Sophos reinstallation on official FHC computers

Issues related to the use and operation of Family History Centers
ulupoi
Member
Posts: 147
Joined: Mon Jan 24, 2011 2:21 am
Location: California, USA

Sophos reinstallation on official FHC computers

#1

Post by ulupoi »

How to reinstall Sophos Antivirus on official FHC computers

Warning: This procedure, if done incorrectly, can really mess up your computer. If you are not familiar with setting restore points, changing settings in services, and backing up and modifying values in the registry, you should probably have someone else do this.

1. These are instructions on how to reinstall Sophos antivirus software on official FHC computers. When I did this yesterday, the computers were running Windows 7 Enterprise, but a similar procedure should work for Windows 10, as the instructions I got from the Sophos website were for Windows 10, as well. They are specifically for Sophos installations that are managed by Sophos Central (which applies to all of our official FHC computers, as far as I know). If you have Sophos installations that are instead managed by Sophos Enterprise Console, modify these instructions according to the Sophos Enterprise Console section of this webpage: https://community.sophos.com/kb/en-us/124377

2. The Sophos installations are protected, so they can’t be uninstalled or reinstalled without first removing the tamper protection. You will turn off tamper protection, uninstall Sophos, then reinstall Sophos.

3. These instructions are largely copied from here: https://community.sophos.com/kb/en-us/124377

4. Set a System Restore point.

5. Boot the computer in Safe Mode with Networking.
a. Press the F8 function key repeatedly during startup and you should be presented with a list of Safe Mode options, of which you will select Safe Mode with Networking. If you don’t see safe mode options…
b. Run: “msconfig.exe”
1) You can launch it from the Windows search box.
2) In the “Boot” tab, select “Safe boot” and “Network.”
3) Be sure to reverse these steps when you’re done (see below).

6. Run: “services.msc”
a. You can launch it from the Windows search box.
b. Right-click “Sophos Anti-Virus service” and select “Properties”
c. Set “Startup type” to “Disabled”
d. Click the OK button.

7. Run: “regedit.exe”
a. You can launch it from the Windows search box.
b. Export a full backup of the registry. Save it somewhere safe in case you need to reverse everything.
c. Go to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos MCS Agent
1) Set “Value” to 4. (The original value on our computers was 2.)
2) For the numbers we are entering (4 here and 0 in the next sections), it doesn’t matter whether you select decimal or hexadecimal.
3) When the change has been completed and you have closed the value edit box, you will see the new value listed as 0x00000004.
d. Go to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config
1) Set Values of SAVEnabled and SEDEnabled to 0. (The original values on our computers were 0 for SAVEnabled and 1 for SEDEnabled.)
e. For 64-bit computers, go to: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\SAVService\TamperProtection
1) Set “Value” of “Enabled” to 0. (The original value on our computer was 0.
f. For 32-bit computers, go to: HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVService\TamperProtection
1) Set “Value” of “Enabled” to 0.

6. Enhanced Tamper Protection will now be disabled once you restart the computer.
a. If you used msconfig.exe to make the computer start in safe mode, go back there and return it to normal operation.
b. Restart the computer into a normal Windows Administrator account.

7. Using the regular Windows app uninstallation procedure, uninstall “Sophos Endpoint Agent.” (In our case, it was the only Sophos item in the Windows uninstall list.)
a. When you try to uninstall Sophos, Windows will instruct you that you must restart the computer before uninstalling. Do so. Restart the computer, then initiate the Sophos uninstallation procedure again. This time it will work.

8. Install Sophos.
a. Open an Internet browser and go to https://familysearch.org/remote/support.html
b. Click on: “Sophos - Latest Version”
c. Download the installer and run it.
d. The installer will instruct you to restart the computer to complete the installation.
e. Remember that the Sophos software on this webpage is for official FHC computers, only. It should not be installed on ward (clerk) computers. It should not be installed on computers in church buildings that are used for family history work but that are not official FHC computers. It should not be installed on personal computers.

9. Update Sophos.
a. Open Sophos by double-clicking on the Sophos icon in the Windows Notification Area.
b. Click on: “About”
c. Click on: “Update”

10. Click on “Status” to go back to the main screen and initiate a scan.

That's it. Pretty simple. If it doesn't seem simple to you, you might want to have someone with more experience do this. (See warning, above.)
russellhltn
Community Administrator
Posts: 34416
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Sophos reinstallation on official FHC computers

#2

Post by russellhltn »

Good to know, but I'm curious as to what triggered the need?
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
ulupoi
Member
Posts: 147
Joined: Mon Jan 24, 2011 2:21 am
Location: California, USA

Re: Sophos reinstallation on official FHC computers

#3

Post by ulupoi »

Three of our four Sophos installations showed Intercept X as "Not installed." The FHC support person with whom I emailed about this issue told me that the three computers had an "incorrect" version of Sophos and that my options were either to just leave it alone, which probably wouldn't be a problem, or to reinstall Sophos, which was what they recommended. However, they said that reinstalling Sophos would require re-imaging the computers. That seemed insane, so I looked online for a better solution. Fortunately, Sophos had just recently posted helpful information on this topic.
russellhltn
Community Administrator
Posts: 34416
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Sophos reinstallation on official FHC computers

#4

Post by russellhltn »

Maybe I should check the versions on my computers - just to make sure they're all the same and presumably current.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
CaldwellZ
New Member
Posts: 11
Joined: Fri Sep 06, 2019 1:38 pm

Re: Sophos reinstallation on official FHC computers

#5

Post by CaldwellZ »

russellhltn wrote:Maybe I should check the versions on my computers - just to make sure they're all the same and presumably current.
It seems an easy way to tell is that the taskbar icon for the "old" version has a blue S and shield outline on a white background, while the "new" version (which should typically be installed automatically if Tivoli is working correctly) has a white S on a blue background.
ulupoi wrote:...reinstalling Sophos would require re-imaging the computers.
It's true that a full reimage isn't technically needed (although that's their default go-to solution for more advanced system issues), but even the Safe Mode backdoor procedure seems a little much. The easiest way to uninstall Sophos is probably to just to get in touch with FHC Support, ask them to enter the Tamper Protection password, and uninstall it the normal way. Their techs do have the password and know how to use it, but you may need to ask to be escalated to someone who's familiar with the Sophos uninstall process.

Also, last I checked, the website link for Sophos still had the old version, so if you do uninstall it you may want to look around in Tivoli/BigFix and "accept" the latest Sophos "offer" to get the right version.
ulupoi
Member
Posts: 147
Joined: Mon Jan 24, 2011 2:21 am
Location: California, USA

Re: Sophos reinstallation on official FHC computers

#6

Post by ulupoi »

Open Sophos and click on “About” and you’ll see which Sophos components are installed. I don’t think that it’s actually an issue of new vs. old versions, but just that one component failed to install on some of our computers for some unknown reason. The version in the FHC Application Finder would not install on our computers (threw up an error), but the version on the website (see above) installed without any problems.
ulupoi
Member
Posts: 147
Joined: Mon Jan 24, 2011 2:21 am
Location: California, USA

Re: Sophos reinstallation on official FHC computers

#7

Post by ulupoi »

CaldwellZ wrote:...ask to be escalated to someone who's familiar with the Sophos uninstall process.
Didn’t know I could do that. Good idea.
russellhltn
Community Administrator
Posts: 34416
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Sophos reinstallation on official FHC computers

#8

Post by russellhltn »

ulupoi wrote:
CaldwellZ wrote:...ask to be escalated to someone who's familiar with the Sophos uninstall process.
Didn’t know I could do that. Good idea.
It's been eons since I've called support, but it used to be you had to do some serious arm-twisting to get escalated to an actual staff member.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
ulupoi
Member
Posts: 147
Joined: Mon Jan 24, 2011 2:21 am
Location: California, USA

Re: Sophos reinstallation on official FHC computers

#9

Post by ulupoi »

Sometimes, DIY is actually easier...

I figure they're mostly all volunteers, so I make allowances and I'm grateful for what I get. That said, this forum is essential.
lajackson
Community Moderators
Posts: 11460
Joined: Mon Mar 17, 2008 10:27 pm
Location: US

Re: Sophos reinstallation on official FHC computers

#10

Post by lajackson »

russellhltn wrote:It's been eons since I've called support, but it used to be you had to do some serious arm-twisting to get escalated to an actual staff member.
Try this script:
I have done everything you asked me to do and the problem is not resolved. Who should I speak with next?
Please connect me.
Post Reply

Return to “Family History Centers”