This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to remove endpoint 2.20.11 without tamper password

We took over for another MSP and prior to cutting ties the old MSP left us a spreadsheet with the Sophos tamper protection passwords, but our issue is that they didn’t work on all the machines. I have five that still need the endpoint removed from.

I came across the following articles but even when logged in via local admin (safe mode) I can’t kill the Sophos AV service or rename the following file “SophosED.sys SophosED.sys.old” as I get access denied. Do I need to wipe these machines or is there some other way I haven’t found?

Sophos Endpoint Defense: How to recover a tamper protected system

Uninstall Sophos Central Endpoint with tamper protection enabled (Windows) - Avanet

This thread was automatically locked due to age.

0 Qoosh over 2 years ago

Hi Paul,

It won't be possible to interact with the driver files or registry entries while the system is booted into Safe Mode. You will need to boot the device into Recovery Mode using the advanced startup options to make changes to the driver files.

Kushal Lakhan

Team Lead, Global Community Support
Connect with Sophos Support, get alerted, and be informed.
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel
0 Paul Storic over 2 years ago

Ugh, thanks. Since it's remote I cannot do so. I will have to instruct the user to wipe the machine.
Cancel
Vote Up 0 Vote Down

Cancel