Greg Vermilion (Verity CU) wrote:
I've uninstalled all Sophos components from nearly all our PCs and performed a rescan, but about 15 or so PCs still show as having outdates Sophos under the Anti-virus section of the Asset Summary.
How can the Anti-virus status be updated to reflect the software is no longer installed?
Hi Greg,
I had a similar issue. I think it was related to Sophos Endpoint client update. (Not antivirus database update but rather application itself update). In my opinion, Sophos installer somehow didn't update WMI Repository on appropriate way. I had a situation that there are 3 anti viruses on some machine. One is Windows Defender and 2 Sophos anti viruses, where one Sophos was outdated. Uninstall/Reinstall of Sophos on same machine didn't help with WMI Repository cleanup. My solution was to manually cleanup WMI Registry.
I have used this command to get all anti viruses installed.
C:\>powershell "Get-WmiObject -Namespace root\SecurityCenter2 -Class AntiVirusProduct"Than you find the obsolete one by comparing
timestamp property
User
instanceGuid property to determine which one you want to delete.
Use this command to delete it:
powershell.exe "Get-WmiObject -Namespace root\SecurityCenter2 -Class AntiVirusProduct | ForEach-Object { if($_.instanceGuid -eq '{8E0623B8-CF1C-DFFE-CEA3-AA41BDA4B8EE}'){$_.Delete()} }"
In my examples I was using remote cmd management tool to run powershell commands but you can use them directly.