Disable Sophos Central tamper protection
This article explains how to temporarily or permanently disable tamper protection for a client. It also shows how to disable tamper protection globally on all clients with one click.
Info: By default, Sophos Central on Sophos Endpoint Client has tamper protection enabled. This prevents a user from making settings on their own or uninstalling the client.
Requirements
- Sophos Central Account
- Sophos Endpoint Client installed on at least one computer
Disable tamper protection permanently for a client
1. Log in to the Sophos Central account
Log in to https://central.sophos.com to log in to Sophos Central Admin.
2. Select computer
Next, in Sophos Central Admin, you can go to the properties of the computer on which you want to disable tamper protection for the Sophos Endpoint Client. To do this, click on the menu item Endpoint Protection in the sidebar on the left-hand side and then click on Computer. Select the correct computer from the list and click the device name to open its properties.
3. Deactivate the tamper protection
In the lower area you will now find the Tamper Protection settings. Click Disable Tamper Protection to permanently unprotect this computer.
Note: It may take a few minutes for the settings to synchronize with the Sophos Endpoint Client.
Temporarily disable tamper protection for a client (Windows)
We recommend not to deactivate the tamper protection permanently if possible. In most cases, it is sufficient to suspend it only temporarily. In the following steps, we’ll show you how.
1. Log in to the Sophos Central account
Log in to https://central.sophos.com to log in to Sophos Central Admin.
2. Select computer
Next, in Sophos Central Admin, you can go to the properties of the computer on which you want to disable tamper protection for the Sophos Endpoint Client. To do this, click on the menu item Endpoint Protection in the sidebar on the left-hand side and then click on Computer. Select the correct computer from the list and click the device name to open its properties.
3. Copy Tamper Protection password
In the lower area you will now find the Tamper Protection settings. Click View details and use the Show Password option to display the current password. Write down this password so that you can disable Tamper Protection on the client in the next step.
4. Log in as admin with the Tamper Protection password
On the Windows computer, open the Sophos Endpoint Client and click Admin sign-in in the top right corner. Then enter the previously noted password and confirm with Sign in. After that a new menu item Settings appears.
5. Deactivate tamper protection
In the settings, select Override Sophos Central policy for up to 4 hours to troubleshoot and then disable tamper protection under User control.
Disable tamper protection permanently for all clients
1. Log in to the Sophos Central account
Log in to https://central.sophos.com to log in to Sophos Central Admin.
2. Globally disable tamper protection
Click on the menu item Global Settings in the sidebar. Under the General Settings section you will now find the item Tamper Protection. If you now call these settings, you can then deactivate the tamper protection on all your clients by clicking on the toggle.
