This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to disable Tamper Protection

Unable to disable Tamper Protection on a Server, despite it is already disabled in Sophos Central Admin.

Even when override Sophos Central Policy for 4 hours to troubleshoot is checked, none of the sliders (including Tamper Protection) can be activated.

Also unable to edit registry to set SEDEnabled to 0.



This thread was automatically locked due to age.
Parents
  • Hi Boon, 

    Thanks for reaching out to us. 

    If the Sophos UI is showing that Tamper Protection is disabled once you have selected override for 4 hours, could you run the following command to verify?
    - C:\Program Files\Sophos\Endpoint Defense\SEDcli.exe -status

    It would also be a good idea to check the Sophos Endpoint Self Help tool, to ensure all of the installed components are in a good state. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • sedcli.exe is not found in the folder.

    Override is activated but nothing can be slide.

  • FormerMember
    0 FormerMember in reply to Boon Hong Wong

    Hi Boon,

    Also unable to edit registry to set SEDEnabled to 0.

    -> are you doing this in safemode? as this needs to be done in safemode.

    Can you try to start the machine via command prompt only or safemode with command prompt? as doing this should run CMD as admin.

    Then use this to edit the SEDEnabled registry:

    REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config" /t REG_DWORD /v SEDEnabled /d 0 /f

    IF its successful, then reboot back in normal mode then try to uninstall sophos again.

    Regards,

    Fernan Tutor

    If this post solves your question, please use the "Verify Answer" button.

  • Do you know if these settings are disabled in Sophos Central? Generally, the sliders will be blue in color and turn grey when each of the functions is turned off. 

    If the policy in Sophos Central is defined to have these scanning functions disabled, the UI will show as displayed in your screenshot. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply Children