Spread the love

What is Tamper Protection?

Tamper Protection is a feature that prevents unauthorized users and certain types of known malware from uninstalling Sophos security software or disabling it through the Sophos interface. Any attempt to disable tamper protection, either by an unauthorized user or malware causes a report/alert to be submitted to the central console.


How to reset Tamper Password?

In order to change the Tamper Password on a device you will need to amend the policy the device is linked too

Once logged into the Sophos Enterprise Console

You will need to create a new policy by right clicking “Tamper Protection” and selecting “create policy”

Give your policy a meaningful name and right click on it, select “view/edit policy”

A window will appear and you will need to tick the box to “enable tamper protection”

then select “Set…” and type the password you wish to use

Under the “groups” section you will see all the groups that have been setup on your endpoint, I recommend creating  a sub-folder for your machine to sit in

Right-click on one of the folders and create group, give the folder a meaningful name

Once done click on your server name at the top and you will see a list of computers appear on the right window

Right-click on any computer and you will see a drop down list appear, select “find a computer” it will be the bottom option

Type in the computer you are looking for

Drag the computer to the group that you just created

Drag the Policy to the group and the policy will be applied to the device(s) within that group

Click back into your group and right-click on it, select the following: Comply with – All Group Policies

You will see your device(s) updating, there will be a yellow hourglass next to the device and once the machine has the policy it will turn green

Your Tamper Password will be updated