Sophos Kba 11975



You may have come across an issue where you have deleted a Server or workstation from Sophos Central not realising that by default these devices are protected for “Tamper Protection”.

So now on the local machine you are attempting to uninstall “Sophos” but you can’t and keep getting an error “You must disable “Sophos Tamper Protection before you continue. Contact your administrator or see Sophos KBA119175”.

Take a look at the KBA Sophos Anti-Virus for Mac: How to remove malware. Cleaning malware locally on a Linux computer. Open Terminal and run the command savscan -remove; Run a scan to check that malware-infected files were deleted. Cleaning malware locally on a UNIX computer.

  1. After clicking on uninstall, the dialogue box reads, 'You must diable Sophos Tamper Protection before you continue. Contact your administrator or see Sophos KBA 119175.' I have went into the program to disable it but the selection is grayed out.
  2. Sophos Advisory: Customers are not able to access any Central Dashboards due to ongoing Microsoft Azure outage. March 15 Sophos Advisory: Central and Enterprise Dashboard - Some customers are unable to add or edit the 'Custom Rules' section within the Federation Login global setting.
  3. Sophos Endpoint Defense Service: SEDService.exe: Prevents undesired actions to Sophos components which is explained further on KBA 123654. Sophos File Scanner Service: SophosFS.exe: Used to scans files for reputation, deep learning, and Application ID. Sophos Live Query: SophosLiveQueryService.exe: Used to manage and performs live query actions.

Contacting Sophos doesn’t help as they claim there is no way around this. From the looks of it you can’t remove the application and potentially you may have to re-build it if you really need to remove the software.

In the below steps I will show you how you can reset the password for “Tamper Protection” and disable it. You can then uninstall the software.

1. On the local machine launch “Services” and “Stop” the “Sophos Ant-Virus” service

2. Open a explorer window and navigate to “C:ProgramDataSophosSophos Anti-VirusConfig” right click the filename “machine.xml” and click “Edit” alternatively open with “Notepad”make sure you make a copy of the file before editing it as a backup should you need to restore it.

3. Click “Edit-Find…” find the line within the file called “<TamperProtectionManagement><settings>”

4. On the line below – highlight the hashed password and remove it out.

5. Paste in the following Hash. “E8F97FBA9104D1EA5047948E6DFB67FACD9F5B73” This will set the password to “password”

Sophos Kba 119175

6. Save the changes

7. Start the “Sophos Anti-Virus” service

8. Launch the Sophos Console and click “Authenticate User”

9. Insert the password “password”

10. Click “Configure tamper protection”

11. uncheck the box “Enable Tamper protection” and click “OK”

12. Now run the the uninstallation process again and the software should uninstall.

Hardware requirements

Sophos Kb 119175

  • Processor: 2.0 GHz Pentium or equivalent.
  • Memory: 2 GB RAM for Enterprise Console; 2.5 GB RAM for Enterprise Console and NAC Manager on the same server.
  • Disk space: 1.5 GB for complete Enterprise Console installation without SQL Server 2008 Express; 1.8 GB for complete Enterprise Console installation with SQL Server 2008 Express.

    In addition to this, you will need around 200 MB - 350 MB per endpoint product you are downloading from Sophos. For example, if you download three security software products - for Windows 2000 and later, Mac and Linux - then around 700 MB would be required.

If you want to install Sophos Update Manager on a computer other than the one where Enterprise Console is installed, you will need at least:

  • Processor: Pentium 4 (or equivalent) 1.0 GHz
  • Memory: 512 MB RAM
  • Disk space: 50 MB for installation. In addition to this, you will need around 200 MB - 350 MB per endpoint product you are downloading from Sophos. For example, if you download three security software products - for Windows 2000 and later, Mac and Linux - then around 700 MB would be required.

Minimum database size

Sophos Kba 11975

The computer where you place the database (which may be the same computer as the computer where Enterprise Console is installed or a different one) needs a minimum of 1 GB disk space for data.

Maximum database size

Sophos Kba 11975
  • If you use Microsoft SQL Server 2008 Express Edition, the maximum size that a database can reach is 4 GB.
  • If you use Microsoft SQL Server 2005, 2008, or 2008 R2 there is no limit apart from that set by the administrator.




Comments are closed.