Tamper Protection

You can turn tamper protection on and off for all your Windows computers, Windows servers, and Macs.

Go to My Products > General Settings > Tamper Protection.

If tamper protection is turned off from Sophos Central, the following scenarios might occur:

• Users with full Windows administration rights: When they open the Sophos Endpoint Agent, they'll see in the settings that tamper protection is turned off, and additional settings are available for them to modify.
• Non-Windows administrator users: When they open the Sophos Endpoint Agent, they won't be able to access or modify the settings. To change the settings, they must enter the tamper protection password provided by their Sophos Central administrator.

When tamper protection is enabled, a local administrator cannot make any of the following changes on their computer. They need the necessary password:

• Change settings for on-access scanning, suspicious behavior detection (HIPS), web protection, or Sophos Live Protection.
• Disable tamper protection.
• Uninstall the Sophos agent software.

Manage tamper protection for a specific device

You can change the tamper protection settings for a specific device or server.

Open the device's details page and look under Tamper Protection. There you can do as follows:

• View the password.
• Generate a new password.
• Temporarily disable tamper protection for that device.

Recover tamper protection passwords

You can recover the tamper protection passwords of devices that you've recently deleted. You might need to do this so that you can uninstall Sophos software that is still on those devices.

Tamper protection passwords are stored for 120 days after you delete your device.

For details, see Restore deleted devices and recover Tamper Protection passwords.

For information about how to turn tamper protection off, see Turn off Tamper Protection.