This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

uninstall the Sophos software

Hello, I need help to uninstall the Sophos software from my laptop. I deleted the laptop device from the online Sophos account, because the installation did not complete correctly. 
Now, when I try to uninstall it, I have this error message "Tamper protection must be disabled - KB-000034808". 
I disabled the tamper protection on the General settings on the online account, but I can't do it on the device itself, online, because I deleted apriori. 
How can I fix it, remove this program? All help is much appreciated. 
Thank you!


This thread was automatically locked due to age.
Parents
  • Hi Gabriel,

    Thanks for reaching out to the Sophos Community Forum. 

    It's possible to view the Tamper Protection password for deleted devices in Sophos Central. You can find more information on this at the following link. 
    - Recover tamper protection passwords

    1. Go to Reports.
    2. Under Endpoint & Server Protection, click Recover Tamper Protection passwords. You see a list of deleted devices.
    3. Find the device you want.
    4. In the Password(s) column, click View password details. This shows you the password (and previous passwords).

    If you wish to do a full uninstall and reinstall, I'd suggest using the Sophos Zap tool to ensure all components are removed. Ensure the installer package you are using has been downloaded recently as well. A few days or weeks is okay, but using an installer package from months ago is not recommended as some things may have changed. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hello Kushal,

    Thank you very much for the answer. I do have the password, but I don't know how to recover the driver to the online account. I downloaded the Sophos Zap tool, but on the instructions is listed to turn off the tamper protection. This is exactly the issue, I cannot turn it off locally and I'm afraid will not work. I downloaded and run it, don't see any change. I turned off the tamper protection on the General feature online, but I don't have access to turn it off locally, even if I am the admin.

    Thank you.

  • I was able to perform the 1st step per SophosZap instructions, but it failed (as expected) - tamper protection is (1). I tried to changed manually in the Registry but it failed, not allowed.

    024-01-31T21:01:58.117Z 58004 INFO : Value 'SEDEnabled' under key 'SYSTEM\\CurrentControlSet\\services\\Sophos Endpoint Defense\\TamperProtection\\Config' is set to 1.
    2024-01-31T21:01:58.117Z 58004 INFO : Value 'IgnoreSAV' under key 'SYSTEM\\CurrentControlSet\\services\\Sophos Endpoint Defense\\TamperProtection\\Config' is set to 1.
    2024-01-31T21:01:58.133Z 58004 INFO : Tamper-protected by SED.
    2024-01-31T21:01:58.133Z 58004 ERROR : SophosZap does not run with tamper protection on
    2024-01-31T21:01:58.133Z 58004 INFO : Outcome error flag: 1
    2024-01-31T21:01:58.133Z 58004 INFO : Outcome reboot required: 0
    2024-01-31T21:01:58.133Z 58004 INFO : Summary of errors, see above for details:
    2024-01-31T21:01:58.133Z 58004 INFO : Failure reason: SophosZap does not run with tamper protection on
    2024-01-31T21:01:58.133Z 58004 ERROR : An error occurred. See log file for errors

  • Could you try the following commands via an Admin Command Prompt? 

    cd C:\Program Files\Sophos\Endpoint Defense
    SEDcli.exe -OverrideTPoff <password>

    Use SEDcli.exe to locally manage Tamper Protection settings

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • I tried and I used the password for the recovery, still did not worked. I received this message: "The syntax of the command is incorrect." 

  • The usage:

    usage: SEDcli.exe [ -h | -v | -s | -OverrideTPoff password | -ResumeTP ]
    Options:
    -help or -h Displays this help message
    -version or -v Displays the application version
    -status or -s Displays the current SED Tamper Protection status
    -OverrideTPoff password Override Central Policy for up to four hours and Disable SED Tamper Protection
    -ResumeTP Resume Central Policy (including SED Tamper Protection)

    So it would be:
    SEDcli.exe -OverrideTPoff 12345678910

    Did you keep the < and > when you ran it, is that the problem?

  • This is the result:

    C:\Program Files\Sophos\Endpoint Defense>SEDcli.exe -OverrideTPoff 12345678910
    Failed to override tamper protection: Failed to authenticate
    Using fallback named pipe interface
    Failed to open UI pipe, error:2
    Failed to send request to MCS
    Incorrect SED Tamper Protection password provided

Reply
  • This is the result:

    C:\Program Files\Sophos\Endpoint Defense>SEDcli.exe -OverrideTPoff 12345678910
    Failed to override tamper protection: Failed to authenticate
    Using fallback named pipe interface
    Failed to open UI pipe, error:2
    Failed to send request to MCS
    Incorrect SED Tamper Protection password provided

Children