Sophos Antivirus 9.5 and 10 Removal Script

So, really long time since my last post, lets see if I can do slightly more than 1 post per year from now on 😀


Just a small post today too (lets not get too crazy), documenting a quick batch file I had to throw together to remove Sophos AV from all our 200 or so workstations as we are moving over to ESET NOD32 (which unfortunately doesn’t yet have any built in tools to uninstall other AV products itself!).

Helpfully Sophos don’t provide anything other than basic “go script it yourself” responses (they used to offer a premade script for earlier versions but stopped supporting it), and no one else seems to have posted anything useful for recent versions of Sophos.

This is really basic, all it is is a batch file that stops the Sophos services and then calls the relevant msiexec commands to do a silent uninstall so you can either run it by hand or use this in a GPO to deploy it to multiple computers (either via logon/logoff script or by creating a scheduled task).

A big warning though: Don’t run this script on the server/desktop that has all the admin tools on otherwise you will break it all. For the admin tools machine do the uninstall manually and ideally do it as the last machine in your network.

Anyway, here it is, provided “As-Is” with no guarantees other than “it worked for me”:

REM Stopping Sophos Services
net stop "Sophos AutoUpdate Service"
net stop "Sophos Agent"
net stop "SAVService"
net stop "SAVAdminService"
net stop "Sophos Message Router"
net stop "Sophos Web Control Service"
net stop "swi_service"
net stop "swi_update"

REM Removing Sophos AutoUpdater
MsiExec.exe /X{15C418EB-7675-42be-B2B3-281952DA014D} /qn REBOOT=SUPPRESS /PASSIVE

REM Removing Sophos Update Manager
MsiExec.exe /X{2C7A82DB-69BC-4198-AC26-BB862F1BE4D0} /qn REBOOT=SUPPRESS /PASSIVE

REM Removing Sophos Remote Management System
MsiExec.exe /X{FED1005D-CBC8-45D5-A288-FFC7BB304121} /qn REBOOT=SUPPRESS /PASSIVE

REM Removing Sophos Anti-Virus
MsiExec.exe /X{9ACB414D-9347-40B6-A453-5EFB2DB59DFA} /qn REBOOT=SUPPRESS /PASSIVE


Im a Sys-Admin for a growing UK company working down on the sunny South Coast of England, I love all things techie, especially Exchange and Virtualisation stuff. When not tinkering I can normally be found playing online games such as Planetside 2, Dayz and Battlefield 4.

  • Thanks for this, very useful!