We are in the process of removing Sophos (we only used it for device encryption) from about 1000 computers. I ran into two devices so far that had apparently been deleted from Sophos Central by mistake https://tutuappx.com/ more than 90 days ago. Now I can't uninstall Sophos because they think that tamper protection is on.
What are my options to either 1) add the device back into Sophos Central or, preferably 2) uninstall Sophos completely. Bonus points if the solution can be done remotely, by CLI, PowerShell, or Microsoft Configuration Manager (SCCM). We do not have AD sync turned on, and I would prefer to keep it that way.
Hello Kusha,Thank you for reaching the community,Before you uninstall the endpoint on the said system, you need to disable tamper protection by following the steps in this KB Article. Once TP is disabled, you can uninstall the endpoint using the Sophos Zap tool.