How to disable tamper protection in bulk for a group of users who migrate to another company and then perform a bulk uninstall?
The only real way to do this is turn it off in the general settings - but that disables for everyone. For specific devices - you can turn Tamper Protection off in the device page - one by one. Tamper Protection…
The only real way to do this is turn it off in the general settings - but that disables for everyone. For specific devices - you can turn Tamper Protection off in the device page - one by one. Tamper Protection was specifically made to be difficult to turn off - to prevent unintentional exposure and risk of the endpoints.
Program Manager, Support Readiness | CISSP | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS AlertsIf a post solves your question use the 'Verify Answer' link.
how can we monitor in geenral; How many systems have TP OFF>?We have many admins and 12K Clients and few admins disable and forget to enable; How do we trace?P.S-already placed a feature request few yrs ago
Hi, I think you can use Live Discover to search in the registry by selecting Registry category:
And then select de Query "Display registry section" like show below:
And then in the fields marked below:
You will enter:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config\SEDEnabled
And run the query to the endpoints you want to. That Query will send you data back about the value of this registry (tamper protection enable or no)
And finally, you will get this response:
If valueData is: 1 enable2 disable
Then you can export that to csv
Many thanks Juan for your kind response. since we have 13K clients cannot query them all.But we managed to query via https://developer.sophos.com/docs/endpoint-v1/1/routes/endpoints/%7BendpointId%7D/tamper-protection/getWe have this info on our log server and we built a dashboard this evening for this