Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 11 subscribers
  • Views 12495 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Disabling Tamper Protection in AWS

Keith Konecke

I had a few Sophos Server Protection agents deployed to AWS instances.  I created images of those instances, launched them in a new VPC, and deleted the originals.  Once the images were launched in a new VPC they lost their connectivity with Central.  I'm unable to do anything with them because I can't disable tamper protection, and it's my understanding that I cannot boot an EC2 instances into Safe Mode without losing connectivity.  What can I do?



This thread was automatically locked due to age.
Parents
  • 0

    I was able to resolve this with help from AWS support.

    1. Shutdown instance and detach root volume.

    2. Attach root volume to a separate, temp instance running a DIFFERENT VERSION of Windows Server.

    3. Bring disk online in Disk Management on temp instance.

    4. Load hive in registry and make necessary changes as you would in safe mode.

    5. Unload hive.

    6. Stop temp instance.

    7. Detach volume from temp instance.

    8. Attach volume to original instance, naming it /dev/sda1

  • 0 in reply to Keith Konecke

    Thanks for the information Keith, very helpful.

    I've had a quick look into the same sort of problem on Azure and as far as I can tell safe-mode is not a supported scenario but there seems to be guides suggesting a very similar approach. 

    Regards,

    Jak

Reply
  • 0 in reply to Keith Konecke

    Thanks for the information Keith, very helpful.

    I've had a quick look into the same sort of problem on Azure and as far as I can tell safe-mode is not a supported scenario but there seems to be guides suggesting a very similar approach. 

    Regards,

    Jak

Children
No Data
Unfiltered HTML