Sophos CIXA: How to uninstall Sophos Endpoint Protection with Tamper Protection using PowerShell


The article shows how to uninstall Sophos Endpoint Protection on workstations or servers, in case tamper protection cannot be disabled on Sophos Central or on computer software

Then Tamper Protection still exists and prevents us from removing the software

The article will guide us to use PowerShell to uninstall Sophos software

How to configure

  • Login to Sophos Central by Admin account
  • Go to the computer that you want to uninstall Sophos Endpoint and check the Tamper Protection
  • We will use a script with txt file extension (if there is a need to use this script file, you can contact us by commenting) -> We will change the txt to ps1
  • Leave the ps1 script file in folder we want
  • Open PowerShell by Administrator
  • Execute the cd command to go to where the script file is located
  • Run the command powershell.exe -ExecutionPolicy ByPass -File .\RemoveSophos7-12.ps1 -Password 1234567 -Remove YES (we will replace the tamper protection of that machine in 1234567) -> Press Enter
  • Click Enter to continue -> Wait about 15 minutes for the script to remove all related to Sophos
  • Once completely removed, reboot the computer
  • Check the result


  1. I would very much like a copy of this. We need to remove Sophos and their support has been horrendous. Would you mind sharing with me?

  2. I am trying to get this to run via InTune but I am having no luck. I tried deploying the powershell script as a win32app.

    Has anyone done this before? How did you do it? Thanks!

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.