I had a project where I have to deploy Sophos on 500 PC’s, however Symantec had to be uninstalled as a first step. There are few ways to uninstall Symantec via SCCM or Group policy configured to push out a scheduled tasks and run a powershell command. I choose group policy as it’s the quickest method for me. Symantec licenses were coming to an end and all the remote agents had to be removed.
As a first step create a new Group Policy, call it Uninstall Sep.
Go to Scheduled Tasks, right click and create a new task.
Follow the exact steps and make sure to use the account NT AUTHORITY\System which basically has god permission on all computers. When group policy is pushed to the computer, the scheduled task will run with administrative permissions and it will not prompt the user to enter an account.
You can define the triggers, I set mine to run daily and run at 12pm as users will be at lunch. The action tap is configured to start a program which is powershell as detailed below.
The program command is C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe and the argument -ExecutionPolicy Bypass -windowstyle hidden -noninteractive -nologo -noprofile -file “\\ci-pdc\SYSVOL\yourcompany.local\scripts\Script.ps1” Basically the script will run in the background and the user will not have any popup window, and no interaction whatsoever. I need this to run as quiet as possible. As you can see I put this script on my sysvol on one of my DC’s.
The Script.ps1 contains one simple command: (Get-WmiObject -Class Win32_Product -Filter “Name=’Symantec Endpoint Protection'” -ComputerName . ).Uninstall() this will run in powershell and removed Sep and all the data that is involved with the agent installed. Sophos does not like when you have another anti-virus program running and all the files and data associated with Symantec have to be deleted.
The script does not reboot the PCs and I found out that it’s not necessary to reboot the PC to push out Sophos even though it’s recommended. You can decide what the Settings and Common tap works for you as I left everything as default.
Assign the Group policy to the OU that contains the computers with security filtering configured for Authenticated Users and Domains Computers. You can either let Group policy update the PC’s based on whatever schedule your group policy runs on or force the update by right clicking the OU within Group Policy Management and click on Group Policy Update..
Let Group Policy apply to the PCs and you can check on one of them and go to Tasks Scheduler and see if the new tasks that you created shows up there. Once Group policy is pushed and the tasks had run on the PC, you can go to the Symantec Endpoint Protection Manager and check the status of the PC the agent is installed on. You can do this by going to Clients and see where your PC is and right click on it and select Edit Properties. Check the Deployment status and it should say Uninstall successful. This indicate the script had ran on the PC and uninstalled the SEP agent. You can delete the PC from the Symantec Endpoint Protection Manager to free up the license.
Once all this was done, I used SCCM 2016 to push Sohops as an application. I will include more details on that later on….