Applies to Sophos Home for Windows
What is Tamper Protection?
Tamper Protection is a Sophos Home Windows feature that prevents unauthorized changes to Sophos Home components/logs/files/folders. It is controlled via the Sophos Home endpoint and can be disabled in order to troubleshoot problems.
How can I disable Tamper Protection to troubleshoot issues?
Tamper Protection may need to be manually disabled in order to troubleshoot issues related to Sophos Home. Any troubleshooting requiring disabling/modifying services, folders and components will need tamper protection off, otherwise a message such "Access denied" will be triggered.
Ensure to re-enable Tamper Protection after troubleshooting. (Otherwise, it will automatically re-enable as soon as a reboot takes place, or after 4 hours of it being disabled).
What to do:
Note: The slider will only appear when logged in with an Administrator account.
It will not show up under a Standard User account.
Double click on the system tray Sophos Home shield
Once the endpoint opens, click on Help at the bottom left
Click on the Troubleshooting arrow to display the advanced settings
Click on the slider button next to Tamper Protection to disable it (will turn gray)
Note: you might need to enter your computer's Administrator password to proceed (you can click "More choices to choose alternate authentication types such as "Pin" if they are setup but must authenticate with the current account)
Perform any troubleshooting steps needed (such as restarting or modifying services, folders, files).
When finished, turn Tamper Protection back on (otherwise, it will auto re-enable after 4 hours, or on reboot).
What if I cannot access the Sophos Home UI, or the above listed steps do not work?
Note: Sophos Home does not use a Tamper Protection password. If you are trying to remove Sophos and being requested to enter a password for Tamper Protection, please reach out to the Sophos Support business area for assistance (as this is not Sophos Home related).