Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 12 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 64791 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Tamper Protection greyed out

AMS_User

Hi All,

We are in the process of rolling out Sophos Antivirus in our company.

One of our users is complaining he can no longer connect USB devices like iPhones and Cameras.

We've just installed Sophos on his PC and Device Control is not enabled.

To confirm it was Sophos I wanted to disable it.  However the Authenticate User option is disabled!

How do I disable Sophos on an end-users PC.

Many thanks

:47938


This thread was automatically locked due to age.
Parents
  • 0

    Hello AMS_User,

    for a managed endpoint TP is, like the other components, controlled with the corresponding policy. You can always force the endpoints to comply (well, as long as there is a working connection).

    There are two cases (if the endpoint complies with the policy):

    1. you have enabled TP from SEC. To do so you also had to set a password (this is the password to use for Authenticate User). In the client GUI when logged in as a SophosAdministrator Authenticate User is active (as is View TP log), whereas Configure is greyed
    2. you have not enabled TP. Then Authenticate is greyed, Configure is active (again provided you are SophosAdministrator)

    For completeness - if you have not enabled TP, but the endpoint does not comply and shows TP as active then a local admin has enabled TP locally (in which case you likely do not know the password). You should be able to force (from SEC) compliance though.

    How do I disable the software

    Well, in a certain sense you can't really (and neither with other vendors) as low-level components are involved which remain present. Timed disabling has IMO limited use - you are debugging, aren't you? Unlikely you can tell in advance how long it will take and if there is significant time remaining when you are finished you'd have to re-enable it manually anyway.

    You can disable each component individually, as you don't have Device Control On-Access should be the only one which comes into play here (if at all).

    Christian

    :48252
Reply
  • 0

    Hello AMS_User,

    for a managed endpoint TP is, like the other components, controlled with the corresponding policy. You can always force the endpoints to comply (well, as long as there is a working connection).

    There are two cases (if the endpoint complies with the policy):

    1. you have enabled TP from SEC. To do so you also had to set a password (this is the password to use for Authenticate User). In the client GUI when logged in as a SophosAdministrator Authenticate User is active (as is View TP log), whereas Configure is greyed
    2. you have not enabled TP. Then Authenticate is greyed, Configure is active (again provided you are SophosAdministrator)

    For completeness - if you have not enabled TP, but the endpoint does not comply and shows TP as active then a local admin has enabled TP locally (in which case you likely do not know the password). You should be able to force (from SEC) compliance though.

    How do I disable the software

    Well, in a certain sense you can't really (and neither with other vendors) as low-level components are involved which remain present. Timed disabling has IMO limited use - you are debugging, aren't you? Unlikely you can tell in advance how long it will take and if there is significant time remaining when you are finished you'd have to re-enable it manually anyway.

    You can disable each component individually, as you don't have Device Control On-Access should be the only one which comes into play here (if at all).

    Christian

    :48252
Children
No Data
Unfiltered HTML