Uninstall Sophos Central Endpoint with tamper protection enabled (Windows)
In this article we will show you how to remove Sophos Central Endpoint Client from your Windows system, even though the tamper protection prevents it.
Important: This variant of uninstalling the Endpoint Client should be used only if there is no possibility to disable tamper protection in the normal way. This may be due to forgetting the password or deleting the computer from Sophos Central without first uninstalling the endpoint client from the computer. How to disable tamper protection in the normal way is shown in this tutorial.
Variante 1
- Start your Windows system in safe mode.
- Click
Start
, thenAusführen
and type services.msc. Confirm with Enter or click onOK
. - Search for Sophos Anti-Virus Service and right-click on it.
- From the context menu, select
Eigenschaften
and then deactivate the service. - Now you can click again on
Start
and thenAusführen
. This time type regedit. Confirm with Enter or clickOK
. - In the registry editor, change to the following location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos MCS Agent
and setREG_DWORD
Start to 0x00000004 - Next, in the registry editor, go to the following location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config
and set the followingREG_DWORD
valuesSAVEnabled
andSEDEnabled
to 0. - Finally, in the registry editor, go to the following location:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\SAVService\TamperProtection
and set the value atREG_DWORD
to 0. - Now restart the system in normal mode.
Variant 2
- Start your Windows system in safe mode.
- Then open the command line (shell) and execute the following commands:
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SAVService" /t REG_DWORD /v Start /d 0x00000004 /f REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos MCS Agent" /t REG_DWORD /v Start /d 0x00000004 /f REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config" /t REG_DWORD /v SAVEnabled /d 0 /f REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config" /t REG_DWORD /v SEDEnabled /d 0 /f REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\SAVService\TamperProtection" /t REG_DWORD /v Enabled /d 0 /f
- Now restart the system in normal mode.
No matter which of the two variants you choose, they should both result in disabling tamper protection and allow you to uninstall the endpoint client without any problems.