Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
This article answers the frequently asked questions on Tamper Protection.
The following questions are answered:
Applies to the following Sophos products and versions Sophos Endpoint Security and Control 10.6.4Sophos Cloud Managed EndpointSophos Anti-Virus for Mac OS XEnterprise Console
Tamper Protection is a feature that prevents unauthorized users and certain types of known malware from uninstalling Sophos security software or disabling it through the Sophos interface. Any attempt to disable tamper protection, either by an unauthorized user or malware causes a report/alert to be submitted to the central console.
See, How to enable Tamper Protection.
Tamper protection is not currently available on the free Sophos Home product. If your home computer is running Sophos Anti-Virus and appears to have tamper protection installed, you will need to ask the person who installed the Sophos software to disable the tamper protection.
Sophos Central and UTM: Tamper Protection is enabled by default. For Central, the password is generated automatically and cannot be set manually.
Enterprise Console: You can enable Tamper Protection on an endpoint computer by applying a tamper protection policy. This is configured centrally from the console along with other policies, typically by the Sophos administrator who installed and set up the Sophos software.
Standalone installations: Tamper protection is enabled and the password set by a local Administrator. This password is set for all users who log on.
To uninstall Sophos software from a computer with Tamper Protection enabled, you require the tamper protection password that was set by the admin and local administrator permissions to run the uninstaller.
Disable Tamper Protection only if you need to make a change to the local Sophos configuration or uninstall an existing Sophos product. You must have admin rights and the tamper protection password to do this. See, How to disable Tamper Protection.
To recover a tamper protected system if you've lost the tamper protection password and the client cannot receive a new policy with a known password, see Sophos Endpoint Defense: How to recover a tamper protected system.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.