You may have come across an issue where you have deleted a Server or workstation from Sophos Central not realising that by default these devices are protected for “Tamper Protection”.
Sophos SafeGuard. Sophos has announced the end of sale and future end of life for Sophos SafeGuard products. Customers can continue to use the products or renew subscriptions or maintenance agreements until July 2023. The products will be supported until this date. See the Product Lifecycle page for more details, including migration paths. Sophos Home Premium Security Delivers Advanced, Real-Time Antivirus Protection from the Latest Ransomware, Hacking Attempts and More. Get Sophos Home Today. Contact your administrator or see Sophos KBA 119175.' I have went into the program to disable it but the selection is grayed out. There is a place just below that icon that says authenticate user but requires a password given by someone from Sophos. I need your help. SophosZap is a last resort command line clean up tool focused on uninstalling Sophos Endpoint products to revert a machine to a clean state. Before you run this tool, we strongly recommend that you use the standard product uninstaller first.
So now on the local machine you are attempting to uninstall “Sophos” but you can’t and keep getting an error “You must disable “Sophos Tamper Protection before you continue. Contact your administrator or see Sophos KBA119175”.
Contacting Sophos doesn’t help as they claim there is no way around this. From the looks of it you can’t remove the application and potentially you may have to re-build it if you really need to remove the software.
In the below steps I will show you how you can reset the password for “Tamper Protection” and disable it. You can then uninstall the software.
1. On the local machine launch “Services” and “Stop” the “Sophos Ant-Virus” service
2. Open a explorer window and navigate to “C:ProgramDataSophosSophos Anti-VirusConfig” right click the filename “machine.xml” and click “Edit” alternatively open with “Notepad” – make sure you make a copy of the file before editing it as a backup should you need to restore it.
3. Click “Edit-Find…” find the line within the file called “<TamperProtectionManagement><settings>”
4. On the line below – highlight the hashed password and remove it out.
5. Paste in the following Hash. “E8F97FBA9104D1EA5047948E6DFB67FACD9F5B73” This will set the password to “password”
Sophos Kba 119175
6. Save the changes
7. Start the “Sophos Anti-Virus” service
8. Launch the Sophos Console and click “Authenticate User”
9. Insert the password “password”
10. Click “Configure tamper protection”
Sophos 119175
11. uncheck the box “Enable Tamper protection” and click “OK”
Kba 119175 Sophos
12. Now run the the uninstallation process again and the software should uninstall.