Sophos for WIndows
Project: Anti-Virus Replacement - ICT Unmanaged devices1
Description: ICT are removing Symantec products, to save on license costs. Sophos will be installed as the new antivirus protection. CSG must carry out this task on the WIN domain.
Progress: FIrst meeting on 23rd November 2020
Second meeting on 25th November 2020: ICT sent the Sophos installation files and Powershell scripts
Files uploaded to \\win\dfs\Admin\Sophos AV\DoC
nraghwan and rkhandke tested Sophos on Windows 10 VMs - successful
rkhandke tested on temp server motmot - unsuccessful, due to licensing. As domain member, sophos accounts appear to have been created in AD, and subsequently disabled by CLAM
rkhandke tested GPO startup scripts using WMI to query for existing Symantec and Sophos installations
To do: test automated deployment of the Sophos installer package
SophosSetup.exe --quiet
Successfully tested script on ladywood-vm1:t
wmic product where "name='Symantec Endpoint Protection'" call uninstall /nointeractive \\aythya\Sources\Applications\Sophos\sophossetup.exe --quiet
Notes on script: Sophos is configured with an anti-tamper password and cannot be directly uninstalled without the password or ICT procedure
To do: sanity checks, check registry keys before running each command
Proposed GPO startup script - removes SEP and deploys Sophos, first checking if registry keys exist
@echo off
reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E327F586-9CB8-4E97-8F61-8D119C3C78F5} /v UninstallString
IF %ERRORLEVEL% == 0 goto uninstallSEP
IF %ERRORLEVEL% == 1 goto no
goto :end
:uninstallSEP
wmic product where "name='Symantec Endpoint Protection'" call uninstall /nointeractive
goto checkSophos
:no
echo "Not Found"
goto checkSophos
:checkSophos
reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D7BB12C-6854-46DF-A67D-F82D778D75C8} /c UninstallString
IF %ERRORLEVEL% == 1 goto installSophos
IF %ERRORLEVEL% == 0 goto SophosIns
goto :end
:installSophos
\\aythya\Sources\Applications\Sophos\sophossetup.exe --quiet
goto end
:SophosIns
echo "Sophos Already Installed"
goto end
:end...