{"id":22363,"date":"2017-11-03T12:00:00","date_gmt":"2017-11-03T11:00:00","guid":{"rendered":"https:\/\/www.avanet.com\/kb\/uninstall-sophos-central-endpoint-with-tamper-protection-enabled-windows\/"},"modified":"2023-05-01T12:11:49","modified_gmt":"2023-05-01T11:11:49","slug":"uninstall-sophos-endpoint-protection-with-tamper-protection-enabled-windows","status":"publish","type":"kb","link":"https:\/\/www.avanet.com\/en\/kb\/uninstall-sophos-endpoint-protection-with-tamper-protection-enabled-windows\/","title":{"rendered":"Uninstall Sophos Central Endpoint with tamper protection enabled (Windows)"},"content":{"rendered":"\n<p>In this article we will show you how to remove Sophos Central Endpoint Client from your Windows system, even though the tamper protection prevents it.<\/p>\n\n<p><strong>Important<\/strong>: This variant of uninstalling the Endpoint Client should be used only if there is no possibility to disable tamper protection in the normal way. This may be due to forgetting the password or deleting the computer from Sophos Central without first uninstalling the endpoint client from the computer. How to disable tamper protection in the normal way is shown in <a href=\"https:\/\/www.avanet.com\/en\/kb\/disable-sophos-central-tamper-protection\/\">this<\/a> tutorial.<\/p>\n\n<h2 class=\"wp-block-heading\" id=\"h-variante-1\">Variante <strong>1<\/strong><\/h2>\n\n<ol class=\"wp-block-list\"><li>Start your Windows system in <strong>safe mode<\/strong>.<\/li><li>Click <code>Start<\/code>, then <code>Ausf\u00fchren<\/code> and type <strong>services.msc<\/strong>. Confirm with Enter or click on <code>OK<\/code>.<\/li><li>Search for <strong>Sophos Anti-Virus<\/strong> Service and right-click on it.<\/li><li>From the context menu, select <code>Eigenschaften<\/code> and then deactivate the service.<\/li><li>Now you can click again on <code>Start<\/code> and then <code>Ausf\u00fchren<\/code>. This time type <strong>regedit<\/strong>. Confirm with Enter or click <code>OK<\/code>.<\/li><li>In the registry editor, change to the following location: <code>HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Sophos MCS Agent<\/code> and set <code>REG_DWORD<\/code> Start to <strong>0x00000004<\/strong><\/li><li>Next, in the registry editor, go to the following location: <code>HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Sophos Endpoint Defense\\TamperProtection\\Config<\/code> and set the following <code>REG_DWORD<\/code> values <code>SAVEnabled<\/code> and <code>SEDEnabled<\/code> to <strong>0<\/strong>.<\/li><li>Finally, in the registry editor, go to the following location: <code>HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Sophos\\SAVService\\TamperProtection<\/code> and set the value at <code>REG_DWORD<\/code>to <strong>0<\/strong>.<\/li><li>Now restart the system in normal mode.<\/li><\/ol>\n\n<h2 class=\"wp-block-heading\" id=\"h-variante-2\">Variant <strong>2<\/strong><\/h2>\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Sophos Central - Endpoint mit aktiviertem Manipulationsschutz deinstallieren (Windows)\" width=\"1290\" height=\"726\" src=\"https:\/\/www.youtube.com\/embed\/GBWLboMeMsU?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n<ol class=\"wp-block-list\"><li>Start your Windows system in <strong>safe mode<\/strong>.<\/li><li>Then open the <strong>command line<\/strong> (shell) and execute the following commands:<code>REG ADD \"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\SAVService\" \/t REG_DWORD \/v Start \/d 0x00000004 \/f REG ADD \"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Sophos MCS Agent\" \/t REG_DWORD \/v Start \/d 0x00000004 \/f REG ADD \"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Sophos Endpoint Defense\\TamperProtection\\Config\" \/t REG_DWORD \/v SAVEnabled \/d 0 \/f REG ADD \"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Sophos Endpoint Defense\\TamperProtection\\Config\" \/t REG_DWORD \/v SEDEnabled \/d 0 \/f REG ADD \"HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Sophos\\SAVService\\TamperProtection\" \/t REG_DWORD \/v Enabled \/d 0 \/f<\/code><\/li><li>Now restart the system in normal mode.<\/li><\/ol>\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n<p>No matter which of the two variants you choose, they should both result in disabling tamper protection and allow you to uninstall the endpoint client without any problems.<\/p>\n","protected":false},"author":5,"featured_media":0,"parent":0,"template":"","format":"standard","kb_kategorie":[384],"class_list":["post-22363","kb","type-kb","status-publish","format-standard","hentry","kb_kategorie-central-endpoint-protection"],"blocksy_meta":[],"acf":[],"_links":{"self":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/kb\/22363","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/kb"}],"about":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/types\/kb"}],"author":[{"embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/users\/5"}],"wp:attachment":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/media?parent=22363"}],"wp:term":[{"taxonomy":"kb_kategorie","embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/kb_kategorie?post=22363"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}