Sophos Endpoint

Discussions recover tamper protection on Azure VMs

Sophos Endpoint requires membership for participation - click to join

Thread Info

State Verified Answer
Locked Locked
Replies 6 replies
Subscribers 11 subscribers
Views 2830 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

recover tamper protection on Azure VMs

JerzyT over 6 years ago

hi,

Anyone has a KB for recovering tamper protection from an Azure VMs please?

Regards,

JT

This thread was automatically locked due to age.

Parents

0 jak over 6 years ago

Out of interest, do you not have the password for some reason?

Is there a reason you can't disable TP from Central?

Is the password here:
https://cloud.sophos.com/manage/server/reports/deleted-devices/create

can you use sedcli.exe to take out the need for MCS/UI not functioning?

Regards,

Jak
Cancel
Vote Up 0 Vote Down

Cancel
0 JerzyT over 6 years ago in reply to jak

Hi Jak,

Thanks for response.

What we are facing here is servers disconnected from dashboard which makes the Tamper Protection Policy useless. At the same time Sophos components aren't properly installed and I am unable to use the password. This is different from deleted device situation. We see this from time to time across all customers and resolve it by booting into safe mode. In this case I am looking at an Azure server and cannot seem to find the KB for this I once saw some time ago (or perhaps this was in an email from support). I more or less know what to do however wanted to check with official documentation.

Can you expand on the sedcli.exe please? Can I use the tamper protection password via cmd?

Regards,

JT
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 JerzyT over 6 years ago in reply to jak

Hi Jak,

Thanks for response.

What we are facing here is servers disconnected from dashboard which makes the Tamper Protection Policy useless. At the same time Sophos components aren't properly installed and I am unable to use the password. This is different from deleted device situation. We see this from time to time across all customers and resolve it by booting into safe mode. In this case I am looking at an Azure server and cannot seem to find the KB for this I once saw some time ago (or perhaps this was in an email from support). I more or less know what to do however wanted to check with official documentation.

Can you expand on the sedcli.exe please? Can I use the tamper protection password via cmd?

Regards,

JT
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 QC over 6 years ago in reply to JerzyT

Hello JT,

sedcli.exe should be in \Program Files\Sophos\Endpoint Defense\. it displays a short usage info when called with -h.

Christian
Cancel
Vote Up 0 Vote Down

Cancel
+1 StephenMcKay over 6 years ago in reply to QC

Hello,

Does this KBA help in your scenario?

https://community.sophos.com/kb/en-us/127602

Regards,

Stephen
Cancel
Vote Up 0 Vote Down

Cancel
0 JerzyT over 6 years ago in reply to StephenMcKay

Hi Stephen,

Thanks for response.

This is the article I was looking for.

Regards,

JT
Cancel
Vote Up 0 Vote Down

Cancel
0 JerzyT over 6 years ago in reply to QC

Hi Christian,

Thanks for response.

While this component is not present on the problematic Azure servers - I did get to look at it on my machine and it will most certainly come handy in future.

jak thanks also.

Regards,

JT
Cancel
Vote Up 0 Vote Down

Cancel