
First Buy or Renewal
Were we able to help you with this tutorial? Then consider us for the next Renewal. 😎
We sell licenses for all Central products worldwide!
Uninstall Sophos Endpoint Protection with Tamper Protection enabled (Windows)
This article will show you how to remove the Sophos Central Endpoint Client from your Windows system, even if the tamper protection prevents this.
Important: This method of uninstalling the Endpoint Client should only be used if there is no chance to disable tamper protection in the normal way. This may be because you forgot your password or deleted your computer from Sophos Central without uninstalling the Endpoint Client on your computer. How to disable tamper protection in the proper way is explained in this tutorial.
Option 1
- Boot your Windows system into Safe Mode.
- Click
Start
, thanRun
and type services.msc and then confirm with Enter or click onOK
- Search for the Sophos Anti-Virus service and click on it with the right mouse button.
- From the context menu, select
Properties
and then deactivate the service. - Now you can click on
Start
and typeRun
again. Enter regedit this time. Confirm with Enter or clickOK
. - Go to the following location in the registry editor:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos MCS Agent
and setREG_DWORD
Start to 0x00000004 - Next, Go to the following location in the registry editor:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config
set the followingREG_DWORD
-valuesSAVEnabled
andSEDEnabled
to 0. - Finally, go to the following location in the registry editor:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\SAVService\TamperProtection
and set the value atREG_DWORD
to 0. - Reboot the system in normal mode.
Option 2
- Boot your Windows system into Safe Mode.
- Then open the command line (Shell) and execute the following commands:
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SAVService" /t REG_DWORD /v Start /d 0x00000004 /f REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos MCS Agent" /t REG_DWORD /v Start /d 0x00000004 /f REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config" /t REG_DWORD /v SAVEnabled /d 0 /f REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config" /t REG_DWORD /v SEDEnabled /d 0 /f REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\SAVService\TamperProtection" /t REG_DWORD /v Enabled /d 0 /f
- Reboot the system in normal mode.
No matter which of the two options you choose, they should both result in the tamper protection being disabled and you can uninstall the Endpoint Client without any problems.