# how to remove Sophos trial which is freezing my comp



## HeadsUp (Jul 22, 2012)

I tried Sophos antivirus and firewall on a 1 month trial.

I have tried to uninstall it but it asks for the password , when i put in my password it wont recognise it as the 1 month trial has finished and it wont allow the use of the password for removal .

I tried deleting the folders manually but of course it blocks me from doing that too.

I contacted support but they were "unhelpful" , they just told me to reset the password but of course their site wont allow it as the trial has finished.

i tried to run Sophos diagnostic utility but it says "cannot create log file - you do not have write permissions"

when i try to save documents or back up files i get the same message " you do not have write permissions"

Is there software i can use to erase it without reformatting my entire drive ?

I have tried revo-uninstaller but there is still sophos files on the comp and they have locked folders and files and wont allow me to backup files to thumb drive or anything else.

I also tried Eset AV removal tool but that cant even see sophos.

How can i delete this garbage ?


----------



## Fireflycph (Apr 1, 2016)

Here's a link that describes how to remove the tamper resistance and, hopefully, how to remove it afterwards.

https://community.sophos.com/kb/en-us/124377


----------



## Couriant (Mar 26, 2002)

I don't think that is Sophos causing the issue. Sophos doesn't control your permissions to the folders.

Is this a personal computer or a work computer?


----------



## Fireflycph (Apr 1, 2016)

Couriant said:


> I don't think that is Sophos causing the issue. Sophos doesn't control your permissions to the folders.


No, you're right there. However it's not uncommon for a software to create certain folders using a hidden/encrypted account and thus preventing others from editing and/or deleting those. 99% of the time it'll be a AV software. And it's done so hackers, malware etc. can't take control of the system.


----------



## Couriant (Mar 26, 2002)

The reason I ask if this is work computer is that Sophos Enterprise edition does have 'encryption' -- which is really turning on Windows BitLocker in versions of Windows that has that ability. I doubt a free trial will have that ability, though these days who knows...

But BitLocker does not affect parts of the drive.. it's all or nothing and also the whole drive would not work if it failed the authentication ('unlocking the drive, etc). Plus not having permission to write sounds to me that the account permissions have been changed somehow.


----------



## HeadsUp (Jul 22, 2012)

The method that worked for me here is to log in to Sophos central > click devices tab at left > click on your device > click on tamper protection tab > click on tab to turn off tamper protection > reboot system > go to control panel > uninstall the program in the usual way.

That worked however its possible either that i was hacked because permissions to virtually everything was locked up , or Sophos locked up all my files for god only knows what reason . did they think they would sell me a solution ?

I made 7 requests to Sophos tech support , nothing they suggested came even close to working.

This is a business PC but i was using personal trial version.

settings in Temp files showed this entry below , i removed it along with all Sophos files , now everything is working and mysteriously i have an extra 60 Gb of space on my C drive..... 

Could this be a randon hacker or sourced a bit closer to the problem ?

Account Unknown ? (S-1-5-5-0-192973)


----------



## Couriant (Mar 26, 2002)

When the computer has (S-1-blah) as a user in the permissions, it means that the computer does not know who that is. So if that is your entry, then you can't do anything. 

I would find it hard pressed to blame Sophos, or even ask them for assistance. If the computer is joined to the company domain, it's possible that the computer lost communication to the server so it doesn't know your account, or someone deleted the user account from the domain.

Since I don't know your setup (i.e. how the computer was built, joined to a domain, etc.), I will go by the standard answer: Your I.T. department needs to fix the permissions.


----------

