Additional update to this:

When Sophos AV gets horked, damn does it get horked!!!!

RMM still works in safe mode!

Requirements:

Remote station MUST be connected with an ethernet cable (wifi is not supported in safemode with networking)

From your RMM remote session, run msconfig > Boot Tab > Tick Safe boot, and Network.  Accept to reboot

1. Note, if you are unsuccessful in uninstalling the software due to tamper protection, follow this article: https://community.sophos.com/kb/en-us/124377

It is possible that the above step will ALSO not work.  Found this to be true on machines in Japan and Taiwan.

While in safe mode, you can indeed perform all the steps to the registry, but despite tamper mode being disabled, it continues to be enabled for some unknown reason.  Time to leverage safe mode for operation: DIE Bitty DIE!

Go to Sophos Central > Set tamper protection to disabled first.

Go to regedit:

• HKLM > Software >Sophos
• Export the entire sophos tree
• Delete
• HKLM > Software > WOW6432Node > Sophos
• Export the entire sophos tree
• Delete

Rename these folders:

C:\program Files\Sophos to C:\Program Files\Sophos.bak

C:\Program Files (x86)\Sophoos to….

C:\ProgramData\Sophos to …

Some of these may fail to rename, but some should.

If any directories would not rename, reboot back into safe mode and keep retrying the failed renames.  Recheck all three locations and make sure nothing named sophos is left

Reboot computer to normal:  Run MSconfig again, change bootup (untick Safe Boot)

No go to control panel > programs > Sophos should uninstall now

Run the sophos installer.

If it still fails, tamper protection should now be disabled

Run it again.