Error 3005 when trying to uninstall Sophos Anti-Virus

  • Article ID: 110534
  • Rating:
  • 131 customers rated this article 4.2 out of 6
  • Updated: 11 May 2016


After a failed installation of Endpoint Security Control, when you try to remove the Sophos Anti-Virus component using Add/Remove Programs (Programs and Features), you see the following error:

Error 3005
You are not a member of the Sophos Administrator Group

In the Sophos Anti-Virus uninstall log you see an error similar to:

Action start [TIME]: CheckUserIsSophosAdmin.
Error 3005.Sophos Anti-Virus can only be uninstalled by users that are members of the SophosAdministrator user group.
MSI (s) (30!A8) [TIME]: Product: Sophos Anti-Virus -- Error 3005.Sophos Anti-Virus can only be uninstalled by users that are members of the SophosAdministrator user group.

First seen in
Sophos Anti-Virus for Windows 2000+ 9.5.0


Typically the reason for the error is the SophosAdministrator group does not exist or the 'pre-Windows 2000' value of the SophosAdministrator group is not SophosAdministrator.

What To Do

You need to check if the SophosAdministrator group exists, create it if not and ensure the administrative account you are performing the uninstall is a member of it.  Follow one of the sections below to check group membership and add your user account.


  • If you have a 'Home' or 'Starter' edition of the Windows operating system use the instructions in 'Checking group membership with a command prompt' as the 'Local User and Group' snap-in is not available.
  • If you need to check your operating system see article 13302.
  • If the computer is a Domain Controller, when instructed to create a group, create a domain local security group.
  • Nesting groups in Active directory is not currently supported. 

Checking group membership with the 'Local Users and Groups' snap-in

  1. Open the Computer Management snap-in (Start | Run | Type: compmgmt.msc | Press return).
  2. From the left hand tree expand 'Local Users and Groups' | 'Groups'.  Example:

    Note: If you do not see 'Groups' you most likely have a 'Home' edition of Windows and therefore must check group membership with the command prompt (see section below).

  3. Locate the 'SophosAdministrator' group.  If the group does not exist:
    1. Right-click the 'Group' folder from the left hand tree and select 'New Group...'
    2. Enter the group name precisely as the one word group name (one word): SophosAdministrator
    3. Click the 'Create' button.
  4. Right-click the SophosAdministrator group and select 'Properties'.  Example:

  5. Add your user account (which must already be a local Administrator) to the SophosAdministrator group.
  6. Close the Computer Management snap in.
  7. Open the Add/Remove Programs list (Start | Run | Type: appwiz.cpl | Press Return).
  8. Select the 'Sophos Anti-Virus' component and uninstall it.

Checking group membership with a command prompt

  1. Click the Start button and type cmd.

  2. Right-click on the cmd program and select 'Run as administrator'.

    If the User Account Control (UAC) prompt appears click 'Yes' to acknowledge the action.

  3. Create the (or attempt to re-create the existing) group by running the following command:
    • net localgroup sophosadministrator /add

    If the group did not exist the command will return:
    The command completed successfully.

    If the group already existed the command will return:
    System error 1379 has occurred.

    In either case proceed to the next step.

  4. Add your user account to the group.  The command shown below adds the user john to the sophosadministrator group.  Replace john with your username (if you need to find your username type whoami into the command prompt first)
    • net localgroup sophosadministrator john /add

    If the user was not already a member of the group and successfully added the command will return:
    The command completed successfully.

    If the user was already a member of the group the command will return:
    System error 1378 has occurred.

    The specified account name is already a member of the group.

  5. Type the following command to confirm your account is now recognized as a member of the group:
    • net localgroup sophosadministrator

    The command will list the current user accounts and should show your user account is a member of the SophosAdministrator group.

    If your account is shown you can open Add/Remove Programs and remove the 'Sophos Anti-Virus' component. 

If the error still occurs after adding your account to the group...

First log off and back on to the computer (or restart the computer) and try the uninstall again.  If the error still occurs and you have confirmed your account is a member of SophosAdministrator group.  It is recommended to run the command:

net localgroup | find /I "Sophos"

This command will list the 'pre-Windows 2000' name which is important in ensuring the Sophos installer queries the group successfully.

If the error is occurring and you are using Azure AD

If you are using Azure AD then there is a chance that the account being used is an Azure account and therefore does not have the correct permissions and account roles to uninstall the product.  If this is the case then you can uninstall by following the below methods:

  1. Create a new user and assign it to the Sophos Administrators group - you should then be able to log in as this account and uninstall
  2. Uninstall by using the Local Administrator account on the machine
  3. Using PsExec you could run the uninstall as the SYSTEM account to get around this issue:

psexec -s -i cmd
MsiExec.exe /X{09863DA9-7A9B-4430-9561-E04D178D7017}

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent