We took over for another MSP and prior to cutting ties the old MSP left us a spreadsheet with the Sophos tamper protection passwords, but our issue is that they didn’t work on all the machines. I have five that still need the endpoint removed from.
I came across the following articles but even when logged in via local admin (safe mode) I can’t kill the Sophos AV service or rename the following file “SophosED.sys SophosED.sys.old” as I get access denied. Do I need to wipe these machines or is there some other way I haven’t found?
Sophos Endpoint Defense: How to recover a tamper protected system
Uninstall Sophos Central Endpoint with tamper protection enabled (Windows) - Avanet
This thread was automatically locked due to age.
