Winflare
Sophos Tamper Protection

How to disable Sophos Tamper Protection

If you are a Sophos Central administrator you might have (like me) deleted a computer by mistake since it can get really messy really fast when you have to administer several hundred devices. Now you quickly realize that the tamper protection is still in place and that you are unable to uninstall Sophos Endpoint protection (which should have been done automatically in our opinion by deleting the computer anyways) from the computer. So what can you do to get rid of Sophos you may ask? Underneath is a quick and dirty tutorial to disable the tamper protection and uninstall Sophos Endpoint protection. or reinstall a new Version.

  1. Boot the system into Safe Mode. This means you have to restart your device and as soon as you see the start screen, for example the windows logo, press the key F8.
  2. Click Start > Run and type regedit and then click OK.
  3. Go to the following location in the registry editor: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos MCS Agent and set the REG_DWORD Start to 0x00000004
  4. Go to the following location in the registry editor: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config and set the following REG_DWORD values SAVEnabled and SEDEnabled to 0
  5. Go to the following location in the registry editor: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\SAVService\TamperProtection and set the REG_DWORD Enabled to 0
  6. Reboot the system in normal boot.

Enhanced Tamper Protection is now disabled and you should be able to access the system.

Registry keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config

registry keys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos MCS Agent

registry keys start

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.

Most discussed

Get your e-mail updates

Sign up and get your news fix directly to your inbox. Nothing more nothing else and definitely no spam.
Name
Email address
We won't share your e-mail or send spam