Sophos Endpoint Protection - Uninstall without Tamper Protection Password

To uninstall Sophos Endpoint Protection, or install a new copy if you are not able to disable the tamper protection, follow the directions below

1. If BitLocker is enabled, suspend it. You will need to boot into safe mode and BitLocker will trigger if it’s not suspended

2. Create a .reg file with the info below, and save it to the desktop

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\SavService\TamperProtection]
"Enabled"=dword:00000000
            
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config]
"SAVEnabled"=dword:00000000
"SEDEnabled"=dword:00000000
            
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos MCS Agent]
"Start"=dword:00000004

3. Restart the computer in Safe Mode

Start>Settings>Update & Security>Recovery>Restart Now (Under the Advanced Startup Section).
Then when the blue screen pops up, click on Troubleshoot>Advanced Options>Startup Settings> Restart
Press number 5 for Safe Mode with Networking

4. Right click on the .reg file you created and click merge.

5. Reboot into Windows normally, and then you are able to uninstall or install over the current Sophos installation.

BitLocker Triggering Every Reboot - One Possible Cause and it's Solution

We had a few machines that were triggering BitLocker every time they rebooted. We tracked the issue down to the fact that SSD were formatted as MBR, and the BIOS mode in System Info was showing as legacy.

(We had 4 brand new machines with the same hardware and the only difference was that the 2 that were working were GPT and UEFI, and the 2 that weren't were MBR and Legacy)

This is how I fixed it:

1. I suspended Bitlocker but did not turn it off (I tried one computer with turning it off and it wasn't good... had to rebuild the machine to get the TPM working with bitlocker)
2. I converted the SSD to GPT (Read my directions here)
3. Made sure I set the BIOS options to UEFI
4. Booted back into windows, and bitlocker wasn't working. When I tried to manually reactivate bitlocker it gave an error saying "The system cannot find the file specified"
5. Rename or Delete the  REAgent.xml file (in C:\Windows\System32\Recovery) to fix the error from Step 4
6. Manually activate BitLocker again and it works. 
7. Reboot a couple of times to test. Everything works! No more triggering of Bitlocker.

Convert MBR System Disk to GPT for Free! - Windows 10 - 1703

We had an issue recently where the solution was to convert the system disk from MBR to GPT. We didn't want to rebuild the computer, and didn't want to pay for some of the commercial tools out there. The fix as it turns out is built into Windows 10 (1703).

To convert the disk, Microsoft has made a little command line tool called mbr2gpt.

To use it is simple:

1. Boot into Windows Recovery
1. Select the Start  button, then choose Settings
2. Select Update & security  > Recovery.
3. Under Advanced startup select Restart now.
4. After your PC restarts to the Choose an option screen, select Troubleshoot > Advanced options> Command Prompt
2. Confirm the disk number you want to work on. If you only have one disk, it should be Disk 0
1. Type "diskpart" to start the DiskPart Tool
2. Type "list disk" to view the disks.
   
   
3. Type "Exit" after you determine which Disk you want to edit. In this case, Disk 1 contains my Windows installation.
3. run "mbr2gpt /convert /disk:X" (Replace X with your disk number)
4. When it completes, your System disk will be converted to GPT. Make sure you make the appropriate BIOS/UEFI changes to allow you to boot to UEFI instead of Legacy.