groupuf.blogg.se

$strSECKey = "32|HKLM|SOFTWARE|Sophos\EE " $strRouterKey = "32|HKLM|SOFTWARE|Sophos\Messaging System\Router " #Router path and client config value checks

$aProcessesToCheck = "sedservice.exe ", "SophosAgentUI.exe ", "SophosAgentRelay.exe ", "SophosCertMgr.exe ", "SophosCWGScannerAutoUpdater.exe " $DriversNotToStop = "hmpalert ", "sdcfilter ", "scfdriver " $strEarlyLaunchKey = "HKLM:\SYSTEM\CurrentControlSet\Control\EarlyLaunch " $UninstallerKeys2 = "HKLM:\Software\wow6432node\microsoft\Windows\Currentversion\uninstall\* ", "HKLM:\Software\microsoft\Windows\Currentversion\uninstall\* " $UninstallerKeys = "HKLM:\Software\wow6432node\microsoft\Windows\Currentversion\uninstall ", "HKLM:\Software\microsoft\Windows\Currentversion\uninstall " $strSAVSchedScanExe = "BackgroundScanClient.exe " #Binary to check for, when checking scheduled scans #Default time in seconds before shutting down $strBackupMSILocation = $ env:TMP + "\SophosRemovalMSIs " #MSI backup location to be super safe when deleting cached Sophos MSIs $aTaskShed = "Schedule ", "Task Scheduler " $aRPC = "RpcSs ", "Remote Procedure Call (RPC) " $aCryptSvc = "CryptSvc ", "Cryptographic Services " $aBFE = "BFE ", "Base Filtering Engine "

#Services that should be running if exist #If one PFRO is created, set this to true for reboot message to display at end $ global:intLocalSAVGroupsAttemptDelete = 0 $ global:intLocalSAUUsersAttemptDelete = 0

$ global:intSophosSurfrightCachedMSIsFound = 0 $ global:intServicesAttemptedToDelete = 0 $ global:strLogFile = $ env:TMP + "\SophosRemoval.txt " # Sophos Transparent Authentication Suite (STAS) #Will exit if the following are present and in "remove" mode: \removesophos.ps1 -Debug YES # Outputs a little more data to screen for debugging purposes. \removesophos.ps1 -NoLogFile YES # No log file will be created. 10 seconds delay by default intDelaySecondsRestart. \removesophos.ps1 -Remove YES -Restart YES # At the end of the process restart the computer. \removesophos.ps1 -ErrorOnly YES # Only print items that exist (errors) on screen. \removesophos.ps1 -Password 1234567 -Remove YES # Password will be provided to SEDCli.exe if TP is on and SEDCLi.exe exists. \removesophos.ps1 -Remove YES # Removes all Sophos components and logs all messages to screen and file. \removesophos.ps1 # Just logs all messages to screen and file.