How to disable Tamper Protection when Sophos Anti-Virus is managed from a Sophos UTM

  • Article ID: 119195
  • Rating:
  • 11 customers rated this article 1.7 out of 6
  • Updated: 18 Apr 2013

Sophos Tamper Protection prevents unauthorized users from changing Sophos Endpoint Security and Control settings and uninstalling the software.

This article explains how to disable tamper protection for endpoints managed from a Sophos UTM so local configuration changes can be made, or the software can be successfully uninstalled.

Note: For instructions on disabling Tamper Protection on endpoints managed from Enterprise Console see the Help guide for your console version.

Known to apply to the following Sophos product(s) and version(s)

Sophos UTM

Disable Tamper Protection locally for one endpoint computer

Retrieve the default tamper protection password from your UTM

Note: If you have previously changed the default password you can skip the steps below if you know the password.  If you have forgotten the password steps 1 to 3 below will guide you to the section to reset it.

  1. Open the Sophos UTM WebAdmin interface and login.
  2. From the left-hand menu select 'Endpoint Protection' | 'Computer Management'.
  3. On the Computer Management screen select the 'Advanced' tab.
  4. Make a note of the default password shown under the 'Tamper Protection' section on the right-hand side.

Disable Tamper Protection on the endpoint

For instructions see article 119175.

Disable Tamper Protection centrally from the UTM

Disable Tamper Protection for a single endpoint computer

  1. Open the Sophos UTM WebAdmin interface and login.
  2. From the left-hand menu select 'Endpoint Protection' | 'Computer Management'.
  3. On the Computer Management screen select the 'Managed Computers' tab.
  4. Locate the correct endpoint computer and click on the 'Edit' button.
  5. In the 'Edit Computer' panel change 'Tamper Protection: Enabled' to 'Disabled'.
  6. Click the 'Save' button.

The computer will implement the configuration change when it next checks with the broker.  The endpoint software can now be removed from the workstation.

Note: Locally Sophos Endpoint Security and Control will still show Tamper Protection as enabled however the uninstaller will allow the software to be removed.

Disable Tamper Protection for a group of endpoint computers

  1. Open the Sophos UTM WebAdmin interface and login.
  2. From the left-hand menu select 'Endpoint Protection' | 'Computer Management'.
  3. On the Computer Management screen select the 'Manage Groups' tab.
  4. Locate the correct endpoint group and click on the 'Edit' button.
  5. In the 'Edit Computers Group' panel change 'Tamper Protection: Enabled' to 'Disabled'.
  6. Click the 'Save' button.

The computer will implement the configuration change when it next checks with the broker.  The endpoint software can now be removed from the workstation.

Note: Locally Sophos Endpoint Security and Control will still show Tamper Protection as enabled however the uninstaller will allow the software to be removed.

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments