Unable to reset Tamper Protection on non administrated devices

Hi Quasar,

Thank you for reaching us. In the article that you've shared have you tried manually disabling tamper protection via safe mode? Follow the steps listed under "For Core Agent 2.10.8 and earlier" and let us know. Once TP is disabled, you can proceed with booting the device via normal mode. If you wish to register the device on your sophos central where you manage your endpoint you need to download a fresh package and run it via elevated command prompt access together with the switch "--register only".
This will register your endpoint device to your managed central account without performing re-installation. 

Hi Quasar,

Thank you for reaching us. In the article that you've shared have you tried manually disabling tamper protection via safe mode? Follow the steps listed under "For Core Agent 2.10.8 and earlier" and let us know. Once TP is disabled, you can proceed with booting the device via normal mode. If you wish to register the device on your sophos central where you manage your endpoint you need to download a fresh package and run it via elevated command prompt access together with the switch "--register only".
This will register your endpoint device to your managed central account without performing re-installation. 

Hi GlennSen,

I just tried your suggested steps. The outcome wasn´t that promising.

First I tried the steps under "For Core Agent 2.10.8 and earlier", which asked to set the startup type of the Sophos Anti-Virus Service to disabled. That didn´t work. Instead I got displayed a "Access restricted" message even with if I tried it with the local administrator.

Running the Client.exe with the switch --registeronly only showed the notification that tamper protection is not turned off.

Hello Quasar,

Was it done via safe mode? You won't be able to change anything yet if you're running via normal mode.

Hello GlennSenn,

yes. I just tried it again with the same outcome.

Another option that may work is to use bootable media to browse the files on your device. Using this method, you can browse through the files on the main system as though it were a locally attached drive. Alternatively, you could also remove the hard drive from the main device if this is easier for you, or if you have a way to connect the drive to another system.

The only step you will need to perform while using the bootable media is as follows.

1. Go to C:\Windows\System32\drivers 
2. Rename SophosED.sys SophosED.sys.old 

Once completed, you can boot the device up normally and proceed through the remaining steps in the KBA from step 10.