Real-time protection shows as "not running"

Reinstalled Sophos Home 10.9.1 after upgrading to OS X 15 (Sequoia) on an M1 Mac. Sophos icon is orange, saying "Real-time Protection not running" but when I go to the portal page, it shows as being enabled. Also having a similar issue with a second message saying "Potentially Unwanted App Protection Disabled" when the portal says it's enabled. I've restarted the endpoint several times, tried turning it off and reenabling, but nothing seems to resolve the issue. Thanks for any suggestions. I'm having a bit of trouble with support documentation because very little (if any) has been updated to reflect the Sequoia interface; most seem to still be about Ventura.

John



modified for clarity
[edited by: John Meggers at 9:11 PM (GMT -7) on 30 Sep 2024]
Parents Reply Children
  • Hello,

    I am currently checking with Sophos Home Support, but I believe you should only need to follow the Work Around on Step 1, not the MDM one.

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • I'm not sure I'm clear on exactly what Step 1 is. I don't see anything identified in that manner.

    This morning I tried a complete uninstall and restart, removing the device from my dashboard, and then reinstalling and setting up full disk access and enabling the extensions. Didn't make any difference. My laptop's header bar icon is still orange, says "Computer is Vulnerable", "Real-time protection not running" and "Potentially Unwanted App Protection Disabled" when the dashboard shows both Real-time Protection and Potentially Unwanted Apps as enabled.

    The really weird part is this morning I also upgraded one of my other Macs (a Mini) to OS X 15 (Sequoia), and prior to the upgrade I uninstalled Sophos Home, and then following the upgrade did a fresh download and install. And everything is fine, the icon in the header bar looks normal, and the dashboard says everything is fine with that Mac. So I'm trying to figure out what's different with my MB Pro. There are two things I've found so far. The first (which is pretty strange) is full disk access on the Mac mini includes the file com.sophos.endpoint.scanextension, but I cannot locate that file on the Mini (yes, I'm viewing hidden files), nor can I find it on my MBP. The other thing is on my MBP, I see "SophosCryptoGuard" which I do NOT see on the Mac mini. (I tried turning CryptoGuard off but that didn't change anything.)

    Thanks for any further information.