https://community.sophos.com/kb/en-us/119175

Sophos Endpoint: How to disable Tamper Protection

• 119175

• 17 Aug 2018

• 34 people found this helpful

• English | Español | Italiano | 日本語 | Français | Deutsch

Overview

Tamper Protection must be disabled before changes are made to the local Sophos configuration or uninstall an existing Sophos product.
This article describes the steps to disable Tamper Protection from various Sophos products.

Note: To disable Tamper Protection, you must have Sophos Administrator rights and the Tamper Protection password that was used to enable it.

The following sections are covered:

• [On a computer managed by Enterprise Console](https://community.sophos.com/kb/en-us/119175#On a computer managed by Enterprise)
• [Centrally from Sophos Enterprise Console or standalone installation](https://community.sophos.com/kb/en-us/119175#Locally on a computer managed by Enterprise)
  • Windows
  • Mac
• [On a computer managed by Sophos Central](https://community.sophos.com/kb/en-us/119175#On a computer managed by Sophos Central)
  • [Locally on a Windows computer](https://community.sophos.com/kb/en-us/119175#Locally on a Windows computer)
  • [Locally on a Mac computer](https://community.sophos.com/kb/en-us/119175#Locally on a Mac computer)
  • [Centrally from Sophos Central (not recommended)](Service and Support from Sophos Central)
    • [On a per client basis from Sophos Central](https://community.sophos.com/kb/en-us/119175#On a per client basis)
• [On a computer managed by Sophos UTM](https://community.sophos.com/kb/en-us/119175#On a computer managed by Sophos UTM)
  • [Centrally from the UTM for a single endpoint computer](Service and Support from the UTM for a single)
  • [Centrally from the UTM for a group of endpoint computers](Service and Support from the UTM)
• [Related information](Service and Support information)
• [Feedback and contact](Service and Support and contact)

Applies to the following Sophos products and versions
Sophos Endpoint Security and Control 10.0
Sophos Cloud Managed Endpoint
Sophos Anti-Virus for Mac OS X
Enterprise Console

Centrally from Sophos Enterprise Console

Disable tamper protection by changing the relevant policy.

1. Open the Tamper Protection policy that you want to change.
2. In the Tamper Protection Policy dialog box, clear the Enable tamper protection check-box.
3. Click OK to apply the change.

Note: Adjusting this policy will affect all endpoints it is applied to.

For more information, see the Enterprise Console Help guide for the console version.

Locally on a computer managed by Enterprise Console or standalone installation

Windows

1. Double-click the Sophos shield on the Taskbar to start the main Sophos application.
2. Click Authenticate user .
3. Enter the Tamper Protection password that is configured in your Tamper Protection policy.
4. Click Configure tamper protection and uncheck Enable Tamper Protection .
5. Click OK .
6. You have now disabled Tamper Protection .

Mac (There is no tamper protection for standalone installations)

1. Open the Sophos Anti-Virus Preferences.
2. Click the padlock and Sophos icon and in the dialog box enter the tamper protection password.
3. Click OK.

Note: Tamper Protection can only be disabled using this method to allow changes to be made to the local Sophos configuration. It cannot be disabled permanently.

On a computer managed by Sophos Central

Retrieve the default Tamper Protection password from Sophos Central before performing this procedure.

1. Login to Sophos Central Admin.
2. Go to Computers and select the system you want to retrieve the Tamper Protection password for.
3. In the computer details overview screen, click View details from the Tamper Protection section.
4. Select Show Password and make a note of this password.

Locally on a Windows computer

1. Double-click the Sophos shield on the Taskbar to start the main Sophos application.
2. On the Home screen, click Admin Login from the top right section.
3. Note: If you do not see this then Tamper Protection is not enabled anyway.
4. Enter the Tamper Protection password that you noted earlier and then click Log In.
5. Select Settings from the top menu.
6. Tick the box near the top for Override Sophos Central Policy for up to 4 hours.

Note: Sophos Central will automatically enable Tamper Protection after four hours.

Locally on a Mac computer

1. Open the Sophos Anti-Virus Preferences .
2. Click the padlock and Sophos icon and in the dialog box enter the tamper protection password.
3. Click OK .

Note: Tamper Protection can only be disabled using this method to allow changes to be made to the local Sophos configuration. It cannot be disabled permanently. Sophos Central will automatically enable Tamper Protection after two hours.

Centrally from Sophos Central (not recommended)

IMPORTANT: This may disable Tamper Protection for all computers managed by Sophos Central.

1. Log in to Sophos Central Admin.
2. Click Global Settings .
3. Select Tamper Protection from General Settings .
4. Disable Tamper Protection and then click Save .

All managed computers will implement the configuration change in approximately 20-30 seconds.

Note: If you have changed the Tamper Protection setting on a per client basis, the Global Settings will no longer update the modified client.

On a per client basis from Sophos Central

1. Log in to Sophos Central Admin.
2. Click Computers .
3. Click to select the endpoint where tamper protection should be disabled.
4. In the computer details overview, click Disable Tamper Protection .

The computer will implement the configuration change in approximately 20-30 seconds.

Note: By changing the Tamper Protection setting on a per client basis, the Global Settings will no longer update the modified client.

On a computer managed by Sophos UTM

Retrieve the default tamper protection password from the UTM before attempting this procedure.

1. Log in to the Sophos UTM WebAdmin.
2. From the left-hand menu, select Endpoint Protection > Computer Management .
3. In the Computer Management screen select the Advanced tab.
4. Make a note of the default password shown under the Tamper Protection section on the right-hand side.
5. Follow the instructions in [Disable Tamper Protection locally on a Windows computer](https://community.sophos.com/kb/en-us/119175#Locally on a Windows computer).

Centrally from the UTM for a single endpoint computer

1. Log in to the Sophos UTM WebAdmin.
2. From the left-hand menu, select Endpoint Protection > Computer Management .
3. In the Computer Management screen select the Managed Computers tab.
4. Locate the correct endpoint computer and click Edit .
5. In the Edit Computer panel, change Tamper Protection to Disabled .
6. Click Save .

The computer will implement the configuration change when it next checks with the broker.

Note: Sophos Endpoint Security and Control will still show Tamper Protection as enabled locally. However, the uninstaller will allow the software to be removed.

Centrally from the UTM for a group of endpoint computers

1. Log in to the Sophos UTM WebAdmin.
2. From the left-hand menu select Endpoint Protection > Computer Management .
3. In the Computer Management screen select the Manage Groups tab.
4. Locate the correct endpoint group and click Edit .
5. In the Edit Computers Group panel, change Tamper Protection to Disabled .
6. Click Save .

The computer will implement the configuration change when it next checks with the broker.

Note: Sophos Endpoint Security and Control will still show Tamper Protection as enabled locally. However the uninstaller will allow the software to be removed.

Related information

• FAQ on Tamper Protection
• How to enable Tamper Protection

Liquid Layer Networks

Powered by:

HostCheetah Networks
Global Web Hosting, Domain Registration and Internet Services
http://hostcheetah.net | http://hostcheetah.uk