Applies to Sophos Home for Windows
What is Tamper Protection?
Tamper Protection is a Sophos Home Windows feature that prevents unauthorized changes to Sophos Home components/logs/files/folders. It is controlled via the Sophos Home endpoint and can be disabled in order to troubleshoot problems.
How can I disable Tamper Protection to troubleshoot issues?
Tamper Protection may need to be manually disabled in order to troubleshoot issues related to Sophos Home. Any troubleshooting requiring disabling/modifying services, folders and components will need tamper protection off, otherwise a message such "Access denied" will be triggered.
What to do:
Note: The slider will only appear when logged in with an Administrator account.
It will not show up under a Standard User account.
Double click on the system tray Sophos Home shield
Once the endpoint opens, click on Help at the bottom left
Click on the Troubleshooting arrow to display the advanced settings
Click on the slider button next to Tamper Protection to disable it (will turn gray)
Perform any troubleshooting steps needed (such as restarting or modifying services, folders, files).
When finished, turn Tamper Protection back on (otherwise, it will auto re-enable after 4 hours).
What if I cannot access the Sophos Home UI, or the above listed steps do not work?
To manually disable tamper protection (in the event the Sophos Home UI is not available), please follow the steps in Sophos Endpoint Defense: How to recover a tamper protected system
Note: Sophos Home does not use a Tamper Protection password. If you are trying to remove Sophos and being requested to enter a password for Tamper Protection, please reach out to the Sophos Support business area for assistance (as this is not Sophos Home related).