Sophos Endpoint

Device Live Discover Query - identify devices where Tamper Protection is disabled

Sophos Endpoint requires membership for participation - click to join

Approved

over 2 years ago

Live Discover Query - identify devices where Tamper Protection is disabled

REVIEWED by Sophos

As a simple query highlighting the power of Live Query for ad-hoc reporting, we can easily get the tamper protection state for the computers selected:

select data,path from registry where key='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config' AND name='SEDEnabled' AND data=0;

Regards,

Jak

jak

Top Comments

AK over 3 years ago +3

/cfs-file/__key/commentfiles/fb5d84b10a5745448a7a45dafc1faa43-a278b39e-c981-4508-92a2-147f9cca12a9/pastedimage1593430621802v1.png REVIEWED by Sophos no logic changes, just slightly nicer output: …

Parents

Kevin Kingston over 4 years ago

Thanks for this one, the ability to do this has actually been raised by customer's as a product enhancement: ideas.sophos.com/.../38987794-list-machines-with-tamper-protection-disabled
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel

Comment

Kevin Kingston over 4 years ago

Thanks for this one, the ability to do this has actually been raised by customer's as a product enhancement: ideas.sophos.com/.../38987794-list-machines-with-tamper-protection-disabled
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel

Children

No Data