Anti-Virus Upgrades (Autumn 2020)

From MRC Centre for Outbreak Analysis and Modelling
Jump to navigation Jump to search

Introduction

Imperial College has been using a combination of MalwareBytes and Symantec security software to protect our computers for many years. Changes in licensing costs have forced Imperial College to switch to another supplier for both of these services. Sophos combines the best of both into one package for a lower price.

We need to have Symantec Endpoint Protection removed from all DIDE computers by the end of October 2020.

We need to have MalwareBytes removed from all DIDE computers (desktops and laptops) by the end of November 2020.

Please read all of this before you begin, to avoid surprises.

The Procedure (overview)

These steps must be followed exactly and in sequence, and they apply to all operating systems. Only move on to the next step if the current one isn't applicable to you (e.g. you don't have MalwareBytes installed).

  1. Copy (but don't run!) the Sophos installer file to your computer (from the T:\IT\Antivirus folder on the DIDE network if installing on a departmental DIDE PC, or from this link if installing on a PC/laptop at home, which needs your username@ic.ac.uk login.).
  2. Uninstall MalwareBytes software:
    1. Uninstall MalwareBytes Anti-Exploit (if installed).
    2. Uninstall MalwareBytes Anti-Malware (if installed).
  3. Uninstall Symantec Endpoint Protection.
  4. Important: Restart your computer.
  5. Important: Check that Symantec and MalwareBytes are really uninstalled from your PC (especially from your Mac).
  6. Install Sophos package which you downloaded in step 1 by double-clicking on the installer file.
  7. Important: Restart your computer.

That's all there is to it. If all has gone well, you now have no yellow Symantec shield and instead have a blue and white Sophos shield.

The Procedure (specifics)

We assume that you are running a Windows 10 computer. If you're running a Mac see the Mac-specific notes at the bottom of this page.

  1. Press your Windows key (usually bottom left, between CTRL and ALT) to open the Windows 10 menu and type "Add or remove programs". Click on that menu item.
  2. Scroll down to MalwareBytes and uninstall any items you see there (you may see the main client plus another called Anti-Exploit; uninstall both).
  3. You will be prompted to restart your computer, but you don't need to until we've also uninstalled Symantec.
  4. Scroll down further to Symantec and uninstall Symantec Endpoint Protection. If you also have their Encryption software don't uninstall that!
  5. This will prompt you to restart your computer. You definitely have to restart now or the next step will break your computer.
  6. Do not proceed past here until you have confirmed that any MalwareBytes software and Symantec Endpoint Protection have been uninstalled, and you've restarted your computer.
  7. Now that you've restarted your computer you can install the Sophos software. This will warn you that it will take about ten minutes and require a restart. It will, and it does.
    1. Computer on the wired DIDE network: The installer is in the T:\IT\Antivirus folder.
    2. Other computers: The installer link is here.
  8. Restart your computer when prompted to by the Sophos software.

If all has gone well, you now have no yellow Symantec shield and instead have a blue and white Sophos shield.

Mac-Specific notes

Macs are more awkward these days with their extra security warnings and checks (it's rather like Windows Vista was).

First of all uninstall MalwareBytes software which you have on your Mac. Then to remove Symantec:

  1. Open the Symantec Endpoint Protection client (yellow shield), and then click Symantec Endpoint Protection.
  2. Click the Symantec Endpoint Protection client icon on the menu bar, and then click Uninstall.
  3. Click Uninstall again to begin the uninstallation.
  4. When you are prompted, authenticate with your Mac's administrative user name and password. You may also be prompted to type a password to uninstall the client. This password may be a different password than your Mac's administrative password.
  5. Once the uninstallation completes, click Restart Now.

Then install Sophos and see this page for the extra Mac steps to get all of the Sophos services running. Note especially the section on that page which also states to unblock the Sophos kernel extensions (kexts). The installer link is here.

Retrieved from "http://mrcdata.dide.ic.ac.uk/wiki/index.php?title=Anti-Virus_Upgrades_(Autumn_2020)&oldid=650"