Support

Resolving Technical Issues

Articles in this section

See more

Disabling Tamper Protection when the Sophos Home user interface is not available. - Advanced Users

Avatar
Sophos Home Support
  • Updated

Applies to: Sophos Home Premium and Free (Windows) 

What is Tamper Protection?

Tamper Protection is a security feature of Sophos Home for Windows,  which prevents the software from being manipulated from outside applications. With Tamper protection enabled, you will not be able to modify the software or stop any of its running services.

Typically, Tamper Protection can be temporarily disabled via the Sophos Home User interface by an Admin user: Sophos Home (Windows) How to disable Tamper protection

In the event that the user interface is not accessible, Tamper Protection can be disabled via Recovery Mode

What to Do:

Note: The following steps are intended for advanced users only. Performing these steps incorrectly can cause serious harm to your computer's operating system. If you do not feel comfortable editing the Windows Registry, please contact Sophos Home support for assistance. 

 

Step-by-Step


Windows 10 and equivalent operating systems

  1. On the Windows sign-in screen, press and hold the Shift key while you select Power  > Restart.

  2. On Choose an option, click Troubleshoot, then click Advanced options and Command Prompt:


     
  3. Following the restart, select an administrative account to continue and enter the password.
  4. Open Command Prompt.
  5. Type C: and click Enter.
  6. Type cd Windows\System32\drivers and click Enter.
  7. Type ren SophosED.sys SophosED.sys.old and click Enter.
  8. Type exit and click Enter.
  9. Click Continue.
    Once back to normal Windows mode, follow these steps: 

  10. Click Start followed by Run then type services.msc
  11. Right-click the Sophos Anti-Virus service then Properties
  12. Set the Startup type to Disabled then click the OK button.
    Repeat for Sophos MCS Agent service
  13. In Run, type regedit.exe then click the OK button.
  14. Back-up the registry
  15. Navigate to
     HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos MCS Agent 
    set the Value data of Start to 0x00000004
  16. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVService  and set the Value data of Start to 0x00000004
  17. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos AutoUpdate Service  and set the Value data of Start to 0x00000004
  18. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Services and under every subkey in this location set the Value data of Protected to 0.
    • Example:
      • Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Services\SAVService and set the Value data of Protected to 0.
  19. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config and set the Value data of SAVEnabled and SEDEnabled to 0.
  20. Set the Value data of Enabled to 0 in the following:
    • 32-bit: 
      HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVService\TamperProtection
    • 64-bit: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\SAVService\TamperProtection
  21. Restart the computer

 

Windows 7

  1. Turn on or restart the computer
  2. Press F8 to open Advanced Boot Options.
  3. Select Repair Your Computer and click Enter.


     
  4. At the System Recovery Options screen, select a language and keyboard input method and click Next.
  5. Select a local administrative account to log on to and click OK.
  6. Under System Recovery Options, click Command Prompt:


     
  7. Open Command Prompt with admin privilege.
  8. Type C: and click Enter.
  9. Type cd Windows\System32\drivers and click Enter.
  10. Type ren SophosED.sys SophosED.sys.old and click Enter.
  11. Type exit and click Enter.
  12. Click Restart.
  13. Once back to normal Windows mode, follow these steps: 
  14. Click Start followed by Run then type services.msc
  15. Right-click the Sophos Anti-Virus service then Properties
  16. Let the Startup type to Disabled then click the OK button.
    Repeat for Sophos MCS Agent service
  17. In Run, type regedit.exe then click the OK button.
  18. Back-up the registry
  19. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Agent  and set the Value data of Start to 0x00000004.
  20. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVService  and set the Value data of Start to 0x00000004.
  21. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos AutoUpdate Service  and set the Value data of Start to 0x00000004.
  22. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Services and under every subkey in this location set the Value data of Protected to 0.
    • Example:
      • Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Services\SAVService and set the Value data of Protected to 0.
  23. Navigate to
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config
     set the Value  data of SAVEnabled and SEDEnabled to 0
  24. Set the Value data of Enabled to 0 in the following:
    • 32-bit: HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVService\TamperProtection
    • 64-bit: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\SAVService\TamperProtection
  25. Restart the computer

Related articles