Sophos Central will automatically enable Tamper Protection after four hours. If the Sophos Endpoint UI cannot be launched, open a Command Prompt (Admin) then run SEDcli.exe -TPoff. This file is located at C: Program Files Sophos Endpoint Defense. On the installed Sophos on a Mac endpoint. Click Sophos Endpoint on the Dock bar. Tell us what you think. Feedback © 1997 - Sophos Ltd. All rights reserved. Legal Privacy Cookie Information Privacy Cookie Information. Sophos UTM Home Edition. This software version of the Sophos UTM Firewall features full network, web, mail and web application security, with VPN functionality, for as many as 50 IP addresses. The Sophos UTM Home Edition contains its own operating system and overwrites all data on the computer during the installation process. After clicking on uninstall, the dialogue box reads, 'You must diable Sophos Tamper Protection before you continue. Contact your administrator or see Sophos KBA 119175.' I have went into the program to disable it but the selection is grayed out.
You may have come across an issue where you have deleted a Server or workstation from Sophos Central not realising that by default these devices are protected for “Tamper Protection”.
So now on the local machine you are attempting to uninstall “Sophos” but you can’t and keep getting an error “You must disable “Sophos Tamper Protection before you continue. Contact your administrator or see Sophos KBA119175”.
Contacting Sophos doesn’t help as they claim there is no way around this. From the looks of it you can’t remove the application and potentially you may have to re-build it if you really need to remove the software.
In the below steps I will show you how you can reset the password for “Tamper Protection” and disable it. You can then uninstall the software.
1. On the local machine launch “Services” and “Stop” the “Sophos Ant-Virus” service
2. Open a explorer window and navigate to “C:ProgramDataSophosSophos Anti-VirusConfig” right click the filename “machine.xml” and click “Edit” alternatively open with “Notepad” – make sure you make a copy of the file before editing it as a backup should you need to restore it.
3. Click “Edit-Find…” find the line within the file called “<TamperProtectionManagement><settings>”
4. On the line below – highlight the hashed password and remove it out.
5. Paste in the following Hash. “E8F97FBA9104D1EA5047948E6DFB67FACD9F5B73” This will set the password to “password”
6. Save the changes
7. Start the “Sophos Anti-Virus” service
8. Launch the Sophos Console and click “Authenticate User”
Sophos Kb 119175
9. Insert the password “password”
10. Click “Configure tamper protection”
11. uncheck the box “Enable Tamper protection” and click “OK”
Sophos Kba 119175
12. Now run the the uninstallation process again and the software should uninstall.