress" UNINSTALLDRIVERS="0" UNINSTALLCLASSFILTER="0" UNINSTALLBOOTDRIVERS="1" UNINSTALLKMSDRIVERS="1" CHECKFORSCF="0" /lv* "%BaseLogName%_UninstallSAV9.txt"
  163. if rebootfileexists==0 (
  164. del "%Windir%\Temp\SophosRebootTest.txt"
  165. )
  166. net stop "SAVService"
  167. net stop "SAVAdminSerivce"
  168. net stop "Sophos Web Control Service"
  169. net stop "swi_service"
  170. net stop "Sophos Device Control Service"
  171. net stop "Sophos Web Intelligence Update"
  172. taskkill /F /IM SAVService.exe
  173. taskkill /F /IM SAVAdminService.exe
  174. taskkill /F /IM swc_service.exe
  175. taskkill /F /IM swi_service.exe
  176. taskkill /F /IM sdcservice.exe
  177. taskkill /F /IM SavMain.exe
  178. taskkill /F /IM SavProgress.exe
  179. taskkill /F /IM SavProxy.exe
  180. taskkill /F /IM sdcdevcon.exe
  181. taskkill /F /IM WSCClient.exe
  182. taskkill /F /IM BackgroundScanClient.exe
  183. taskkill /F /IM sav32cli.exe
  184. taskkill /F /IM native.exe
  185. rd "%ProgramDir%\Sophos\Sophos Anti-Virus" /s /q
  186. call :DelRegKey "HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVService"
  187. call :DelRegKey "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\SAVService"
  188. call :RemMSIReg 034759DA-E21A-4795-BFB3-C66D17FAD183 AD957430A12E5947FB3B6CD671AF1D38
  189. call :RemMSIReg 9ACB414D-9347-40B6-A453-5EFB2DB59DFA D414BCA974396B044A35E5BFD25BD9AF
  190.  
  191. copy "%ALLUSERSPROFILE%\Application Data\Sophos\Sophos Anti-Virus\Logs\removal-backup-txt" "%ALLUSERSPROFILE%\Application Data\Sophos\Sophos Anti-Virus\Logs\sav.txt" /Y
  192. echo off
  193. goto :EOF
  194.  
  195.  
  196. :RemMSIReg
  197. call :DelRegKey "HKEY_CLASSES_ROOT\Installer\Products\%2"
  198. call :DelRegKey "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\%2"
  199. call :DelRegKey "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{%1}"
  200. call :DelRegKey "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{%1}"
  201. goto :EOF
  202.  
  203.  
  204. :DelRegKey
  205. set REGDELFILE="%TEMP%\sophosforceremovereg.tmp"
  206. echo REGEDIT4 > %REGDELFILE%
  207. echo. >> %REGDELFILE%
  208. echo [-%~1] >> %REGDELFILE%
  209. regedit /S %REGDELFILE%
  210. del %REGDELFILE%
  211. goto :EOF
  212.  
  213.  
  214. :GetRMSConnectionCacheValueFromRegistry
  215. echo on
  216. set REGVBSFILE="%TEMP%\sophosforceremovereg.vbs"
  217. echo On Error Resume Next >%REGVBSFILE%
  218. echo value = 0 >>%REGVBSFILE%
  219. echo set WshShell = WScript.CreateObject("WScript.Shell") >>%REGVBSFILE%
  220. echo value = WSHShell.RegRead("HKLM\SOFTWARE\Sophos\Messaging System\Router\ConnectionCache") >>%REGVBSFILE%
  221. echo If value = 0 Then >>%REGVBSFILE%
  222. echo value = WSHShell.RegRead("HKLM\SOFTWARE\Wow6432Node\Sophos\Messaging System\Router\ConnectionCache") >>%REGVBSFILE%
  223. echo End If >>%REGVBSFILE%
  224. echo WScript.Quit(CInt(value)) >>%REGVBSFILE%
  225. cscript %REGVBSFILE%
  226. set connectioncachevalue=%errorlevel%
  227. echo Connection cache value is %errorlevel%
  228. del %REGVBSFILE%
  229. echo off
  230. goto :EOF
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!