Sophos Cloud installer and the detection of other security software

  • Article ID: 119619
  • Updated: 26 Sep 2014

This article provides information on how the Sophos Cloud installer detects and removes third-party security software prior to installation.

By default the Sophos Installer runs the check for third-party security products and removes them when found before installation.  This behavior can be changed if required - for more information see article 119265 on how to do this as part of a scripted install.

Notes:

  • We encourage you to submit a support request detailing the version of the third-party security software we fail to detect or remove to help us improve our Competitor Removal Tool (CRT).​  
  • It may be beneficial to upgrade or downgrade the competitor product in order to better match a version that we do detect.  The article below details how to export a list of third-party security products the CRT currently detects.
  • As most applications today are MSI based, it may be a simple task to automate the removal of a product with a script prior the installation of Sophos, especially if you are scripting the installation of Sophos as per the guidance in article 120611.  For general guidance on removing applications in a scripted way see article 121447.
  • It is also suggested where possible to disable any anti-tamper functionality of the third-party product, especially where passwords are configured.

Issue

This article is appropriate where:

  • another security product fails to be detected,
  • removal of a detected product fails,
  • a third-party product is detected that has already been removed.

First seen in/Applies to

Sophos Cloud

What To Do

Another security product fails to be detected

  1. To confirm the product is not detected and to help understand why, check the 'avremove.log' file created by the Sophos Installer.  By default it is created in the installing users temp directory, i.e. %temp%.  E.g. 'C:\users\Bob\AppData\Local\Temp\avremove.log'
  2. If no third-party applications are detected it should end with the line:
    No products detected on this system
    The previous lines in the log file shows all the registry keys checked by the Sophos Installer to identify third-party applications.  It maybe obvious from looking at the file why the product is not being found.  

Note: To confirm the software versions that are detected by the Sophos Cloud installer, you can do as follows:

    1. Locate the 'crt' directory created by the Sophos Cloud installer.  This should be in '%temp%\crt\'.
    2. In an administrative command prompt navigate to the above directory and run:
      AVRemove.exe --listproducts > crtproducts.txt
    3. Open 'crtproducts.txt' in a text editor to view the versions that are known to be detected.
    4. ​If your product isn't detected and you have no errors such as failing to read registry keys due to permissions we suggest you contact Sophos Support.

    Removal of a detected product fails

    1. Check the 'avremove.log' file created by the Sophos Installer; by default it is created in the installing users temp location, i.e. %temp%.  E.g. 'C:\users\Bob\AppData\Local\Temp\' for errors.  It may be obvious as to why removal failed.
    2. If you still are unable to identify why the removal fails, we recommend you attempt to manually remove any third-party security applications detected before re-running the Sophos Cloud installer.  To do so:
      • XP/2003: 'Add or remove programs'  
      • Vista+: 'Programs and Features' 
        • Note: both are reachable by running 'appwiz.cpl'.

    A third party product is detected that has already been removed

    1. Check the 'avremove.log' file created by the Sophos Installer; by default it is created in the installing users temp location, i.e. %temp%.  E.g. 'C:\users\Bob\AppData\Local\Temp\'
    2. The lines in the log file shows all the registry keys checked by the Sophos Installer. It maybe that the third-party installer did not fully clean up all traces the Sophos Installer checks for.  This log can therefore be used to identify why the third-party application is still being detected. 
    3. If you fail to locate the reason why the third-party application is being detected but remain confident that the other product has been removed, you can un-check the box to detect third-party applications during the install or use the appropriate switch as part of a scripted install.

      Note: See article 119265 which details how you can pass switches to the installer to not run the check.

     
    If you need more information or guidance, then please contact technical support.

    Rate this article

    Very poor Excellent

    Comments