Friday, October 20, 2017

Sophos Endpoint Protection - Uninstall without Tamper Protection Password

To uninstall Sophos Endpoint Protection, or install a new copy if you are not able to disable the tamper protection, follow the directions below

1. If BitLocker is enabled, suspend it. You will need to boot into safe mode and BitLocker will trigger if it’s not suspended
2. Create a .reg file with the info below, and save it to the desktop
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\SavService\TamperProtection]
"Enabled"=dword:00000000
            
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config]
"SAVEnabled"=dword:00000000
"SEDEnabled"=dword:00000000
            
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos MCS Agent]
"Start"=dword:00000004
3. Restart the computer in Safe Mode
Start>Settings>Update & Security>Recovery>Restart Now (Under the Advanced Startup Section).
Then when the blue screen pops up, click on Troubleshoot>Advanced Options>Startup Settings> Restart
Press number 5 for Safe Mode with Networking
4. Right click on the .reg file you created and click merge.
5. Reboot into Windows normally, and then you are able to uninstall or install over the current Sophos installation.