If "%PA_STATE%" equ "" echo Sophos Patch Agent not running & goto PatchAgentStoppedĮcho Sophos Patch Agent state: %PA_STATE% :: Script to uninstall Sophos Endpoint components in the correct order using the uninstall strings from registry.Įcho - Stop Sophos Patch Agent -įor /f "tokens=4" %%a in ('sc query ^"Sophos Patch Agent^" ^| find ^"STATE^"') do set "PA_STATE=%%a" If I revisit the script, I'll add logging and the suggestions from off It was meant to run from elevated command prompt or right-click run as admin from File Explorer (hence the pauses). I wrote a batch file for this exact situation just last week so it didn't have much testing yet. HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\SAVService\TamperProtection\ is 0. If is is still 1 then, the script may as well stop, especially if the $(get-service "sophos endpoint defense").status is also "Running". The script should probably also check before that, the SedEnabled DWORD under: "HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config" is set to 0 as a way to check tamper has been disabled by policy. Maybe add extra switches to the MSIs uninstall commands, e.g. :: turn off tamper protection on the computer that Sophos will be uninstalled. I have also followed this thread in vain The line you have mentioned is in it but doesn't seem to work. Need to uninstall from 300pcs as we are moving from Sophos Endpoint, a variety of batch file uninstalls haven't worked so far and have had lots of time put into it correcting them.