Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.
I've been provided a Windows 10 Enterprise laptop by my department with Sophos Endpoint Agent installed. I have local admin access. Sophos sometimes comes up with false positives, but I do not have the Sophos admin password to be able to whitelist these events, and this password will not be shared with me.
Is there any way to stop Sophos from running at boot? I would like to install my own Sophos installation that I can control... but I would like to be able to allow the original Sophos Endpoint Agent to start up again if necessary. That is, I could completely uninstall Endpoint Agent, but I'd prefer not to go that route.
appvalleyThanks in advance.
Hello rose maruq,
[I assume this is a Central install thus I have moved the thread here]first of all, as the laptop is provided by your department you should discuss these matter with them. I'm not Sophos…
[I assume this is a Central install thus I have moved the thread here]first of all, as the laptop is provided by your department you should discuss these matter with them. I'm not Sophos and not speaking for Sophos, I think though that a vendor (Sophos in this case) won't help a customer's (your department) employees (you) to bypass any measures or policies. Furthermore, locally whitelisting assumed false positives is not how they should be dealt with.
I could completely uninstall Endpoint AgentI don't think that you can. You said that you are [not] able to whitelist these events which suggests that Tamper Protection is enabled, and TP prevents uninstall as well.