Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 14 subscribers
  • Views 11675 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Lost access to start or stop Sophos services on all machines

Nick Cuddemi

Hello all,

 

I noticed this morning all Sophos services start, stop or restart options are greyed out and when attempting to change the properties, are met with an "Access denied" error.

This happens on any PC we have Sophos Central deployed on including my local PC.


I was able to start/stop services yesterday for multiple PC's as I got warnings that they had stopped, but that is no longer the case.

 

Any info on what might of caused this would be greatly apprecaited

 

Thank you

 

-Nick



This thread was automatically locked due to age.
Parents
  • +1

    Hello Nick,

    AFAIK Tamper Protection is enabled by default in Central and this results in the "symptoms" you describe. Can't say why you have been able yesterday.

    Christian

  • 0 in reply to QC

    Just to confirm, I disabled tamper protection globally and went to a user to test.

    He is able to change any of the settings under "Settings" from Sophos.

    He can disable perpherial control for up to 4 hours or anything else that is enabled.

    He is not a local admin

     

    When going into Global Settings > Tamper Protection from Central it says 

    "Tamper protection ensures that users with local administrator rights can't uninstall Sophos Central Endpoint software or change settings."

     

    This is not just applying to local admins, but to everyone.

     

    Edit:

     

    Also tested the ability to start/stop Sophos services with Tamper Protection disabled and I am still getting access denied errors.

     

    Edit2:

     

    Spoke to support, this is functioning as intended.

    If Tamper Protection is disabled, non local admins have the ability to override policies for up to 4 hours.

    If Tamper Protection is enabled, you need a password to disable it on the physical machine, or you can have Central disable from the Web portal, but you lose the ability to remotely start/stop services.

    If a service stops with Tamper Protection enabled and you aren't able to get to the physical machine, you need to disable it via Central, wait for it to apply, restart the service(s) and enable Tamper Protection again.

     

    Thank you

     

    -Nick

Reply
  • 0 in reply to QC

    Just to confirm, I disabled tamper protection globally and went to a user to test.

    He is able to change any of the settings under "Settings" from Sophos.

    He can disable perpherial control for up to 4 hours or anything else that is enabled.

    He is not a local admin

     

    When going into Global Settings > Tamper Protection from Central it says 

    "Tamper protection ensures that users with local administrator rights can't uninstall Sophos Central Endpoint software or change settings."

     

    This is not just applying to local admins, but to everyone.

     

    Edit:

     

    Also tested the ability to start/stop Sophos services with Tamper Protection disabled and I am still getting access denied errors.

     

    Edit2:

     

    Spoke to support, this is functioning as intended.

    If Tamper Protection is disabled, non local admins have the ability to override policies for up to 4 hours.

    If Tamper Protection is enabled, you need a password to disable it on the physical machine, or you can have Central disable from the Web portal, but you lose the ability to remotely start/stop services.

    If a service stops with Tamper Protection enabled and you aren't able to get to the physical machine, you need to disable it via Central, wait for it to apply, restart the service(s) and enable Tamper Protection again.

     

    Thank you

     

    -Nick

Children
No Data
Unfiltered HTML