Back to Index of FAQs
This article addresses some frequently asked questions about Sophos tamper protection, and describes what you need to do if you want to disable it.
Applies to the following Sophos product(s) and version(s)
Sophos Endpoint Security and Control 10.0Sophos Cloud Managed EndpointSophos Anti-Virus for Mac OS XEnterprise Console
What is tamper protection? Tamper protection is a feature that prevents unauthorized users and certain types of known malware from uninstalling Sophos security software or disabling it through the Sophos interface. Any attempt to disable tamper protection, either by an unauthorized user or by malware, causes a report/alert to be submitted to the central console.
Is tamper protection enabled by default on Sophos software?
Is tamper protection available on the free Sophos Home software? Tamper protection is not currently available on the free Sophos Home product. If your home computer is running Sophos Anti-Virus and appears to have tamper protection installed, you will need to ask the person who installed the Sophos software to disable the tamper protection How does tamper protection get on my computer?
How can I uninstall Sophos when removal is prevented by Tamper Protection? If you want to uninstall Sophos software from a computer with Tamper protection enabled, not only will you require the tamper protection password as set up by the admin who set or has access to it, but you will also require local administrator permissions to run the uninstaller.
How can I disable Tamper protection? Normally you would only disable Tamper protection if you wanted to make a change to the local Sophos configuration or uninstall an existing Sophos product. The instructions for this are given below. However, if you are not the administrator who installed it and who has the password, you will need to obtain the password before you can carry out the procedure.
You can disable tamper protection by changing the relevant policy. You need the necessary administrative rights and the tamper protection password, as described above.
For more information see the Help guide for your console version.
Windows You must have Sophos Administrator rights and you will require the tamper protection password that was used when tamper protection was enabled.
Mac (There is no tamper protection for standalone installations) You must have rights to make changes and you will require the tamper protection password that was used when tamper protection was enabled.
Before you start, you must retrieve the default tamper protection password from your Sophos Cloud, then follow the instructions for removing it either locally or centrally.
Now follow the instructions for removing tamper protection locally or centrally.
Disable Tamper Protection locally on a Windows computer (You must have Sophos Administrator rights to perform this operation),
Disable Tamper Protection locally on a Mac computer (You must have rights to perform this operation).
Disable Tamper Protection centrally from Sophos Central (not recommended)
Important: This will disable Tamper Protection for all computers managed by Sophos Cloud so it is not the recommended option.
All managed computers will implement the configuration change within 20-30 seconds.
Disable Tamper Protection on a per client basis from Sophos Central
The computer will implement the configuration change within 20-30 seconds.
Before you start you must retrieve the default tamper protection password from your UTM. Note: If you have previously changed the default password you can skip the steps below if you know the password. If you have forgotten the password steps 1 to 3 below will guide you to the section to reset it.
Disable Tamper Protection centrally from the UTM for a single endpoint computer
The computer will implement the configuration change when it next checks with the broker.
Note: Locally Sophos Endpoint Security and Control will still show Tamper Protection as enabled however the uninstaller will allow the software to be removed.
Disable Tamper Protection centrally from the UTM for a group of endpoint computers
Todos los comentarios enviados son leídos (por una persona), pero no podemos contestar a preguntas técnicas específicas. Si necesita soporte técnico, publique una pregunta en nuestra comunidad. Como alternativa, en el caso de los productos con licencia, abra una solicitud de soporte.