Applies to: Sophos Home Premium and Free (Windows)
What is Tamper Protection?
Tamper Protection is a security feature of Sophos Home for Windows, which prevents the software from being manipulated from outside applications. With Tamper protection enabled, you will not be able to modify the software or stop any of its running services.
Typically, Tamper Protection can be temporarily disabled via the Sophos Home User interface by an Admin user: Sophos Home (Windows) How to disable Tamper protection
In the event that the user interface is not accessible, Tamper Protection can be disabled via Recovery Mode
What to Do:
Note: The following steps are intended for advanced users only. Performing these steps incorrectly can cause serious harm to your computer's operating system. If you do not feel comfortable editing the Windows Registry, please contact Sophos Home support for assistance.
Step by Step:
-
On the Windows sign-in screen, press and hold the Shift key while you select Power > Restart.
- On Choose an option, click Troubleshoot, then click Advanced options and Command Prompt:
- Following the restart, select an administrative account to continue and enter the password.
- Open Command Prompt.
- Type
C:
and click Enter. - Type
cd Windows\System32\drivers
and click Enter. - Type
ren SophosED.sys SophosED.sys.old
and click Enter. - Type
exit
and click Enter. - Click Continue.
Once back to normal Windows mode, follow these steps:
- Click Start followed by Run then type
services.msc
- Right-click the Sophos Anti-Virus service then Properties.
- Set the Startup type to Disabled then click the OK button.
Repeat for Sophos MCS Agent service - In Run, type
regedit.exe
then click the OK button. -
Back-up the registry.
NOTE: For the following section, some keys may not be present. If after double-checking they are not there, move on to the next key. - Navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos MCS Agent
set the Value data of Start to0x00000004
- Go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVService
and set the Value data of Start to0x00000004
- Go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos AutoUpdate Service
and set the Value data of Start to0x00000004
- Go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Services
and under every subkey in this location set the Value data of Protected to 0.- Example:
- Go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Services\SAVService
and set the Value data of Protected to 0.
- Go to
- Example:
- Go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config
and set the Value data of SAVEnabled and SEDEnabled to0
. - Set the Value data of Enabled to
0
in the following:
- 32-bit:
HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVService\TamperProtection
- 64-bit:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\SAVService\TamperProtection
- 32-bit:
- Restart the computer