Applies to: Sophos Home Premium and Free (Windows) version 2.0.11 and above

What is Tamper Protection?

Tamper Protection is a security feature of Sophos Home which prevents the software from being manipulated from outside applications. With Tamper protection enabled, you will be modify the software or stop any of its running services.

Typically, Tamper Protection can be temporarily disabled via the Sophos Home User interface by an Admin user: Sophos Home (Windows) How to disable Tamper protection

In the event that the user interface is not accessible, Tamper Protection can be disabled via Safe Mode

What to Do:

Note: The following steps are intended for advanced users only. Performing these steps incorrectly can cause serious harm to your computer's operating system. If you do not feel comfortable editing the Windows Registry, please contact Sophos Home support for assistance. 

Contacting Sophos Home Support 

Video:

The following video, although created for Sophos Central, does apply on how to disable tamper protection for Sophos Home for when the Sophos home user interface is not available. These Steps are broken out below:

 Steps:

1. Boot the computer in Safe Mode.
2. Click Start followed by Run then type services.msc
3. Right-click the Sophos Anti-Virus service then Properties. Repeat for Sophos MCS Agent service
4. Set the Startup type to Disabled then click the OK button.
5. In Run, type regedit.exe then click the OK button.
6. Back-up the registry. 
7. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos MCS Agent  and set the Value data of Start to 0x00000004
8. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config and set the Value data of SAVEnabled and SEDEnabled to 0.
9. Set the Value data of Enabled to 0 in the following:
   
   • 32-bit: HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVService\TamperProtection
   • 64-bit: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\SAVService\TamperProtection
10. Reboot normally