Bypassing Tamper Protection in Sophos Endpoint Protection 10.7

Bypassing Tamper Protection in Sophos Endpoint Protection 10.7

CVE-2018-4863 · LOW Severity

AV:L/AC:L/AU:N/C:N/I:P/A:N

Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key.

Learn more about our User Device Pen Test.