You may have come across an issue where you have deleted a Server or workstation from Sophos Central not realising that by default these devices are protected for “Tamper Protection”.

So now on the local machine you are attempting to uninstall “Sophos” but you can’t and keep getting an error “You must disable “Sophos Tamper Protection before you continue. Contact your administrator or see Sophos KBA119175”.

Contacting Sophos doesn’t help as they claim there is no way around this. From the looks of it you can’t remove the application and potentially you may have to re-build it if you really need to remove the software.

In the below steps I will show you how you can reset the password for “Tamper Protection” and disable it. You can then uninstall the software.

1. On the local machine launch “Services” and “Stop” the “Sophos Ant-Virus” service

2. Open a explorer window and navigate to “C:\ProgramData\Sophos\Sophos Anti-Virus\Config” right click the filename “machine.xml” and click “Edit” alternatively open with “Notepad” – make sure you make a copy of the file before editing it as a backup should you need to restore it. 

3. Click “Edit-Find…” find the line within the file called “<TamperProtectionManagement><settings>”

4. On the line below – highlight the hashed password and remove it out.

5. Paste in the following Hash. “E8F97FBA9104D1EA5047948E6DFB67FACD9F5B73” This will set the password to “password”

6. Save the changes

7. Start the “Sophos Anti-Virus” service

8. Launch the Sophos Console and click “Authenticate User”

9. Insert the password “password”

10. Click “Configure tamper protection”

11. uncheck the box “Enable Tamper protection” and click “OK”

12. Now run the the uninstallation process again and the software should uninstall.