Endpoint Tamper Protection Hardening
Can endpoint tamper protection be hardened in a way that the user (even administrator) does not have the ability to disable Sophos services, rename the Sophos directory structure, or even delete Sophos registry keys.
All this will add optimal protection against tampering by not allowing anyone to uninstall Sophos, even with administrative privileges.
Manuel Mitteregger commented
this will not be a secure solution as the GPO can be turned-aroung for 180minutes by the local admin.
Please see this KB: