This thread was automatically locked due to age.
Hi Gabriel,
Thanks for reaching out to the Sophos Community Forum.
It's possible to view the Tamper Protection password for deleted devices in Sophos Central. You can find more information on this at the following link.
- Recover tamper protection passwords
If you wish to do a full uninstall and reinstall, I'd suggest using the Sophos Zap tool to ensure all components are removed. Ensure the installer package you are using has been downloaded recently as well. A few days or weeks is okay, but using an installer package from months ago is not recommended as some things may have changed.
Hi Gabriel,
Thanks for reaching out to the Sophos Community Forum.
It's possible to view the Tamper Protection password for deleted devices in Sophos Central. You can find more information on this at the following link.
- Recover tamper protection passwords
If you wish to do a full uninstall and reinstall, I'd suggest using the Sophos Zap tool to ensure all components are removed. Ensure the installer package you are using has been downloaded recently as well. A few days or weeks is okay, but using an installer package from months ago is not recommended as some things may have changed.
Hello Kushal,
Thank you very much for the answer. I do have the password, but I don't know how to recover the driver to the online account. I downloaded the Sophos Zap tool, but on the instructions is listed to turn off the tamper protection. This is exactly the issue, I cannot turn it off locally and I'm afraid will not work. I downloaded and run it, don't see any change. I turned off the tamper protection on the General feature online, but I don't have access to turn it off locally, even if I am the admin.
Thank you.
I was able to perform the 1st step per SophosZap instructions, but it failed (as expected) - tamper protection is (1). I tried to changed manually in the Registry but it failed, not allowed.
024-01-31T21:01:58.117Z 58004 INFO : Value 'SEDEnabled' under key 'SYSTEM\\CurrentControlSet\\services\\Sophos Endpoint Defense\\TamperProtection\\Config' is set to 1.
2024-01-31T21:01:58.117Z 58004 INFO : Value 'IgnoreSAV' under key 'SYSTEM\\CurrentControlSet\\services\\Sophos Endpoint Defense\\TamperProtection\\Config' is set to 1.
2024-01-31T21:01:58.133Z 58004 INFO : Tamper-protected by SED.
2024-01-31T21:01:58.133Z 58004 ERROR : SophosZap does not run with tamper protection on
2024-01-31T21:01:58.133Z 58004 INFO : Outcome error flag: 1
2024-01-31T21:01:58.133Z 58004 INFO : Outcome reboot required: 0
2024-01-31T21:01:58.133Z 58004 INFO : Summary of errors, see above for details:
2024-01-31T21:01:58.133Z 58004 INFO : Failure reason: SophosZap does not run with tamper protection on
2024-01-31T21:01:58.133Z 58004 ERROR : An error occurred. See log file for errors
Could you try the following commands via an Admin Command Prompt?
cd C:\Program Files\Sophos\Endpoint Defense
SEDcli.exe -OverrideTPoff <password>
The usage:
usage: SEDcli.exe [ -h | -v | -s | -OverrideTPoff password | -ResumeTP ]
Options:
-help or -h Displays this help message
-version or -v Displays the application version
-status or -s Displays the current SED Tamper Protection status
-OverrideTPoff password Override Central Policy for up to four hours and Disable SED Tamper Protection
-ResumeTP Resume Central Policy (including SED Tamper Protection)
So it would be:SEDcli.exe -OverrideTPoff 12345678910
Did you keep the < and > when you ran it, is that the problem?
This is the result:
C:\Program Files\Sophos\Endpoint Defense>SEDcli.exe -OverrideTPoff 12345678910
Failed to override tamper protection: Failed to authenticate
Using fallback named pipe interface
Failed to open UI pipe, error:2
Failed to send request to MCS
Incorrect SED Tamper Protection password provided
... and yes, you right, I did used <...> , sorry
Victory!!! It WORKED! I tried again with the same command and using the password for the recovery, w/o the <>, and it did disabled tamper protection for 4h and I was able to uninstall it. THANK YOU VERY MUCH!