Tamper Protection is a feature that prevents unauthorized users and certain types of known malware from uninstalling Sophos security software or disabling it through the Sophos interface. Any attempt to disable tamper protection, either by an unauthorized user or malware causes a report/alert to be submitted to the central console.
So, if you want to uninstall Sophos Endpoint Agent on a specific machine, you need to get the Tamper Protection Password of that computer on Sophos Central and log in to the Endpoint with this password to turn off Tamper Protection before uninstalling Sophos Endpoint. .
The article will guide Admin how to get Tamper Protection Password on Sophos Central and turn off Tamper Protection so that Sophos Endpoint Agent can be uninstalled.
Step 1: Get Tamper Protection Password of Endpoint
Log in to Sophos Central Admin > Device > Double click on the device name you want remove Sophos Endpoint. Ex: VM10-John-Test-11.
After double-clicking the device, scroll down and select View password details under Disable Tamper Protection.
Copy the sequence of numbers under Current Password.
Step 2: Turn off Tamper Protection on Endpoint
On the device that needs to be removed Sophos Endpoint (must be the correct device name as the Current Password was copy on Sophos Central) click the Sophos icon to open the Sophos Endpoint Agent interface.
Click Admin sign-in.
Enter the Tamper protection password copy in step 1 (Current Password). Click Admin sign-in.
After logging in, click on Settings > check Override Sophos Central Policy for up to 4 hours to troubleshoot > turn off Tamper Protection to disable this feature.
Step 3: Uninstall Sophos Endpoint
After turning off Tamper Password, go to Control Panel > Programs > Programs and Features > right-click on Sophos Endpoint Agent > select Uninstall.
Next select Uninstall Sophos Endpoint Agent.
Wait about 5′ for the uninstallation to complete.
After successful uninstallation click Close and the computer will automatically restart.