What is Tamper Protection?
Tamper Protection is a feature that prevents unauthorized users and certain types of known malware from uninstalling Sophos security software or disabling it through the Sophos interface. Any attempt to disable tamper protection, either by an unauthorized user or malware causes a report/alert to be submitted to the central console.
How to reset Tamper Password?
In order to change the Tamper Password on a device you will need to amend the policy the device is linked too
Once logged into the Sophos Enterprise Console
You will need to create a new policy by right clicking “Tamper Protection” and selecting “create policy”
Give your policy a meaningful name and right click on it, select “view/edit policy”
A window will appear and you will need to tick the box to “enable tamper protection”
then select “Set…” and type the password you wish to use
Under the “groups” section you will see all the groups that have been setup on your endpoint, I recommend creating a sub-folder for your machine to sit in
Right-click on one of the folders and create group, give the folder a meaningful name
Once done click on your server name at the top and you will see a list of computers appear on the right window
Right-click on any computer and you will see a drop down list appear, select “find a computer” it will be the bottom option
Type in the computer you are looking for
Drag the computer to the group that you just created
Drag the Policy to the group and the policy will be applied to the device(s) within that group
Click back into your group and right-click on it, select the following: Comply with – All Group Policies
You will see your device(s) updating, there will be a yellow hourglass next to the device and once the machine has the policy it will turn green
Your Tamper Password will be updated