This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos locks my hard drive, I cannot format it.

Sophos locks my hard drive, I cannot format it.

Access denied

Prevents harmful behavior

An attack on a vulnerability in an application was prevented

WipeGuard
C: \ Windows \ System32 \ dllhost.exe

Despite the exception, the hard disk remains locked.



This thread was automatically locked due to age.
Parents
  • Hi Rico,

    Thank you for reaching us. When you mentioned that our endpoints lock your hard drive, may I know if you’re using Sophos device encryption to it? And what was this detection that you've shared? 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hello,

    no, hard drives were never encrypted with any tools.
    I wanted to erase my hard drive.
    I deleted the data.
    I wanted to format the hard drive on it.
    Then the error message came up:
    An attack on a vulnerability in an application was prevented
    WipeGuard
    C: \ Windows \ System32 \ dllhost.exe

    If I now want to format or rename the hard drive, it appears that a user has opened a file or access is denied.

    Then I wanted to remove Sophos so that I could get back to my hard drive.
    That also fails, there is an error message here too.
    Sophos Autoupdate cannot be stopped.
    All manual attempts failed.

    The problems started with Sophos and I can't get it removed even in Windows Safe Mode.
    The reinstallation does not work either, even here there is an error message.

    Sophos Home Premium

  • You may try removing the Sophos endpoint first, but before that, you need to manually set the registry key for auto-update back to zero to stop Sophos auto-update from running. 
    Go to this registry path "hklm\software\wownode32\sophos\autoupdate\updatestatus > is updating change to 0"  and change the value of "is updating" to Zero,
    Then remove Sophos Using Sophos ZAP tool refer to this knowledge base article. Once done, you may proceed with formatting your hard disk and let us know the status. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • hklm \ software \ wownode32 \ sophos \ autoupdate \ updatestatus does not exist


    Sophos Windows Endpoint Zap log.txt

    2021-07-20T21:20:45.849Z 13132 INFO : ==== Started C:\\Users\\Grafik\\AppData\\Local\\Temp\\SophosZap-537687518\\SophosZapHelper.exe ====
    2021-07-20T21:20:45.850Z 13132 INFO : Running version 1.2.3.0
    2021-07-20T21:20:45.851Z 13132 INFO : Parent process ID: 11788
    2021-07-20T21:20:45.852Z 13132 INFO : Running Zap functionality on x64 bit architecture
    2021-07-20T21:20:45.853Z 13132 INFO : Intialising COM subsystem.
    2021-07-20T21:20:45.855Z 13132 INFO : Performing prerequisite checks.
    2021-07-20T21:20:45.856Z 13132 INFO : Checking for presence of incompatible software: Sophos SafeGuard
    2021-07-20T21:20:45.861Z 13132 INFO : Checking for presence of incompatible software: AD Sync
    2021-07-20T21:20:45.862Z 13132 INFO : Checking for presence of incompatible software: SAV NetApp
    2021-07-20T21:20:45.862Z 13132 INFO : Checking for presence of incompatible software: Sophos PureMessage for Exchange
    2021-07-20T21:20:45.863Z 13132 INFO : Checking for presence of incompatible software: Sophos for Microsoft SharePoint
    2021-07-20T21:20:45.863Z 13132 INFO : Checking for presence of incompatible software: SAVDI
    2021-07-20T21:20:45.864Z 13132 INFO : Checking for presence of incompatible software: Sophos Enterprise Console
    2021-07-20T21:20:45.865Z 13132 INFO : Checking for presence of incompatible software: Sophos Transparent Authentication Suite
    2021-07-20T21:20:45.866Z 13132 INFO : Checking for presence of incompatible software: Sophos IPsec Client
    2021-07-20T21:20:45.867Z 13132 INFO : Checking for presence of incompatible software: Sophos Connect
    2021-07-20T21:20:45.868Z 13132 INFO : Checking for presence of incompatible software: Sophos Connect Admin
    2021-07-20T21:20:45.868Z 13132 INFO : Checking for presence of incompatible software: Sophos Update Manager
    2021-07-20T21:20:45.869Z 13132 INFO : Checking for presence of incompatible software: Invincea
    2021-07-20T21:20:45.870Z 13132 INFO : Checking for presence of incompatible software: Sophos Network Access Control
    2021-07-20T21:20:45.870Z 13132 INFO : Checking for presence of incompatible RMS Server
    2021-07-20T21:20:45.871Z 13132 INFO : Sophos Endpoint Defense is installed.
    2021-07-20T21:20:45.871Z 13132 INFO : Value 'SEDEnabled' under key 'SYSTEM\\CurrentControlSet\\services\\Sophos Endpoint Defense\\TamperProtection\\Config' is set to 1.
    2021-07-20T21:20:45.872Z 13132 INFO : Value 'IgnoreSAV' under key 'SYSTEM\\CurrentControlSet\\services\\Sophos Endpoint Defense\\TamperProtection\\Config' is set to 1.
    2021-07-20T21:20:45.873Z 13132 INFO : Tamper-protected by SED.
    2021-07-20T21:20:45.873Z 13132 ERROR : Zapper does not run with tamper protection on
    2021-07-20T21:20:45.873Z 13132 INFO : Outcome error flag: 1
    2021-07-20T21:20:45.874Z 13132 INFO : Outcome reboot required: 0
    2021-07-20T21:20:45.875Z 13132 INFO : Summary of errors, see above for details:
    2021-07-20T21:20:45.875Z 13132 INFO : Failure reason: Zapper does not run with tamper protection on
    2021-07-20T21:20:45.876Z 13132 ERROR : An error occurred. See log file for errors

  • Based on the logs, it appears that tamper protection is still turned on on this system. Please disable tamper protection first by following this KBArticle, then re-run Sophos zap tool to uninstall the endpoint

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • See Image

    I can't get in with my default password; if I reset the password, it still doesn't work.

    Is my account blocked?

  • Are you trying to log in to your Sophos account to turn off tamper protection? You can turn off tamper protection without logging in to your account follow the steps on the knowledge base that have been provided. For the Sophos account login issue, you may need to reach our Customer Care team to assist you with this account problem. Refer to this link. You can talk to them via chat or Phone. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • I don't know English, I translate with Google, so I need direct help with a direct link.

    knowledge base
    Your link ... it says that you have to log in there, and it says that you should log in.

    https://support.sophos.com/support/s/article/KB-000036125?language=en_US

    • Applies to the following Sophos products and versions

      Central Windows Endpoint
      Central Windows Server
      Sophos Endpoint Security and Control
      Endpoints managed by Sophos Centra


    How to recover tamper protection password of deleted endpoints and servers
    Log in to Sophos Central.
    Access Logs & Reports> Recover Tamper Protection passwords.
    Click View details to expand the password (s) that has been set on the endpoint or server.

  • Apparently I was able to remove Sophos through SophosZap.exe. Links are at least still available, but a call no longer works.

    If I reinstall Shopos, the same problem occurs again, I can no longer uninstall Sophos.

    I have to go through the same steps again.
    Now that's not very nice.

Reply
  • Apparently I was able to remove Sophos through SophosZap.exe. Links are at least still available, but a call no longer works.

    If I reinstall Shopos, the same problem occurs again, I can no longer uninstall Sophos.

    I have to go through the same steps again.
    Now that's not very nice.

Children
No Data