About tamper protection on this computer

Tamper protection enables you to prevent unauthorized users (users with limited technical knowledge) and known malware from uninstalling Sophos security software or disabling it through the Sophos Endpoint Security and Control interface.

Note Tamper protection is not designed to protect against users with extensive technical knowledge. It will not protect against malware which has been specifically designed to subvert the operation of the operating system to avoid detection. This type of malware will only be detected by scanning for threats and suspicious behavior. For more information, see the section Sophos Anti-Virus (chapter 4).

What does tamper protection mean for users of this computer?

SophosUsers and SophosPowerUsers

Tamper protection does not affect members of the SophosUser and SophosPowerUser groups. When tamper protection is enabled, they will be able to perform all tasks that they are usually authorized to perform, without the need to enter the tamper protection password.

SophosUsers or SophosPowerUsers cannot enable or disable tamper protection.

For more information about the tasks that each Sophos group is authorized to perform, see About Sophos groups.


Members of the SophosAdministrator group can enable or disable tamper protection.

If a management console is used to administer Sophos Endpoint Security and Control on this computer, the tamper protection policy set up in the console determines the tamper protection configuration and password. If tamper protection is enabled from the console, ask your console administrator for a password if you need to perform any of the tasks mentioned below.

If you are a member of the SophosAdministrator group and if tamper protection is enabled, you must know the tamper protection password to perform the following tasks:

  • Re-configure on-access scanning or suspicious behavior detection settings. For more information, see Enter the tamper protection password to configure the software.
  • Disable tamper protection. For more information, see Disable tamper protection.
  • Uninstall Sophos Endpoint Security and Control components (Sophos Anti-Virus, Sophos Client Firewall, Sophos AutoUpdate, Sophos Remote Management System) using Control Panel.
  • Uninstall Sophos SafeGuard Disk Encryption using Control Panel.

A SophosAdministrator who does not know the password will be able to perform all other tasks except for the ones mentioned above.

If tamper protection is disabled, but the tamper protection password has been set previously, you must use the Authenticate user option to authenticate yourself before you can re-enable tamper protection. All other configuration options available to the SophosAdministrators group are enabled when tamper protection is disabled. For more information about re-enabling tamper protection, see Re-enable tamper protection.