cd /Library/Preferences
sudo rm com.sophos.sav.plist
cd /Library/Application\ Support/Sophos/cloud/Installer.app/Contents/MacOS/tools/
sudo ./InstallationDeployer —force_remove
Last active
April 2, 2024 12:25
-
-
Save lukebussey/70fe3b245c7b55fa41300670d2698e54 to your computer and use it in GitHub Desktop.
Any such thing for Windows users?
I was able to do it, information was provided by Aditya Patel from Sophos:
"Workaround: you can completely remove the Sophos Anti-Virus software from a Mac endpoint by removing the following files and directories. Obviously it will require admin / sudo permissions, and obviously, you should be quite careful as to not remove other things. here is the list:
/Library/Sophos Anti-Virus/
/Library/Application Support/Sophos/
/Library/Preferences/com.sophos.*
/Library/LaunchDaemons/com.sophos.*
/Library/LaunchAgents/com.sophos.*
/Library/Extensions/Sophos*
/Library/Caches/com.sophos.*
"
the syntax I used was sudo rm -R /Library/see above list
Thanks for this Workaround. it saved the day. Don't forget to run the final sudo ./InstallationDeployer --force_remove
for me the Installer.app was in
/Applications/Remove Sophos Endpoint.app/Contents/MacOS/tools/otherwise did the trick!
This didn't work for me, as the Remove Sophos Endpoint.app directory is now nested under a Sophos directory. So here is what did the trick for me:
/Applications/Sophos/Remove Sophos Endpoint.app/Contents/MacOS/tools/
Open terminal
enter the following 3 commands (one at a time) -- enter password where prompted.
sudo rm -R /Library/Sophos\ Anti-Virus/
sudo rm -R /Library/Preferences/com.sophos.*
sudo /Library/Application\ Support/Sophos/saas/Installer.app/Contents/MacOS/tools/InstallationDeployer --remove
Sophos will uninstall.
NOTE: Some for some installations replace/saas/with/cloud/or/opm/@fuze-mlambert this worked great for me. Thank you so much!
Worked for me with Sophos Endpoint 10.x
Indeed – still good. Thanks!
Worked perfectly for me. Thank you! (anyone got a solution for windows machines?)
Thank you @bobbycooke that worked for me!
Thanks sop much!!!
cd /Library/Preferences
sudo rm com.sophos.sav.plist
then open Remove Sophos Endpoint just work for me without tamper protection password.
Open terminal
enter the following 3 commands (one at a time) -- enter password where prompted.
sudo rm -R /Library/Sophos\ Anti-Virus/
sudo rm -R /Library/Preferences/com.sophos.*
sudo /Library/Application\ Support/Sophos/saas/Installer.app/Contents/MacOS/tools/InstallationDeployer --remove
Sophos will uninstall.
NOTE: Some for some installations replace/saas/with/cloud/or/opm/@fuze-mlambert this worked great for me. Thank you so much!
Worked for me with Sophos Endpoint 10.x
Indeed – still good. Thanks!
Worked perfectly for me. Thank you! (anyone got a solution for windows machines?)
Indeed! Works like a charm! Thanks guys! 🙌
The IT guys get a notification o something like that if you do this?
The IT guys get a notification o something like that if you do this?
@samuaz If your IT are any good they will know you've removed it. If you're on a work/school computer, I wouldn't mess around - It's there for a reason. If it's blocking you from working/studying have a discussion with your IT department and go from there. In short, don't remove it unless you're authorized.
Just testing out these scripts and it seems like it works great, except it leaves behind the Sophos System Extensions, including an endpoint security system extension and a network system extension.
Any idea how to remove those with a script as well?
Just testing out these scripts and it seems like it works great, except it leaves behind the Sophos System Extensions, including an endpoint security system extension and a network system extension.
Any idea how to remove those with a script as well?
To remove them disable System Integrity:
Shut off
Hold power button or CMD+R (depending on the mac) > options > terminal
csrutil disable
Enter username
Enter password
Wait for confirm
Reboot
Open terminal
systemextensionsctl list
systemextensionsctl uninstall TEAMID BUNDLEID (teamid is an id string, the bundleid is com.sophos… etc)
repeat the command for the second extension
Re-enable System Integrity:
Shut off
Hold power button or CMD+R (depending on the mac)> options > terminal
csrutil enable
Enter username
Enter password
Wait for confirm
Reboot
Hello ,
Iam trying to remove sophos from vmware workspace one .
can anyone help me how exactly this works .
Open terminal 'command + spacebar' search for "terminal" vi kill_sophos Copy text below, right-click on terminal window and select 'Paste': #!/bin/bash sudo rm -R /Library/Sophos\ Anti-Virus/ sudo rm -R /Library/Application\ Support/Sophos/ sudo rm -R /Library/Preferences/com.sophos.* sudo rm /Library/LaunchDaemons/com.sophos.* sudo rm /Library/LaunchAgents/com.sophos.* sudo rm -R /Library/Extensions/Sophos* sudo rm -R /Library/Caches/com.sophos.* Press 'Esc' on your keyboard Enter ' :wq' and press return ( Colon W Q Enter) sudo chmod +x kill_sophos Enter local mac password run script by entering below on terminal ./kill_sophos enter password and watch everything die Open Finder and go to 'Applications' click Remove Sophos Endpoint It will now let you remove Sophos Endpoint without the tamper protection password Rejoice Thank you for all the help. It's been rough lol
It worked like a charm, thanks
Amazing, thank you so much!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@stoltenhoff have a look at profile in system preferences :D