1

I have a Windows 10 laptop which was happily running Sophos ECC for several years but recently stopped updating. I was advised by Sophos tech support to uninstall and reinstall. But reinstall stops because it detects 3rd party software - presumably Windows Defender as there is no other AV software. Strangely, Windows defender states that Sophos is providing the AV protection even though uninstalled but I cannot open the Sophos app via Defender console.

I have tried seting up new DWORD DisableAvCheck = 1 and restarting but this has not solved the problem. Sophos Tech support says they cannot do anything else to help but I now have a laptop which is currently not protected (Sophos not installed but Defender is not protecting it because it thinks Sophos is installed). Sophos Tech Support suggested I should upgrade to Sophos Cloud but I don't know whether it would be right for me. I like Endpoint.

Any suggestions?

Zaheer Ali
  • 11
  • 2

1 Answers1

0

Sophos checks those registry keys and can sometimes detect another AV that is long gone from the system:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall

You can confirm what exact software is being detected by checking the avremove.log in c:\windows\temp\ (at the very bottom of the file). You can also find more info at the bottom of this article from Sophos.

Usually, something as simple as renaming or deleting the registry key (from the locations above) for other AV would allow the Sophos antivirus component to get installed. You wouldn't need to delete or remove Defender as Sophos won't have installation issues because of it.

Jeremy Caney
  • 7,102
  • 69
  • 48
  • 77
Pavel F
  • 1