Computer Isolation
If the computer is in isolation and there is absolutely no way to resolve the issue without dialling in or gaining internet access to the machine, I’ve made a policy called Device Exception under the threat protection policies which will remove it from isolation once the policy applies (I want to say it took about 10 minutes to apply itself today)
Tamper Protection
If there ever comes a time you need to uninstall Sophos as it says tamper protection is enabled but you cannot turn it off the normal way.
Open CMD as admin and navigate to the Sophos folder in program files
CD C:\program files\Sophos\endpoint defense
Then enter
Sedcli -tpoff *specific tamper protection password from Sophos Cloud*
Uninstalling all of Sophos’ files
If you need to uninstall Sophos but you’re unable to, or if you want to remove all of the files to do with Sophos, you can run an executable via CMD called Sophoszap to do this for you
Navigate to the folder sophoszap is stored in
Enter sophoszap –confirm
The link to download SophosZap is this, but I’ve attached the file too
0 Comments