antivirus_uninstall.ps1 - limehawk/rmm-scripts GitHub Wiki
antivirus_uninstall.ps1
Detects and uninstalls common third-party antivirus software from Windows systems.
Overview
Detects and uninstalls common third-party antivirus software from Windows systems including McAfee, Sophos, and Microsoft Security Essentials. This script is designed for scenarios where existing AV must be removed before deploying a new endpoint protection solution.
Purpose
Detects and uninstalls common third-party antivirus software from Windows systems including McAfee, Sophos, and Microsoft Security Essentials. This script is designed for scenarios where existing AV must be removed before deploying a new endpoint protection solution.
Prerequisites
- Windows PowerShell 5.1 or PowerShell 7+
- Administrator privileges (required for software uninstallation)
- No modules required
Configuration
Required Inputs
All antivirus products to target are hardcoded in this script. No external inputs required. The script will attempt to uninstall:
- McAfee products (all variants)
- Sophos products (all variants)
- Microsoft Security Essentials
Settings
- Uses silent/quiet uninstall methods where possible
- Stops services before uninstallation
- Attempts multiple detection methods for thoroughness
- No reboot is forced (though some AV may require it)
Data Sources & Priority
- System package manager (Get-Package) - Primary detection method
- Windows Installer database (WMI Win32_Product) - Fallback for stubborn installations
- File system paths - Verify specific AV installations
Behavior
- Validates execution environment (must run as Administrator)
- Detects McAfee software using Get-Package
- Uninstalls all detected McAfee components
- Detects Sophos software
- Stops Sophos services
- Uninstalls all detected Sophos components
- Detects Microsoft Security Essentials
- Uninstalls Microsoft Security Essentials if found
- Reports final status
Security Notes
- No secrets logged or displayed
- Requires elevation (will fail if not admin)
- Some antivirus may require tamper protection to be disabled first
- A reboot may be required after uninstallation for complete removal
Exit Codes
- 0 - Success (all detected antivirus software uninstalled)
- 1 - Failure (error during uninstallation process)
Example Output
[ SETUP ]
--------------------------------------------------------------
Script started : 2025-11-02 08:30:15
Administrator : Yes
[ MCAFEE DETECTION ]
--------------------------------------------------------------
Checking for McAfee software...
McAfee packages found : 7
[ MCAFEE UNINSTALLATION ]
--------------------------------------------------------------
Uninstalling McAfee Endpoint Security Platform...
Uninstalling McAfee Agent...
Uninstalling McAfee VirusScan Enterprise...
McAfee removal completed
[ SOPHOS DETECTION ]
--------------------------------------------------------------
Checking for Sophos software...
Sophos software found : No
[ MICROSOFT SECURITY ESSENTIALS DETECTION ]
--------------------------------------------------------------
Checking for Microsoft Security Essentials...
Installation path : Not found
[ FINAL STATUS ]
--------------------------------------------------------------
McAfee uninstalled : Yes
Sophos uninstalled : Not installed
Microsoft Security Essentials removed : Not installed
[ SCRIPT COMPLETED ]
--------------------------------------------------------------
Script completed successfully
Exit code : 0
Version History
- v1.0.0 (2025-11-02) - Initial migration from SuperOps
Links
- View Script Source
- Scripts - Back to script index