Sophos Central Endpoint and Server: Turn off Tamper Protection

Overview

Tamper Protection must be turned off before changes are made to the local Sophos configuration or if there is a need to uninstall the existing Sophos product. Turning off tamper protection locally requires the signed-in user to know the tamper protection password.

This article explains how Sophos Central admins can turn off tamper protection on the managed computers. For non-administrators who are looking for the same password, please feel free to reach out to your local IT.

Please be advised that there is no tamper protection for the standalone version of Sophos installed on a Mac.

Click on the link below for the steps:
 

• Turning off tamper protection for all endpoints or servers
• Turning off tamper protection per endpoint or server
• On the installed Sophos Agent on a Windows device
• On the installed Sophos Agent on a macOS device

Product and Environment

• Sophos Central Admin
• Sophos Endpoint Agent

Turning off tamper protection

You must be signed in as an Admin or Super Admin to do the actions below.

Note: If the device has been deleted in Sophos Central, the Tamper Protection password can be recovered by accessing Logs & Reports > Recover Tamper Protection passwords. The report will list deleted devices and all passwords assigned to the device for 90 days. The report also provides an option to export the data, allowing storage of this information beyond the 90-day period.
 

 Turning off tamper protection for all endpoints or servers

1. In Sophos Central, click My Products > General Settings.
2. Under General, click  Tamper Protection.
3. Move the slider to the left to turn off tamper protection, then click Save. 

Turning off tamper protection per endpoint or server

1. In Sophos Central, go to Devices.
2. Click Computers or Server.
3. Select your concerned device.
4. On the SUMMARY tab, scroll down and then click Turn off tamper protection. 

Note: In Settings of the Sophos Endpoint, it will show that the Tamper Protection is already turned off.
 

On the installed Sophos Agent on a Windows device

1. In Sophos Central, go to Devices.
2. Click Computers or Server.
3. Select your concerned device.
4. On the SUMMARY tab, scroll down, then click View password details under Tamper Protection.
5. Take note of the password when you select the Show Password box under Tamper Protection Password Details.
6. Sign in to your concerned Windows device.
7. Double-click the Sophos Endpoint on the Taskbar.
8. Click Admin sign in, then enter the password you noted earlier. 
9. Click the Admin sign-in button.
10. Select Settings from the top menu.
11. Tick the box near the top for Override Sophos Central Policy for up to 4 hours.
12. Move the slider of Tamper Protection to the left.

• Sophos Central will automatically turn on Tamper Protection after four hours.
• If the Sophos Endpoint UI cannot be launched, follow the steps in Sophos Central: Use SEDcli.exe to locally manage Tamper Protection settings.

On the installed Sophos Agent on a macOS device

1. Click Sophos Endpoint on the Dock bar.
2. Click Admin login.
3. Type the Mac admin password and then click the OK button.
4. Click the padlock and Sophos icon, then type the tamper protection password in the dialog box.
5. Click the OK button.

 

Related information

• Sophos Central Endpoint: Tamper Protection Frequently Asked Questions
• Sophos Central Endpoint and Server: Recover a tamper-protected system
• SophosZap: Frequently asked questions
• Sophos Anti-Virus for macOS: Removal tool
• Sophos Retirement Calendars  

Sign up for the Sophos Support Notification Service to receive proactive SMS alerts for Sophos products and Sophos Central services.