Tamper protections questions.

Question

Hi all, 
 I have a few questions about managing Tamper Protection: 
 1. Is it possible to enable / disable Tamper Protection by a policy? I would like Tamper Protection enabled for all Windows computer, but disabled for all Mac computers. I don't see the option to do this except enabling for all and then manually disabling for all mac computers? 
 2. Why does Tamper Protection behave differently between operating systems: 
 - Mac: user who is not admin cannot bypass the policies, needs to put in admin password. 
 - Mac: once admin is authenticated, various policies can be turned off or on 
 - Mac: once "override" checkbox is unchecked, policies go back to normal 
 - Windows: non-admin user can bypass policies without any password 
 - Windows: when a policy is turned off, it cannot be turned back on 
 - Windows: once "override" checkbox is unchecked it does not return the policies to normal... 
 
 IS this normal behaviour or is there something wrong with my Windows machines? 
 I attach 2 gifs showing the behaviour. Click on them and they will play.

Shweta · Accepted Answer

Hi Jakub Sochacki 
 You can only Enable/disable tamper protection for all computers and servers from Global Settings> Tamper protection. You can enable/disable tamper protection for a specific device from its details page. For your other query, the behavior which you are seeing on the windows machine is as expected. On Window endpoints, the settings may not be able to be toggled back on. To re-enable the settings, uncheck the Override option and restart the Sophos MCS Agent and Sophos MCS Client services.