We'd love to hear about it! Click here to go to the product suggestion community
We have just started using Sophos Cloud. A computer was registered using a link from the wrong persons email. We deleted that computer from the Cloud. Now we cannot re-register that computer because of tamper protection on that computer. We cannot get the password because the computer has been deleted. Is there a way to retrieve the password after to computer has been deleted? Is there a way to uninstall without the password? This is version 11.2.5 Cloud
I too am facing the same issue where I deleted the computer from my computer group and unable to obtain the Tamper Protection password to uninstall it from my mac. Help would be appreciated.
In reply to Aditya Patel:
I also have a Mac to that has been deleted form Sophos Central, and now I don't have the Temper password to remove and reinstall the client on it.
Can you please send me the instructions too?
Could you DM me the steps as well? I have a Mac, that has been deleted in Sophos Central, and cannot remove Endpoint now without the TamperProtectionPassword.
All other suggested solutions didn't work for me.
Many Thanks :)
In reply to Johanne Ritter:
Hope this Helps.
In Sophos Central Dashboard - Navigate to the below You would seen an option to Recover Deleted Items Tamper Protection. This feature has been recently added where you see a list of deleted computer of the past.
The next update to the installer will allow it to reinstall over the top of a tamper protected endpoint when the Sophos Central management account it is connected to will remain the same. This will allow unimpeded reinstalls, including if the computer has been deleted in the Sophos Central admin console. It still protects against someone trying to "take over" the client by running an installer from a different Sophos Central account; in that case the tamper protection code will be needed still.
Longer term we want to improve the uninstall process, for instance when deleting a computer or server in the admin console, it would also disable tamper protection on the endpoint the next time it is online.
Note: when we update the installer, you do not need to take action to get the benefit. "Old" copies of the installer will check for updates each time they are run and automatically download and use a newer version. For example, this means customers who have set up automated installation process do not have to update it each time we make changes.
Installer versions are recorded in the installer log file, but are not highlighted elsewhere as they are generally invisible and not important to most customers.
The exact release date for the next installer will depend on the test pass results, if all goes well it should be out this month, potentially even this week. I will post back to this thread when it is live so you know (no action will be needed to start using it, as noted above).
In reply to JS:
The new installer (v1.5) is out. When running the installer you can see the version bottom left. Note that initially you will see the originally downloaded version before it updates itself on a lter screen.
We pulled the feature to "reprotect over an already tamper protected install if the central account remained the same" late on in a security review, as it could be used to create transient protection gaps.
We will review the requirement and see if there is a way to achieve it securely.
What we did do is prevent tamper protector applying until an installation is complete. While this doesn't help with reinstalling "old" machines, it does mean we avoid situations where a "clean" install could fail, but be tamper protected, preventing easy uninstall or re-attempts at installing.
So, not quite bypassing tamper protection when installing to the same account, but it does have a very similar effect for new installs.