This knowledge base article answers the FAQs about Sophos Tamper Protection.
The following questions are answered:
Applies to the following Sophos products and versions Sophos Endpoint Security and Control 10.6.4Sophos Cloud Managed EndpointSophos Anti-Virus for Mac OS XEnterprise Console
Tamper Protection is a feature that prevents unauthorized users and certain types of known malware from uninstalling Sophos security software or disabling it through the Sophos interface. Any attempt to disable tamper protection, either by an unauthorized user or malware causes a report/alert to be submitted to the central console.
Tamper protection is not currently available on the free Sophos Home product. If your home computer is running Sophos Anti-Virus and appears to have tamper protection installed, you will need to ask the person who installed the Sophos software to disable the tamper protection.
Sophos Central and UTM: Tamper Protection is enabled by default. For Central, the password is generated automatically and cannot be set manually.
Enterprise Console: You can enable Tamper Protection on an endpoint computer by applying a tamper protection policy. This is configured centrally from the console along with other policies, typically by the Sophos administrator who installed and set up the Sophos software.
Standalone installations: Tamper protection is enabled and the password set by a local Administrator. This password is set for all users who log on.
To uninstall Sophos software from a computer with Tamper Protection enabled, you require the tamper protection password that was set by the admin and local administrator permissions to run the uninstaller.
Disable Tamper Protection only if you need to make a change to the local Sophos configuration or uninstall an existing Sophos product. You must have admin rights and the tamper protection password to do this. For reference, take a look at the KBA Sophos Endpoint: How to disable Tamper Protection.
To recover a tamper protected system if you've lost the tamper protection password and the client cannot receive a new policy with a known password, see Sophos Endpoint Defense: How to recover a tamper protected system.
There is no option to set a single password for all managed endpoints or servers.
A unique password can be set for an endpoint or server by going to its SUMMARY column then click Generate New Password.
If the tamper protection is enabled in the policy, endpoints or servers wherein this has been disabled will show the message Differs from policy.
Differs from policy
Note: There is no option to generate a report showing the tamper protection status of all the endpoints or servers.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable for us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.