This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Forgot Tamper protection password

Hi,

We are stuck in one scenario at one of our clients place ( 400 endpoint machine ), we do not know the tamper protection password and the SEC server and endpoint connectivity is not there, so we cannot push the tamper policy to the endpoints.

The only option we have now is to disable the tamper by entering the password manually, but we do not know the tamper protection password. Is there anyway that password is stored somewhere in the endpoint or on the SEC server ?

This thread was automatically locked due to age.

Parents

0 QC over 6 years ago

Hello Kandarp Desai1,

that password is stored somewhere
for IMO obvious reasons Sophos won't tell you if, and - in case it is - where, and how to derive the clear text from the stored information [:)].

Please see Sophos Endpoint Defense: How to recover a tamper protected system.

But do I understand correctly that 400 endpoints are orphaned? Would be quite some task. Why is endpoint connectivity not there?

Christian
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 6 years ago

Hello Kandarp Desai1,

that password is stored somewhere
for IMO obvious reasons Sophos won't tell you if, and - in case it is - where, and how to derive the clear text from the stored information [:)].

Please see Sophos Endpoint Defense: How to recover a tamper protected system.

But do I understand correctly that 400 endpoints are orphaned? Would be quite some task. Why is endpoint connectivity not there?

Christian
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Kandarp Desai1 over 6 years ago in reply to QC

Thanks christian for the reply,

We are thinking of handing over any information to Sophos and let them do the process of decrypting or whatever is the method to get back the password. I still don't know if they will agree to this ?

Also, we are thinking of using Revo uninstaller to completely remove Sophos incase we do not get any workaround.

Yes the server is orphaned and its difficult to get it back up.
Cancel
Vote Up 0 Vote Down

Cancel
+1 QC over 6 years ago in reply to Kandarp Desai1

Hello Kandarp Desai1,

orphaned
all one needs to be again able to manage the endpoints are the Certification Manager registry keys - if you happen to have a backup of them you can easily build a server that takes the place of the old one ...

Christian
Cancel
Vote Up 0 Vote Down

Cancel