script to uninstall sophos from machines

EliasG
Contributor

Sophos gave me a script to run but i am having a hard time deploying it..

Installer /Library/Sophos Anti-Virus/Uninstall Sophos-Anti-Virus.mpkg –target /

Any help would be great.

Thanks

12 REPLIES 12

EliasG
Contributor
 

Seven
New Contributor III

Which Sophos product are you using?

If you're using the Sophos Cloud-based solution and have tamper protection enabled, the uninstaller will prompt the user for the tamper protection code. The other odd thing is that if you disable tamper protection and then run the installer, the user's local Sophos configuration can still sometimes require the tamper code.

EliasG
Contributor

free version from sophos site. I was able to uninstall with with policy because it was pkg but when I try to install the new paid version we got I get a message saying bce252db3d8d4a90a9e17f433da3683c

emily
Valued Contributor III
Valued Contributor III

Based on the script @rtrouton posted on this blog post about deploying Sophos, it looks like the uninstallers have different homes in different versions: https://derflounder.wordpress.com/2015/06/17/revisiting-sophos-enterprise-anti-virus-for-mac-9-2-x-d...

# Sophos AV Home Edition
# /Library/Application Support/Sophos/he/Installer.app/Contents/MacOS
# /Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/tools
if [[ -f "$3/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/InstallationDeployer" ]] && [[ ! -f "$3/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]]; then
    ${LOGGER} "Sophos AV Home Edition present on Mac. Uninstalling before installing new copy."
    "$3/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/InstallationDeployer" --remove
elif [[ -f "$3/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/InstallationDeployer" ]] && [[ -f "$3/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]]; then
    ${LOGGER} "Sophos AV Home Edition present on Mac. Uninstalling before installing new copy."
    "$3/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/tools/InstallationDeployer" --remove
elif [[ ! -f "$3/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/InstallationDeployer" ]] && [[ -f "$3/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]]; then
    ${LOGGER} "Sophos AV Home Edition present on Mac. Uninstalling before installing new copy."
    "$3/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/tools/InstallationDeployer" --remove   
else
    ${LOGGER} "Sophos Anti-Virus 9.x Home Edition Uninstaller Not Present"
fi

rtrouton
Release Candidate Programs Tester

Yeah, the different versions of Sophos stash the uninstaller in different locations. Here's my current uninstall script:

https://gist.github.com/rtrouton/94b8f1989b7c7d0c95ca/

I have a post which describes how I'm using it:

https://derflounder.wordpress.com/2015/06/17/revisiting-sophos-enterprise-anti-virus-for-mac-9-2-x-d...

This is designed to be used as part of a package installation, so the $3 variables in this script means something different than what Casper uses when Casper references $3 in a script. For context, please see this post (search the post for $3):

https://derflounder.wordpress.com/2014/06/01/understanding-payload-free-packages/

EliasG
Contributor

the script keeps failing I must be doing something wrong..,

Chris_Hafner
Valued Contributor II

Which script and do you get an error? We've got policies to install and uninstall both the standard app and the cloud version. However @rtrouton and @emilykausalik have some pretty good ways of dealing with that already posted so I don't want to muddle things.

imgappleadmin
New Contributor

I am using the below script as a policy on a target machine to test uninstalling Sophos on a target machine. It seems like the script runs fine (and returns a favorable exit code) but when I check the machine it still has Sophos. Strangely, if I run this script via terminal it works just fine. Any idea why ? I'm using this script -

!/bin/bash

LOGGER="/usr/bin/logger"

Determine working directory

install_dir=dirname $0

Uninstall existing copy of Sophos 8.x by checking for the

Sophos Antivirus uninstaller package in /Library/Sophos Anti-Virus.

If present, the uninstallation process is run.

if [ -d "$3/Library/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg" ]; then ${LOGGER} "Sophos AV present on Mac. Uninstalling before installing new copy." /usr/sbin/installer -pkg "$3/Library/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg" -target "$3" killall SophosUIServer
elif [ -d "$3/Library/Application Support/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg" ]; then ${LOGGER} "Sophos AV present on Mac. Uninstalling before installing new copy." /usr/sbin/installer -pkg "$3/Library/Application Support/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg" -target "$3" killall SophosUIServer

else ${LOGGER} "Sophos Anti-Virus 8.x Uninstaller Not Present"
fi

Uninstall existing copy of Sophos 9.x by checking for the InstallationDeployer application

in the following locations:

Sophos AV Cloud

/Library/Application Support/Sophos/saas/Installer.app/Contents/MacOS/

/Library/Application Support/Sophos/saas/Installer.app/Contents/MacOS/tools/

Sophos AV Home Edition

/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS

/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/tools

Sophos AV Standalone

/Library/Application Support/Sophos/opm-sa/Installer.app/Contents/MacOS

/Library/Application Support/Sophos/opm-sa/Installer.app/Contents/MacOS/tools

Sophos AV Enterprise

/Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS

/Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS/tools

If the InstallationDeployer application is present in the Contents/MacOS/tools directory, the

uninstallation process is run using the InstallationDeployer tool located there.

If the InstallationDeployer application is present only in the Contents/MacOS directory, the

uninstallation process is run using the InstallationDeployer tool located there.

The reason for the directory-specific check is that running the InstallationDeployer application

from Contents/MacOS on Sophos 9.1.x and later will cause the Sophos uninstaller application to

launch in the dock and interfere with a normal installation via installer package.

For more information, see the link below:

http://www.sophos.com/en-us/support/knowledgebase/14179.aspx

if [[ -f "$3/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/InstallationDeployer" ]] && [[ ! -f "$3/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]]; then ${LOGGER} "Sophos AV Home Edition present on Mac. Uninstalling before installing new copy." "$3/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/InstallationDeployer" ----remove elif [[ -f "$3/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/InstallationDeployer" ]] && [[ -f "$3/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]]; then ${LOGGER} "Sophos AV Home Edition present on Mac. Uninstalling before installing new copy." "$3/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/tools/InstallationDeployer" --remove elif [[ ! -f "$3/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/InstallationDeployer" ]] && [[ -f "$3/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]]; then ${LOGGER} "Sophos AV Home Edition present on Mac. Uninstalling before installing new copy." "$3/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/tools/InstallationDeployer" --remove else ${LOGGER} "Sophos Anti-Virus 9.x Home Edition Uninstaller Not Present"
fi

if [[ -f "$3/Library/Application Support/Sophos/opm-sa/Installer.app/Contents/MacOS/InstallationDeployer" ]] && [[ ! -f "$3/Library/Application Support/Sophos/opm-sa/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]]; then ${LOGGER} "Sophos AV Standalone present on Mac. Uninstalling before installing new copy." "$3/Library/Application Support/Sophos/opm-sa/Installer.app/Contents/MacOS/InstallationDeployer" --remove elif [[ -f "$3/Library/Application Support/Sophos/opm-sa/Installer.app/Contents/MacOS/InstallationDeployer" ]] && [[ -f "$3/Library/Application Support/Sophos/opm-sa/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]]; then ${LOGGER} "Sophos AV Standalone present on Mac. Uninstalling before installing new copy." "$3/Library/Application Support/Sophos/opm-sa/Installer.app/Contents/MacOS/tools/InstallationDeployer" --remove elif [[ ! -f "$3/Library/Application Support/Sophos/opm-sa/Installer.app/Contents/MacOS/InstallationDeployer" ]] && [[ -f "$3/Library/Application Support/Sophos/opm-sa/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]]; then ${LOGGER} "Sophos AV Standalone present on Mac. Uninstalling before installing new copy." "$3/Library/Application Support/Sophos/opm-sa/Installer.app/Contents/MacOS/tools/InstallationDeployer" --remove else ${LOGGER} "Sophos Anti-Virus 9.x Standalone Uninstaller Not Present"
fi

if [[ -f "$3/Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS/InstallationDeployer" ]] && [[ ! -f "$3/Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]]; then ${LOGGER} "Sophos AV Enterprise present on Mac. Uninstalling before installing new copy." "$3/Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS/InstallationDeployer" --remove elif [[ -f "$3/Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS/InstallationDeployer" ]] && [[ -f "$3/Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]]; then ${LOGGER} "Sophos AV Enterprise present on Mac. Uninstalling before installing new copy." "$3/Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS/tools/InstallationDeployer" --remove elif [[ ! -f "$3/Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS/InstallationDeployer" ]] && [[ -f "$3/Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]]; then ${LOGGER} "Sophos AV Enterprise present on Mac. Uninstalling before installing new copy." "$3/Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS/tools/InstallationDeployer" --remove else ${LOGGER} "Sophos Anti-Virus 9.x Enterprise Uninstaller Not Present"
fi

if [[ -f "$3/Library/Application Support/Sophos/saas/Installer.app/Contents/MacOS/InstallationDeployer" ]] && [[ ! -f "$3/Library/Application Support/Sophos/saas/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]]; then ${LOGGER} "Sophos AV Cloud present on Mac. Uninstalling before installing new copy." "$3/Library/Application Support/Sophos/saas/Installer.app/Contents/MacOS/InstallationDeployer" --remove elif [[ -f "$3/Library/Application Support/Sophos/saas/Installer.app/Contents/MacOS/InstallationDeployer" ]] && [[ -f "$3/Library/Application Support/Sophos/saas/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]]; then ${LOGGER} "Sophos AV Cloud present on Mac. Uninstalling before installing new copy." "$3/Library/Application Support/Sophos/saas/Installer.app/Contents/MacOS/tools/InstallationDeployer" --remove elif [[ ! -f "$3/Library/Application Support/Sophos/saas/Installer.app/Contents/MacOS/InstallationDeployer" ]] && [[ -f "$3/Library/Application Support/Sophos/saas/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]]; then ${LOGGER} "Sophos AV Cloud present on Mac. Uninstalling before installing new copy." "$3/Library/Application Support/Sophos/saas/Installer.app/Contents/MacOS/tools/InstallationDeployer" --remove else ${LOGGER} "Sophos Anti-Virus 9.x Cloud Uninstaller Not Present"
fi

exit 0

rgerman
Contributor

@imgappleadmin Did you ever find out why the script bombs when running from a policy but succeeds when run locally from terminal? I am seeing the same issue here.

Thanks,
Ray

  • I figured out a work around... Its not fancy but will get the job done for now... Lol

!/bin/sh

/Library/Application Support/Sophos/saas/Installer.app/Contents/MacOS/tools/InstallationDeployer --remove

Scotty
Contributor

@rgerman and @imgappleadmin His script bombs out when used with Jamf policy but works when run manually because of its use of $3. This is a predefined var in Jamf so your script cant use var 1-3, unless of course you want it to use $3 (username). I just removed the $3 in the entire script, since it doesn't need them to work and took out the the "# Determine working directory line." Seems to work just fine for me, I used it to migrate a few hundred clients form various older Sophos AV to Central

Heres my copy of the script:

#!/bin/bash
LOGGER="/usr/bin/logger"

# Determine working directory
#install_dir=`dirname $0`

# Uninstall existing copy of Sophos 8.x by checking for the
# Sophos Antivirus uninstaller package in /Library/Sophos Anti-Virus.
# If present, the uninstallation process is run.

if [ -d "/Library/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg" ]; then
    ${LOGGER} "Sophos AV present on Mac. Uninstalling before installing new copy."
    /usr/sbin/installer -pkg "/Library/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg" -target ""
    killall SophosUIServer
elif [ -d "/Library/Application Support/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg" ]; then
    ${LOGGER} "Sophos AV present on Mac. Uninstalling before installing new copy."
    /usr/sbin/installer -pkg "/Library/Application Support/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg" -target ""
    killall SophosUIServer

else
    ${LOGGER} "Sophos Anti-Virus 8.x Uninstaller Not Present"
fi

# Uninstall existing copy of Sophos 9.x by checking for the InstallationDeployer application
# in the following locations:
#
# Sophos AV Cloud
# /Library/Application Support/Sophos/saas/Installer.app/Contents/MacOS/
# /Library/Application Support/Sophos/saas/Installer.app/Contents/MacOS/tools/
#
# Sophos AV Home Edition
# /Library/Application Support/Sophos/he/Installer.app/Contents/MacOS
# /Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/tools
#
# Sophos AV Standalone
# /Library/Application Support/Sophos/opm-sa/Installer.app/Contents/MacOS
# /Library/Application Support/Sophos/opm-sa/Installer.app/Contents/MacOS/tools
#
# Sophos AV Enterprise
# /Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS
# /Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS/tools
#
# If the InstallationDeployer application is present in the Contents/MacOS/tools directory, the 
# uninstallation process is run using the InstallationDeployer tool located there.
#
# If the InstallationDeployer application is present only in the Contents/MacOS directory, the 
# uninstallation process is run using the InstallationDeployer tool located there.
#
# The reason for the directory-specific check is that running the InstallationDeployer application 
# from Contents/MacOS on Sophos 9.1.x and later will cause the Sophos uninstaller application to 
# launch in the dock and interfere with a normal installation via installer package.
#
# For more information, see the link below:
# http://www.sophos.com/en-us/support/knowledgebase/14179.aspx

if [[ -f "/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/InstallationDeployer" ]] && [[ ! -f "/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]]; then
    ${LOGGER} "Sophos AV Home Edition present on Mac. Uninstalling before installing new copy."
    "/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/InstallationDeployer" --remove
elif [[ -f "/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/InstallationDeployer" ]] && [[ -f "/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]]; then
    ${LOGGER} "Sophos AV Home Edition present on Mac. Uninstalling before installing new copy."
    "/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/tools/InstallationDeployer" --remove
elif [[ ! -f "/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/InstallationDeployer" ]] && [[ -f "/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]]; then
    ${LOGGER} "Sophos AV Home Edition present on Mac. Uninstalling before installing new copy."
    "/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/tools/InstallationDeployer" --remove 
else
    ${LOGGER} "Sophos Anti-Virus 9.x Home Edition Uninstaller Not Present"
fi

if [[ -f "/Library/Application Support/Sophos/opm-sa/Installer.app/Contents/MacOS/InstallationDeployer" ]] && [[ ! -f "/Library/Application Support/Sophos/opm-sa/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]]; then
    ${LOGGER} "Sophos AV Standalone present on Mac. Uninstalling before installing new copy."
    "/Library/Application Support/Sophos/opm-sa/Installer.app/Contents/MacOS/InstallationDeployer" --remove
elif [[ -f "/Library/Application Support/Sophos/opm-sa/Installer.app/Contents/MacOS/InstallationDeployer" ]] && [[ -f "/Library/Application Support/Sophos/opm-sa/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]]; then
    ${LOGGER} "Sophos AV Standalone present on Mac. Uninstalling before installing new copy."
    "/Library/Application Support/Sophos/opm-sa/Installer.app/Contents/MacOS/tools/InstallationDeployer" --remove
elif [[ ! -f "/Library/Application Support/Sophos/opm-sa/Installer.app/Contents/MacOS/InstallationDeployer" ]] && [[ -f "/Library/Application Support/Sophos/opm-sa/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]]; then
    ${LOGGER} "Sophos AV Standalone present on Mac. Uninstalling before installing new copy."
    "/Library/Application Support/Sophos/opm-sa/Installer.app/Contents/MacOS/tools/InstallationDeployer" --remove 
else
    ${LOGGER} "Sophos Anti-Virus 9.x Standalone Uninstaller Not Present"
fi

if [[ -f "/Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS/InstallationDeployer" ]] && [[ ! -f "/Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]]; then
    ${LOGGER} "Sophos AV Enterprise present on Mac. Uninstalling before installing new copy."
    "/Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS/InstallationDeployer" --remove
elif [[ -f "/Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS/InstallationDeployer" ]] && [[ -f "/Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]]; then
    ${LOGGER} "Sophos AV Enterprise present on Mac. Uninstalling before installing new copy."
    "/Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS/tools/InstallationDeployer" --remove
elif [[ ! -f "/Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS/InstallationDeployer" ]] && [[ -f "/Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]]; then
    ${LOGGER} "Sophos AV Enterprise present on Mac. Uninstalling before installing new copy."
    "/Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS/tools/InstallationDeployer" --remove    
else
    ${LOGGER} "Sophos Anti-Virus 9.x Enterprise Uninstaller Not Present"
fi

if [[ -f "/Library/Application Support/Sophos/saas/Installer.app/Contents/MacOS/InstallationDeployer" ]] && [[ ! -f "/Library/Application Support/Sophos/saas/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]]; then
    ${LOGGER} "Sophos AV Cloud present on Mac. Uninstalling before installing new copy."
    "/Library/Application Support/Sophos/saas/Installer.app/Contents/MacOS/InstallationDeployer" --remove
elif [[ -f "/Library/Application Support/Sophos/saas/Installer.app/Contents/MacOS/InstallationDeployer" ]] && [[ -f "/Library/Application Support/Sophos/saas/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]]; then
    ${LOGGER} "Sophos AV Cloud present on Mac. Uninstalling before installing new copy."
    "/Library/Application Support/Sophos/saas/Installer.app/Contents/MacOS/tools/InstallationDeployer" --remove
elif [[ ! -f "/Library/Application Support/Sophos/saas/Installer.app/Contents/MacOS/InstallationDeployer" ]] && [[ -f "/Library/Application Support/Sophos/saas/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]]; then
    ${LOGGER} "Sophos AV Cloud present on Mac. Uninstalling before installing new copy."
    "/Library/Application Support/Sophos/saas/Installer.app/Contents/MacOS/tools/InstallationDeployer" --remove   
else
    ${LOGGER} "Sophos Anti-Virus 9.x Cloud Uninstaller Not Present"
fi

exit 0

I am getting the following: 

Script result: Tamper protection check failed. Exiting.
The removal failed.

 

Any ideas? Thanks!

levans
New Contributor II

ScottSimmons, awesome script