##master-page:HomepageTemplate
#format wiki
#language en
== Sophos for WIndows ==
=== Project: Anti-Virus Replacement - ICT Unmanaged devices1 ===
<<BR>><<BR>>
Description: ICT are removing Symantec products, to save on license costs. Sophos will be installed as the new antivirus protection. CSG must carry out this task on the WIN domain.<<BR>><<BR>>
Progress: FIrst meeting on 23rd November 2020<<BR>><<BR>>
Second meeting on 25th November 2020: ICT sent the Sophos installation files and Powershell scripts <<BR>><<BR>>
Files uploaded to \\win\dfs\Admin\Sophos AV\DoC <<BR>><<BR>>
nraghwan and rkhandke tested Sophos on Windows 10 VMs - successful<<BR>><<BR>>
rkhandke tested on temp server motmot - unsuccessful, due to licensing. As domain member, sophos accounts appear to have been created in AD, and subsequently disabled by CLAM<<BR>><<BR>>
rkhandke tested GPO startup scripts using WMI to query for existing Symantec and Sophos installations<<BR>><<BR>>
To do: test automated deployment of the Sophos installer package<<BR>><<BR>>
SophosSetup.exe --quiet<<BR>><<BR>>
Successfully tested  script on ladywood-vm1:t<<BR>><<BR>>
{{{

wmic product where "name='Symantec Endpoint Protection'" call uninstall /nointeractive

\\aythya\Sources\Applications\Sophos\sophossetup.exe --quiet


}}} 

Notes on script: Sophos is configured with an anti-tamper password and cannot be directly uninstalled without the password or ICT procedure<<BR>><<BR>>

To do: sanity checks, check registry keys before running each command<<BR>><<BR>>

Proposed GPO startup script - removes SEP and deploys Sophos, first checking if registry keys exist
{{{

@echo off
reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E327F586-9CB8-4E97-8F61-8D119C3C78F5} /v UninstallString

IF %ERRORLEVEL% == 0 goto uninstallSEP
IF %ERRORLEVEL% == 1 goto no
goto :end

:uninstallSEP
wmic product where "name='Symantec Endpoint Protection'" call uninstall /nointeractive
goto checkSophos

:no
echo "Not Found"
goto checkSophos

:checkSophos
reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D7BB12C-6854-46DF-A67D-F82D778D75C8} /c UninstallString

IF %ERRORLEVEL% == 1 goto installSophos
IF %ERRORLEVEL% == 0 goto SophosIns
goto :end

:installSophos
\\aythya\Sources\Applications\Sophos\sophossetup.exe --quiet
goto end

:SophosIns
echo "Sophos Already Installed"
goto end

:end

}}}
...

----
CategoryHomepage