Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @rem Batch file to remove RMS, SAU, SCF and SAV sufficiently to allow re-installation via reprotect
- @set ScriptVersion=2.0
- @rem
- @rem Return codes:
- @rem 0 : Removal process completed, no reboot required.
- @rem 1 : Removal process completed, reboot required.
- @rem 2 : Administrator privileges required.
- @echo off
- setlocal
- @rem The mechanism for detecting when RMS should be left in place
- @rem might not be appropriate in all cases. If RMS needs to be
- @rem forcibly removed then change the following value to 1.
- set forceremoverms=0
- call :SetLogFile
- echo %DATE% %TIME% > %LogFile%
- call :echo SophosForceRemove version %ScriptVersion%
- call :echo Log file location:
- call :echo %LogFile%
- rem Must be an administrator
- NET SESSION >nul 2>nul
- if ERRORLEVEL 1 (
- call :echoNewLine
- call :echo Administator privileges are required to run this script.
- endlocal
- exit /B 2
- )
- set ProgramDir=%ProgramFiles(x86)%
- if "%ProgramFiles(x86)%" == "" set ProgramDir=%ProgramFiles%
- call :GetRMSConnectionCacheValueFromRegistry >>%LogFile% 2>>&1
- set remove=false
- if %connectioncachevalue% == 10 set remove=true
- if %forceremoverms% == 1 set remove=true
- if %remove% == true (
- call :echo Removing Sophos Remote Management System
- call :RemRMS >>%LogFile% 2>>&1
- ) else (
- call :echo Sophos Remote Management System will not be uninstalled because
- if %connectioncachevalue% == 0 (
- call :echo we could not detect if SEC, SCC or a messasge relay is installed.
- ) else (
- call :echo we detected that SEC, SCC or a messasge relay is installed.
- )
- )
- call :echo Removing Sophos AutoUpdate
- call :RemSAU >>%LogFile% 2>>&1
- call :echo Removing Sophos Client Firewall
- call :RemSCF >>%LogFile% 2>>&1
- call :echo Removing Sophos Anti-Virus
- call :RemSAV >>%LogFile% 2>>&1
- call :echoNewLine
- call :echo Removal process complete
- set rebootRequired=0
- if exist "%Windir%\Temp\SophosRebootTest.txt" set rebootRequired=1
- if exist "%Windir%\Temp\SophosNoupgrade.txt" set rebootRequired=1
- if %rebootRequired%==1 (
- call :echoNewLine
- call :echo A restart is required before re-installing Sophos Anti-Virus.
- endlocal
- exit /B 1
- )
- endlocal
- exit /B 0
- :echoNewLine
- echo.
- echo. >>%LogFile% 2>>&1
- goto :EOF
- :echo
- echo %*
- echo %* >>%LogFile% 2>>&1
- goto :EOF
- :SetLogFile
- set BaseLogName=%TEMP%\SophosForceRemove_%RANDOM%
- set LogFile="%BaseLogName%_Log.txt"
- goto :EOF
- rem Remove RMS 2.0 & 3.2 +
- :RemRMS
- echo on
- MsiExec.exe /X{FF11005D-CBC8-45D5-A288-25C7BB304121} /qn rebootyesno="no" reboot="supress" /lv* "%BaseLogName%_UninstallRMS2.txt"
- MsiExec.exe /X{FED1005D-CBC8-45D5-A288-FFC7BB304121} /qn rebootyesno="no" reboot="supress" /lv* "%BaseLogName%_UninstallRMS3.txt"
- net stop "Sophos Agent"
- net stop "Sophos Message Router"
- taskkill /F /IM ManagementAgentNT.exe
- taskKill /F /IM RouterNT.exe
- taskKill /F /IM ClientMRInit.exe
- taskKill /F /IM AutoUpdateAgentNT.exe
- taskKill /F /IM EMLibUpdateAgentNT.exe
- rd "%ProgramDir%\Sophos\Remote Management System" /s /q
- call :DelRegKey "HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Remote Management System"
- call :DelRegKey "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Remote Management System"
- call :RemMSIReg FF11005D-CBC8-45D5-A288-25C7BB304121 D50011FF8CBC5D542A88527CBB031412
- call :RemMSIReg FED1005D-CBC8-45D5-A288-FFC7BB304121 D5001DEF8CBC5D542A88FF7CBB031412
- echo off
- goto :EOF
- rem SAU 2.x
- :RemSAU
- echo on
- MsiExec.exe /X{15C418EB-7675-42be-B2B3-281952DA014D} /qn rebootyesno="no" reboot="supress" /lv* "%BaseLogName%_UninstallSAU2.txt"
- net stop "Sophos AutoUpdate Service"
- taskkill /F /IM alsvc.exe
- taskkill /F /IM almon.exe
- taskkill /F /IM ALUpdate.exe
- rd "%ProgramDir%\Sophos\AutoUpdate" /s /q
- rd "%AllUsersProfile%\Sophos\AutoUpdate" /s /q
- call :DelRegKey "HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate"
- call :DelRegKey "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\AutoUpdate"
- call :RemMSIReg 15C418EB-7675-42be-B2B3-281952DA014D BE814C515767eb242B3B829125AD10D4
- echo off
- goto :EOF
- rem Firewall SCF 1.5 & 2.5+
- :RemSCF
- echo on
- MsiExec.exe /X{17071117-5BB2-4737-B05B-C5FABD367313} /qn rebootyesno="no" reboot="supress" /lv* "%BaseLogName%_UninstallSCF15.txt"
- MsiExec.exe /X{12C00299-B8B4-40D3-9663-66ABEA3198AB} /qn rebootyesno="no" reboot="supress" /lv* "%BaseLogName%_UninstallSCF25.txt"
- net stop "Sophos Client Firewall"
- net stop "Sophos Client Firewall Manager"
- taskkill /F /IM SCFService.exe
- taskkill /F /IM SCFManager.exe
- taskkill /F /IM DriverHelper_x64.exe
- taskkill /F /IM op_viewer.exe
- rd "%ProgramDir%\Sophos\Sophos Client Firewall" /s /q
- call :DelRegKey "HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Sophos Client Firewall"
- call :DelRegKey "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Sophos Client Firewall"
- call :RemMSIReg 17071117-5BB2-4737-B05B-C5FABD367313 711170712BB573740BB55CAFDB633731
- call :RemMSIReg 12C00299-B8B4-40D3-9663-66ABEA3198AB 99200C214B8B3D04693666BAAE1389BA
- echo off
- goto :EOF
- Rem SAV 7.x & 9.x & 10.0.x
- :RemSAV
- rem keep old log
- echo on
- copy "%ALLUSERSPROFILE%\Application Data\Sophos\Sophos Anti-Virus\Logs\sav.txt" "%ALLUSERSPROFILE%\Application Data\Sophos\Sophos Anti-Virus\Logs\removal-backup-txt" /Y
- copy "%ALLUSERSPROFILE%\Application Data\Sophos\Sophos Anti-Virus\Logs\sav.txt" "%BaseLogName%_SAVlog.txt" /Y
- if exist "%Windir%\Temp\SophosRebootTest.txt" (
- set rebootfileexists=1
- ) else (
- set rebootfileexists=0
- )
- MsiExec.exe /X{034759DA-E21A-4795-BFB3-C66D17FAD183} /qn rebootyesno="no" reboot="ReallySuppress" UNINSTALLDRIVERS="0" UNINSTALLCLASSFILTER="0" UNINSTALLBOOTDRIVERS="1" UNINSTALLKMSDRIVERS="1" CHECKFORSCF="0" /lv* "%BaseLogName%_UninstallSAV7.txt"
- MsiExec.exe /X{9ACB414D-9347-40B6-A453-5EFB2DB59DFA} /qn rebootyesno="no" reboot="ReallySuppress" UNINSTALLDRIVERS="0" UNINSTALLCLASSFILTER="0" UNINSTALLBOOTDRIVERS="1" UNINSTALLKMSDRIVERS="1" CHECKFORSCF="0" /lv* "%BaseLogName%_UninstallSAV9.txt"
- if rebootfileexists==0 (
- del "%Windir%\Temp\SophosRebootTest.txt"
- )
- net stop "SAVService"
- net stop "SAVAdminSerivce"
- net stop "Sophos Web Control Service"
- net stop "swi_service"
- net stop "Sophos Device Control Service"
- net stop "Sophos Web Intelligence Update"
- taskkill /F /IM SAVService.exe
- taskkill /F /IM SAVAdminService.exe
- taskkill /F /IM swc_service.exe
- taskkill /F /IM swi_service.exe
- taskkill /F /IM sdcservice.exe
- taskkill /F /IM SavMain.exe
- taskkill /F /IM SavProgress.exe
- taskkill /F /IM SavProxy.exe
- taskkill /F /IM sdcdevcon.exe
- taskkill /F /IM WSCClient.exe
- taskkill /F /IM BackgroundScanClient.exe
- taskkill /F /IM sav32cli.exe
- taskkill /F /IM native.exe
- rd "%ProgramDir%\Sophos\Sophos Anti-Virus" /s /q
- call :DelRegKey "HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVService"
- call :DelRegKey "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\SAVService"
- call :RemMSIReg 034759DA-E21A-4795-BFB3-C66D17FAD183 AD957430A12E5947FB3B6CD671AF1D38
- call :RemMSIReg 9ACB414D-9347-40B6-A453-5EFB2DB59DFA D414BCA974396B044A35E5BFD25BD9AF
- copy "%ALLUSERSPROFILE%\Application Data\Sophos\Sophos Anti-Virus\Logs\removal-backup-txt" "%ALLUSERSPROFILE%\Application Data\Sophos\Sophos Anti-Virus\Logs\sav.txt" /Y
- echo off
- goto :EOF
- :RemMSIReg
- call :DelRegKey "HKEY_CLASSES_ROOT\Installer\Products\%2"
- call :DelRegKey "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\%2"
- call :DelRegKey "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{%1}"
- call :DelRegKey "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{%1}"
- goto :EOF
- :DelRegKey
- set REGDELFILE="%TEMP%\sophosforceremovereg.tmp"
- echo REGEDIT4 > %REGDELFILE%
- echo. >> %REGDELFILE%
- echo [-%~1] >> %REGDELFILE%
- regedit /S %REGDELFILE%
- del %REGDELFILE%
- goto :EOF
- :GetRMSConnectionCacheValueFromRegistry
- echo on
- set REGVBSFILE="%TEMP%\sophosforceremovereg.vbs"
- echo On Error Resume Next >%REGVBSFILE%
- echo value = 0 >>%REGVBSFILE%
- echo set WshShell = WScript.CreateObject("WScript.Shell") >>%REGVBSFILE%
- echo value = WSHShell.RegRead("HKLM\SOFTWARE\Sophos\Messaging System\Router\ConnectionCache") >>%REGVBSFILE%
- echo If value = 0 Then >>%REGVBSFILE%
- echo value = WSHShell.RegRead("HKLM\SOFTWARE\Wow6432Node\Sophos\Messaging System\Router\ConnectionCache") >>%REGVBSFILE%
- echo End If >>%REGVBSFILE%
- echo WScript.Quit(CInt(value)) >>%REGVBSFILE%
- cscript %REGVBSFILE%
- set connectioncachevalue=%errorlevel%
- echo Connection cache value is %errorlevel%
- del %REGVBSFILE%
- echo off
- goto :EOF
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement