This knowledge base article answers the frequently asked questions about Enhanced Tamper Protection.
Applies to the following Sophos products and versions Enterprise Console 5.5.1 Central Endpoint
Note: In SEC 5.5.1, there is an option to enable SED during installation. This option can still be bypassed.
Tamper Protection is a feature that prevents unauthorized users and certain types of known malware from uninstalling the Sophos security software or disabling it through the Sophos interface. Any attempt to disable tamper protection, either by an unauthorized user or malware causes a report or alert to be submitted to the Sophos Central console. For more information, take a look at KBA 125185.
Enhanced Tamper Protection prevents users or malicious applications from making changes to the installed Sophos Anti-Virus. It now protects files, registry keys, services, and processes. See the KBA 123654.
For customers using Sophos Enterprise Console or Sophos Central, Enhanced Tamper Protection will be available with the release of Sophos Anti-Virus 10.6.4.
Enhanced Tamper Protection is enabled automatically for Sophos Central customers. For Sophos Enterprise Console, users must enable it manually by following the steps in the KBA Sophos Endpoint Defense: How to enable Tamper Protection.
For the exact steps, open the KBA 119175.
Follow the steps in Sophos Endpoint Defense: How to recover a tamper protected system.
The Enhanced Tamper Protection feature is not available for UTM managed endpoints.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable for us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.