Turnoff the temper protection via cmd

Hi,

We have installed the Sophos end point through image backup file, unfortunately the system from which we have taken image backup has been deleted from Sophos central, Now we are getting an error message from Sophos end point, it is saying Sophos is unable to connect with management connect with IT admin

As we are using Intune, we are trying to uninstall the Sophos end point and re-install it again,

Can you please guide me how can we disable the temper protection via command prompt?

As these systems are never connected with Sophos central, it doesn't have temper password, we can uninstall manually by accessing the Sophos end point as a administrator, so I am looking for the way to disable the temper protection via cmd

Top Replies

Sophos User930 7 days ago +1

You checked under the Tamper Report: https://cloud.sophos.com/manage/logs-and-reports/recently-deleted

0 GlennSen 8 days ago

Hey there,

Thank you for reaching out to the community forum.

We don't have the steps to disable tamper protection via CMD. though you can follow the steps listed in this KB Article to manually turn off TP on the said device, then use our Sophos Zap tool to remove all Sophos endpoint components on the system before installation
https://support.sophos.com/support/s/article/KBA-000004158?language=en_US

https://support.sophos.com/support/s/article/KBA-000006929?language=en_US

Glenn ArchieSeñas (GlennSen)

Global Community Support Engineer

The New Home of Sophos Support Videos! - Visit Sophos Techvids
- 0 IT Command Center 7 days ago in reply to GlennSen
  
  Thanks for the response Glenn,
  
  We are looking for the command to disable tempter protection, we found one command in the sophos community, however, that is not working
  - 0 Altmash 7 days ago in reply to IT Command Center
    
    Hi,
    
    Unfortunately, we do not have a direct command to uninstall the Sophos Endpoint agent where tamper protection is enabled.
    
    First, you will have to disable tamper protection by following these steps. Sophos Central Endpoint and Server: Recover a tamper protected system
    
    Once the Tamper protection is disabled, you can run the Sophos Zap tool to remove Sophos Endpoint from the device completely, or you can try uninstalling the agent by running the command mentioned in this KBA. Sophos Central Endpoint and Server: Uninstall Sophos using the command line or a batch file
  - 0 IT Command Center 7 days ago in reply to Altmash
    
    Hi Altmash,
    
    We are looking for the command to disable the temper protection on Sophos end point agent
  - 0 Altmash 7 days ago in reply to IT Command Center
    
    Hi,
    
    We have a command using which tamper protection can be turned off.
    
    SEDcli.exe -OverrideTPoff <passcode>
    
    However, this might not help in this situation because you do not have the tamper protection password.
    In case you have the tamper protection password, this command can be used to disable the tamper protection of Sophos Endpoint.
0 Sophos User930 7 days ago

You checked under the Tamper Report:

https://cloud.sophos.com/manage/logs-and-reports/recently-deleted