https://community.sophos.com/kb/en-us/119175
Sophos Endpoint: How to disable Tamper Protection
-
119175
-
23 Aug 2019
-
42 people found this helpful
Overview
Tamper Protection must be disabled before changes are made to the local Sophos configuration or if there is a need to uninstall the existing Sophos product. Disabling the Tamper Protection requires that the logged in user knows the actual password that was set in the policy and that the user is a member of the local group SophosAdministrator.
This knowledge base article describes the steps to disable Tamper Protection from various Sophos products.
Please be advised that there is no Tamper Protection for the standalone Sophos on a Mac.
The following sections are covered:
- Managed by Sophos Enterprise Console
- Managed by Sophos Central
- Managed by Sophos UTM
- Related information
- Feedback and contact
Applies to the following Sophos products and versions
Enterprise Console
Sophos Endpoint Security and Control 10.8.4
Central Mac Endpoint
Sophos Central Admin
UTM Managed Endpoint
Managed by Sophos Enterprise Console
On the SEC via policy
-
Go to Policies followed by Tamper protection .
-
Double-click your concerned policy then deselect the box for Enable tamper protection .
-
Click the OK button.
Note: Adjusting this policy will affect all endpoints wherein this policy is applied to. For more information about configuring policies, take a look at the Enterprise Console Help.
On the installed Sophos on a Windows endpoint
- Double-click Sophos Endpoint Security and Control on the Taskbar .
- Click Authenticate user .
- Type the Tamper Protection password that is configured in your Tamper Protection policy then click the OK button.
- Click Configure tamper protection .
- Uncheck the box for Enable Tamper Protection then click the OK button.
On the installed Sophos on a Mac endpoint
- Open Sophos Anti-Virus Preferences .
- Click the padlock and Sophos icons then type the tamper protection password in in the dialog box.
- Click the OK button.
Note: Tamper Protection cannot be disabled permanently.
Managed by Sophos Central
Disable for all endpoints
- In Sophos Central , click Global Settings .
- Under General , click Tamper Protection .
- Move the slider to the left then click the Save button.
Per endpoint
- In Sophos Central , go to Devices .
- Click your concerned endpoint.
- In the SUMMARY page, scroll down and then click Disable Tamper Protection .
Note: In Settings of the Sophos Endpoint , it will show that the Tamper Protection is already turned off.
On the installed Sophos on a Windows endpoint
- In Sophos Central , go to Devices .
- Click your concerned endpoint.
- In the SUMMARY page, scroll down then click View details under Tamper Protection .
- Take note of the password shown when you select the Show Password box that is under Tamper Protection Password Details .
- Log in to your concerned Windows endpoint.
- Double-click the Sophos Endpoint on the Taskbar .
- Click Admin login then type in the password you have taken note earlier.
- Click the Log in button.
- Select Settings from the top menu.
- Tick the box near the top for Override Sophos Central Policy for up to 4 hours .
- Move the slider of Tamper Protection to the left.
Notes:
- Sophos Central will automatically enable Tamper Protection after four hours.
- If Sophos Endpoint cannot be launched, open a Command Prompt then run
SEDcli.exe -TPoff <password>. This file is located inC:\Program Files\Sophos\Endpoint Defense\
On the installed Sophos on a Mac endpoint
- Click Sophos Endpoint on the Dock bar.
- Click Admin login .
- Type the Mac admin password and then click the OK button.
- Click the padlock and Sophos icon then type the tamper protection password in the dialog box.
- Click the OK button.
Note: Tamper Protection cannot be disabled permanently.
