Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Uninstall Sophos Endpoint from a Windows PC without having a Password for disabling Tamper Protection


there are  many Articles about this problem  but none is working.... 

I tried this

  • Following the restart, select an administrative account to continue and enter the password.
  • Open Command Prompt.
  • Type C: and press Enter.
    • Note: Your Boot drive may differ from C. If so, use a command such as DiskPart and list volume to show the available volumes.
  • Type cd Windows\System32\drivers and press Enter.
  • Type ren SophosED.sys SophosED.sys.old and press EnterDoes not work , Access denied ! So nonre-name possible
  • Type exit and press Enter.
  • Click Continue.
  • Once back in Windows, open Registry Editor.
  • Back up the registry.
  • Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Agent  and set the Value data of Start to 0x00000004.  This works
  • Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVService  and set the Value data of Start to 0x00000004.Access denied
  • Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos AutoUpdate Service  and set the Value data of Start to 0x00000004.
  • Also access denied, cannot be changed
  • Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Services and under every subkey in this location set the Value data of Protected to 0 . Also access denied, cannot be changed
    • Example:
      • Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Services\SAVService and set the Value data of Protected to 0.
  • Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config and set the Value data of SAVEnabled and SEDEnabled to 0. Also access denied, cannot be changed
  • Set the Value data of Enabled to 0 in the following:
    • 32-bit: HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVService\TamperProtection Also access denied, cannot be changed
    • 64-bit: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\SAVService\TamperProtection Also access denied, cannot be changed
  • Restart the endpoint or server to turn off tamper protection completely.

So all thes Articles are not working as described, any ideas how to overcome these problems ?

This thread was automatically locked due to age.