Disclaimer: This information is provided as-is and should be referenced at your own risk.
Hi Everyone,There are many instances when the user accidentally deletes the device from the central dashboard, and the machine has Sophos endpoint installed. However, it does not report to the central dashboard.
Deleting the device from the Sophos central dashboard does not uninstall the Sophos endpoint on the machine. To uninstall Sophos, please follow the steps mentioned in this article, which need to be performed after disabling tamper protection.
You will be able to view the list of the deleted endpoints by clicking on View Password Details.Note: If the device name is not showing under recover tamper protection password, you will need to recover the tamper password with the help of this article.
Windows 7 and later: C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist
Windows XP: %ALLUSERSPROFILE%\Application Data\Sophos\Management Communications System\Endpoint\Persist
In my experience I also found it simpler to reinstall the endpoint after step 3 with the command line parameter --registeronly. This doesn't uninstall the software or reinstall it, it simply reregisters…
The steps with deleting the files would force the endpoint to get a brand new endpoint ID from Central. In most cases with accidentally deleted machines less than 90 days ago (they still show up in Recover Tamper Protection Passwords report) is to either do 1) disable tamper protection through endpoint interface 2) run SophosSetup.exe --registeronly (what MEric suggested above) in elevated command prompt which is very quick, or just run SophosSetup.exe overtop of existing install, which will take longer but will accomplish the same (in case of non-technical users it might be easier to instruct them to do remotely.)