I have a Lenovo Flex 3-1033 laptop/tablet convertible PC I bought new at a retail store (Circuit City) quite some time ago. It came with Sophos Endpoint Agent pre-installed. I want to uninstall it, but when I try, I get a message that says, "Tamper Protection must be disabled before uninstalling." It seems Sophos talks to some server. The Endpoint Self Help program lists a long Endpoint ID ('looks like a GUID). It also lists a bunch of installed components (Sophos AMSI Protection, Sophos Anti-Virus, etc.) It shows the latest update just occurred, and it lists "User Credentials" (looks like a product key).
How can I uninstall Sophos Endpoint Agent? I set up a trial Sophos Central account. Is there a way to link the Lenovo computer to the Sophos Central account and then disable tamper protection?
Please advise. Thanks.
I suspect that it you have:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config
SEDEnabled - 1
Unless you have the password, you will need to boot into…
Unless you have the password, you will need to boot into safe mode to disable the value.
I would suggest following:
Service and Support (sophos.com)
The key thing is to try and rename sophosed.sys under \windows\system32\drivers\ such that Tamper Protection will not be protecting the computer.
If you can rename the driver or follow the article, you should be OK.
Perfect! The registry value was 1, so I re-booted in Safe Mode and renamed the driver (SophosED.sys to SophosED.sys.old), then re-booted. At that point, I could change the registry value to 0, and then uninstall Sophos Endpoint using Windows Settings. I then deleted the renamed driver (Windows\System32\drivers\SophosED.sys.old). Thank you very much!