Windows Tutorials

How To Remove Sophos Tamper Protection

In this tutorial you will be shown How To Remove Sophos Tamper Protection from the Sophos Central Endpoint Software on your windows system. This comes handy when you no longer have access to Sophos Central available and you have a device with Sophos Endpoint software installed. 

Follow the magical steps below to obtain freedom from Sophos.

  1. Open up MSConfig.exe
  2. Click Boot tab 
  3. Select checkbox Safe boot with radio minimal selected
  4. Click apply and reboot
  5. Open the command line (Shell) and execute the following commands:

    REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SAVService" /t REG_DWORD /v Start /d 0x00000004 /f

    REG ADD"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos MCS Agent" /t REG_DWORD /v Start /d 0x00000004 /f

    REG ADD “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config” /t REG_DWORD /v SAVEnabled /d 0 /f

    REG ADD “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config” /t REG_DWORD /v SEDEnabled /d 0 /f

    REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\SAVService\TamperProtection" /t REG_DWORD /v Enabled /d 0 /f

  6. Open Services and disable all Sophos Services
  7. Open MSCONFIG.exe
  8. Select Boot tab
  9. Uncheck Safe boot apply and reboot into normal mode
  10. You can now uninstall Sophos.

Discover more from Patrick Domingues

Subscribe to get the latest posts to your email.

author avatar
Patrick Domingues

Leave a Comment

Stay Informed

Receive instant notifications when new content is released.