I am running this bat file:
net stop "Sophos Agent"net stop "Sophos Anti-Virus"net stop "Sophos Anti-Virus status reporter"net stop "Sophos AutoUpdate Service"net stop "Sophos Message Router"net stop "Sophos System Protection Service"net stop "Sophos Web Control Service"net stop "Sophos Web Filter"net stop "Sophos Web Intelligence Service"net stop "Sophos Endpoint Defense Service"
C:\Windows\system32>NET STOP "SOPHOS ENDPOINT DEFENSE SERVICE"System error 5 has occurred.
Access is denied.
The last service "Sophos Endpoint Defense Service" does not stop...
I tried to place the service in another position in the batch, it is the same issue.
I did run it by itself and it is the same issue.
What could be the cause of this access denied for only this service? Some specifics security?
The Protection level on it is "PsProtectedSignerAntimalware-Light". It's not Tamper Protection making the service not stoppable:
LaunchProtected is set to 3 under: "HKEY_LOCAL_MACHINE\SYSTEM…
Hi There,Before running the said batch file. did you disable tamper protection on SAV?
Tamper Protection is not enabled in our environment.
So the response would be Yes Tamper Protection is disabled.
When trying this out on a test box, I am getting the same results. It looks like this is the expected behavior.
May I ask why you’re looking to stop this service? If tamper protection is disabled, the SED service running won’t prevent an uninstall from taking place.
I need to stop the service as a requirement to install/upgrade applications. More and more suppliers are requesting anti-virus, anti-malware, etc... to be disabled during installation or upgrades to be sure nothing is blocked during their job...
So long as Tamper Protection is disabled, SED should not impede other installations from taking place. If you do find this to be a problem, please reach back out on this thread and we can take a closer look into things.
LaunchProtected is set to 3 under: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense Service"
Another example would be:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend"C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe"