Sophos - Unable to remove Sophos from Windows

Updated: 11/28/2023
Article #: 282


** The Sophos logo doesn't show in the action menu bar or in the program files

 

Follow the steps below to remove Sophos by turning off Tamper protection through the command prompt in the Advance Menu

 

 

Windows 10 and later and Windows Server 2012 and later
  1. For Windows 10, Windows Server 2016, and 2019, go to Settings, Update & Security, Recovery under Advanced start-up click Restart now.





  1. For Windows Server 2012, restart to recovery by holding the Shift key on your keyboard, clicking Power, and then clicking Restart

shiftplusrestart.PNG

  1. On Choose an option, click Troubleshoot, then click Advanced options and Command Prompt:



  1. Note: There are instances that Advanced options is not available. You can access recovery media, such as ISO, as an alternative option.
  2. After the restart, select an administrative account to continue and enter the password.
  3. Open Command Prompt.
  4. Type C: and press Enter.

    Note: Your Boot drive may differ from C. If so, use a command such as DiskPart and list volume to show the available volumes.
  5. Type cd Windows\System32\drivers and press Enter.
  6. Type ren SophosED.sys SophosED.sys.old and press Enter.
  7. Type exit and press Enter.
  8. Click Continue.
  9. Once back in Windows, open Registry Editor.
  10. Back up the registry.
  11. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos MCS Agent  and set the Value data of Start to 0x00000004
  12. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Services and under every subkey in this location, set the Value data of Protected to 0.

    Example: Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Services\hmpalert and set the Value data of Protected to 0.
  13. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config and set the Value data of SEDEnabled to 0.
  14. Restart the PC 
  15. Log back in as local admin and uninstall Sophos Endpoint Agent from the Control Panel
  16. Restart the PC and log back in as local admin.  Sophos Endpoint Agent will install the backaround take about fifteen minutes to fully install.

 

Remove Sophos Central without tamper protection password - Discussions - Community Chat - Sophos Community






Rate this Topic:
Rating: 0.00 / Votes: 0