Hi Community,
In this video Jelan from Sophos Support shows you how to use the Sophos ZAP tool to remove Sophos Endpoint or Server Protection Software from a Windows Device.
ZAP has been a very handy tool! Much more efficient than cleaning everything up manually.
I did follow the video on the YouTube channel and this is the result
Microsoft Windows [Version 10.0.19041.572](c) 2020 Microsoft Corporation. All rights reserved.
C:\WINDOWS\system32>cd c:\Sophoszap
c:\SophosZap>sophoszap --confirmSophos Zap v1.0 - Uninstall Sophos Endpoint softwareCopyright 2019 Sophos Limited. All rights reserved.
Extracting to temporary folder: C:\Users\lmrei\AppData\Local\Temp\SophosZap-673788389Logging to 'C:\Users\lmrei\AppData\Local\Temp\Sophos Windows Endpoint Zap log.txt'An error occurred. See log file for errors.
c:\SophosZap>
I went to check out the log file and this is the information on that file
Went to 'C:\Users\lmrei\AppData\Local\Temp\Sophos Windows Endpoint Zap log.txt'
The Sophos windows endpoint logs I found stated
2020-12-06T22:00:11.321Z 4708 INFO : ==== Started C:\\Users\\lmrei\\AppData\\Local\\Temp\\SophosZap-673788389\\SophosZapHelper.exe ====
2020-12-06T22:00:11.322Z 4708 INFO : Running version 1.0.1853.0
2020-12-06T22:00:11.330Z 4708 INFO : Parent process ID: 6372
2020-12-06T22:00:11.330Z 4708 INFO : Running Zap functionality on 64 bit operating system
2020-12-06T22:00:11.331Z 4708 INFO : Intialising COM subsystem.
2020-12-06T22:00:11.334Z 4708 INFO : Performing prerequisite checks.
2020-12-06T22:00:11.337Z 4708 INFO : Checking for presence of incompatible software: Sophos SafeGuard
2020-12-06T22:00:11.340Z 4708 INFO : Checking for presence of incompatible software: AD Sync
2020-12-06T22:00:11.341Z 4708 INFO : Checking for presence of incompatible software: SAV NetApp
2020-12-06T22:00:11.341Z 4708 INFO : Checking for presence of incompatible software: Sophos PureMessage for Exchange
2020-12-06T22:00:11.342Z 4708 INFO : Checking for presence of incompatible software: Sophos for Microsoft SharePoint
2020-12-06T22:00:11.343Z 4708 INFO : Checking for presence of incompatible software: SAVDI
2020-12-06T22:00:11.343Z 4708 INFO : Checking for presence of incompatible software: Sophos Enterprise Console
2020-12-06T22:00:11.344Z 4708 INFO : Checking for presence of incompatible software: Sophos Transparent Authentication Suite
2020-12-06T22:00:11.344Z 4708 INFO : Checking for presence of incompatible software: Sophos IPsec Client
2020-12-06T22:00:11.345Z 4708 INFO : Checking for presence of incompatible software: Sophos Connect
2020-12-06T22:00:11.345Z 4708 INFO : Checking for presence of incompatible software: Sophos Connect Admin
2020-12-06T22:00:11.345Z 4708 INFO : Checking for presence of incompatible software: Sophos Update Manager
2020-12-06T22:00:11.346Z 4708 INFO : Checking for presence of incompatible software: Invincea
2020-12-06T22:00:11.346Z 4708 INFO : Checking for presence of incompatible software: Sophos Network Access Control
2020-12-06T22:00:11.347Z 4708 INFO : Checking for presence of incompatible RMS Server
2020-12-06T22:00:11.347Z 4708 INFO : Sophos Endpoint Defense is installed.
2020-12-06T22:00:11.348Z 4708 INFO : Value 'SEDEnabled' under key 'SYSTEM\\CurrentControlSet\\services\\Sophos Endpoint Defense\\TamperProtection\\Config' is set to 1.
2020-12-06T22:00:11.348Z 4708 INFO : Value 'IgnoreSAV' under key 'SYSTEM\\CurrentControlSet\\services\\Sophos Endpoint Defense\\TamperProtection\\Config' is set to 1.
2020-12-06T22:00:11.349Z 4708 INFO : Tamper-protected by SED.
2020-12-06T22:00:11.349Z 4708 ERROR : Zapper does not run with tamper protection on
2020-12-06T22:00:11.349Z 4708 INFO : Outcome error flag: 1
2020-12-06T22:00:11.350Z 4708 INFO : Outcome reboot required: 0
2020-12-06T22:00:11.350Z 4708 INFO : Summary of errors, see above for details:
2020-12-06T22:00:11.351Z 4708 INFO : Failure reason: Zapper does not run with tamper protection on
I am running Sophos Home free edition and I can not find any way to disable the tamper protection from the information that I have found so far. There is no option that I can find.
Hey LisaHamp,
The error you are getting is due to tamper protection which is currently enabled on your endpoint. Before running ZAP, ensure to disable tamper protection first. You may refer to this Article on how to disable tamper protection and once succeeded, you may now proceed on running sophos ZAP.