we have a couple of devices which already have the ednpoint protection installed, but are shown under the topic not administrated devices.
I already tried the following workaround: https://support.sophos.com/support/s/article/KB-000036125?language=en_US#Windows_10
Problem is, that when I select the command prompt there is no admin account to select. I double checked that there is a local admin account which was also logged on to this computer.
Does anyone had the same problem or maybe a solution other than reinstall the devices?
Thanks in advance.
Another option that may work is to use bootable media to browse the files on your device. Using this method, you can browse through the files on the main system as though it were a locally attached drive…
Thank you for reaching us. In the article that you've shared have you tried manually disabling tamper protection via safe mode? Follow the steps listed under "For Core Agent 2.10.8 and earlier" and let us know. Once TP is disabled, you can proceed with booting the device via normal mode. If you wish to register the device on your sophos central where you manage your endpoint you need to download a fresh package and run it via elevated command prompt access together with the switch "--register only".This will register your endpoint device to your managed central account without performing re-installation.
I just tried your suggested steps. The outcome wasn´t that promising.
First I tried the steps under "For Core Agent 2.10.8 and earlier", which asked to set the startup type of the Sophos Anti-Virus Service to disabled. That didn´t work. Instead I got displayed a "Access restricted" message even with if I tried it with the local administrator.
Running the Client.exe with the switch --registeronly only showed the notification that tamper protection is not turned off.
Hello Quasar,Was it done via safe mode? You won't be able to change anything yet if you're running via normal mode.
yes. I just tried it again with the same outcome.
Another option that may work is to use bootable media to browse the files on your device. Using this method, you can browse through the files on the main system as though it were a locally attached drive. Alternatively, you could also remove the hard drive from the main device if this is easier for you, or if you have a way to connect the drive to another system.
The only step you will need to perform while using the bootable media is as follows.
Go to C:\Windows\System32\drivers
Once completed, you can boot the device up normally and proceed through the remaining steps in the KBA from step 10.