Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 15 subscribers
  • Views 2921 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

mass shutdown of tamper protection and subsequent uninstallation of a group of users

RadimWazik

How to disable tamper protection in bulk for a group of users who migrate to another company and then perform a bulk uninstall?



This thread was automatically locked due to age.
Parents
  • 0

    The only real way to do this is turn it off in the general settings - but that disables for everyone. For specific devices - you can turn Tamper Protection off in the device page - one by one. Tamper Protection was specifically made to be difficult to turn off - to prevent unintentional exposure and risk of the endpoints. 

    RichardP

    Program Manager, Support Readiness | CISSP | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to RichardP

    how can we monitor in geenral; How many systems have TP OFF>?
    We have many admins and 12K Clients and few admins disable and forget to enable; How do we trace?
    P.S-already placed a feature request few yrs ago

  • 0 in reply to blueskies

    Hi, I think you can use Live Discover to search in the registry by selecting Registry category:

    And then select de Query "Display registry section" like show below:

    And then in the fields marked below:

    You will enter:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config\SEDEnabled

    And run the query to the endpoints you want to. That Query will send you data back about the value of this registry (tamper protection enable or no)

    And finally, you will get this response:

    If valueData is:
    1 enable
    2 disable

    Then you can export that to csv

Reply
  • 0 in reply to blueskies

    Hi, I think you can use Live Discover to search in the registry by selecting Registry category:

    And then select de Query "Display registry section" like show below:

    And then in the fields marked below:

    You will enter:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config\SEDEnabled

    And run the query to the endpoints you want to. That Query will send you data back about the value of this registry (tamper protection enable or no)

    And finally, you will get this response:

    If valueData is:
    1 enable
    2 disable

    Then you can export that to csv

Children
Unfiltered HTML