This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Latest pre-release of 10.11.4 breaks Sophos AV Home Edition

The problem that existed prior to the release of 9.4.1 is back with the latest version of El Capitan that has just been pre-released 10.11.4 Beta (15E27e). The Sophos icon remains dimmed in the menu bar with the error On-Access Scanning Is Disabled. Could someone in engineering please take a look at this?



This thread was automatically locked due to age.
  • To add to this, On-Access Scanning will be disabled but the Start Scanning button will be enabled. Clicking it will change the button to Starting... but then generate an error: Sophos Anti Virus is not running.

    Oddly, if System Integrity Protection is then turned off in Recovery mode, after a reboot, On-Access Scanning is now on and working without further action. However, if SIP is enabled, after reboot, it's off again. And when the Start Scanning button is clicked, its legend changes to Stopping... The SAV not running error is generated again, though it seems to have taken longer.
  • Thanks for your comments. I just tried their new product, Sophos Home, and still end up with a dimmed icon. I've reported this as a bug to Apple, but I hope that the Sophos engineering team will investigate this on their own with this pre-release to see what happened to have this issue reoccur. In the meantime, I guess I don't have any AV protection.
  • I have experienced the same problem as ZRL1 and bocaboy. Let's hope that support has a quick fix. I hate being exposed.
  • From console log: ERROR: invalid signature for com.sophos.kext.sav, will not load
  • I found the following messages including the invalid signatures message

    1/15/16 12:25:33.339 AM com.apple.kextd[48]: ERROR: invalid signature for com.sophos.nke.swi, will not load
    1/15/16 12:25:33.000 AM kernel[0]: Kext com.sophos.nke.swi not found for unload request.
    1/15/16 12:25:33.000 AM kernel[0]: Kext com.sophos.nke.swi not found for unload request.
    1/15/16 12:25:34.000 AM kernel[0]: Kext com.sophos.nke.swi not found for unload request.
    1/15/16 12:25:34.000 AM kernel[0]: Kext com.sophos.nke.swi not found for unload request.
    1/15/16 12:25:34.000 AM kernel[0]: Kext com.sophos.nke.swi not found for unload request.
    1/15/16 12:25:34.536 AM SMEServiceManager[59]: [SMEServiceManager.m:1541] Unable to unload kext 'com.sophos.nke.swi'.
    1/15/16 12:25:35.018 AM com.apple.kextd[48]: Untrusted kexts are not allowed
  • Can you please run the following commands in Terminal and send me the result?

    ls -lR /Library/Extensions/SophosNetworkInterceptor.kext

    find /Library/Extensions/SophosNetworkInterceptor.kext -type f -exec md5 '{}' \;

    Thanks much!

    ---

    Bob Cook (bob.cook@sophos.com) Director, Software Development

  • I am having the same problem with the new beta. I uninstalled AV and installed Sophos Home and still have the same problem.
    Here is the result of the terminal command requested while running Sophos Home:

    MacPro_Eth_en0:~ MacPro$ ls -lR /Library/Extensions/SophosNetworkInterceptor.kext
    total 0
    dr-xr-xr-x 6 root wheel 204 Jan 15 11:24 Contents

    /Library/Extensions/SophosNetworkInterceptor.kext/Contents:
    total 8
    -r--r--r-- 1 root wheel 1437 Jan 15 11:24 Info.plist
    dr-xr-xr-x 3 root wheel 102 Jan 15 11:24 MacOS
    dr-xr-xr-x 3 root wheel 102 Jan 15 11:24 Resources
    dr-xr-xr-x 3 root wheel 102 Jan 15 11:24 _CodeSignature

    /Library/Extensions/SophosNetworkInterceptor.kext/Contents/MacOS:
    total 224
    -r-xr-xr-x 1 root wheel 112900 Jan 15 11:24 SophosSocketFilter

    /Library/Extensions/SophosNetworkInterceptor.kext/Contents/Resources:
    total 8
    -r--r--r-- 1 root wheel 458 Jan 15 11:24 build-info.plist

    /Library/Extensions/SophosNetworkInterceptor.kext/Contents/_CodeSignature:
    total 8
    -r--r--r-- 1 root wheel 426 Jan 15 11:24 CodeResources

    and for the second command:

    MacPro_Eth_en0:~ MacPro$ find /Library/Extensions/SophosNetworkInterceptor.kext -type f -exec md5 '{}' \;
    MD5 (/Library/Extensions/SophosNetworkInterceptor.kext/Contents/_CodeSignature/CodeResources) = 6d72b40fd8ecf726a68a0b0392ce2caf
    MD5 (/Library/Extensions/SophosNetworkInterceptor.kext/Contents/Info.plist) = 62a4ad5a0134537d5a1badd6230006a9
    MD5 (/Library/Extensions/SophosNetworkInterceptor.kext/Contents/MacOS/SophosSocketFilter) = 70b673c2f950f13ed054b24fc08ae403
    MD5 (/Library/Extensions/SophosNetworkInterceptor.kext/Contents/Resources/build-info.plist) = 1e778eccca3cee7fcf311cd65c6f213b

    The Sophos agent I chatted with online about an hour ago was totally unaware of this issue with the new beta.
  • I am having the same problem with the new beta. I uninstalled AV and installed Sophos Home and still have the same problem.
    Here is the result of the terminal command requested while running Sophos Home:

    MacPro_Eth_en0:~ MacPro$ ls -lR /Library/Extensions/SophosNetworkInterceptor.kext
    total 0
    dr-xr-xr-x 6 root wheel 204 Jan 15 11:24 Contents

    /Library/Extensions/SophosNetworkInterceptor.kext/Contents:
    total 8
    -r--r--r-- 1 root wheel 1437 Jan 15 11:24 Info.plist
    dr-xr-xr-x 3 root wheel 102 Jan 15 11:24 MacOS
    dr-xr-xr-x 3 root wheel 102 Jan 15 11:24 Resources
    dr-xr-xr-x 3 root wheel 102 Jan 15 11:24 _CodeSignature

    /Library/Extensions/SophosNetworkInterceptor.kext/Contents/MacOS:
    total 224
    -r-xr-xr-x 1 root wheel 112900 Jan 15 11:24 SophosSocketFilter

    /Library/Extensions/SophosNetworkInterceptor.kext/Contents/Resources:
    total 8
    -r--r--r-- 1 root wheel 458 Jan 15 11:24 build-info.plist

    /Library/Extensions/SophosNetworkInterceptor.kext/Contents/_CodeSignature:
    total 8
    -r--r--r-- 1 root wheel 426 Jan 15 11:24 CodeResources

    and for the second command:

    MacPro_Eth_en0:~ MacPro$ find /Library/Extensions/SophosNetworkInterceptor.kext -type f -exec md5 '{}' \;
    MD5 (/Library/Extensions/SophosNetworkInterceptor.kext/Contents/_CodeSignature/CodeResources) = 6d72b40fd8ecf726a68a0b0392ce2caf
    MD5 (/Library/Extensions/SophosNetworkInterceptor.kext/Contents/Info.plist) = 62a4ad5a0134537d5a1badd6230006a9
    MD5 (/Library/Extensions/SophosNetworkInterceptor.kext/Contents/MacOS/SophosSocketFilter) = 70b673c2f950f13ed054b24fc08ae403
    MD5 (/Library/Extensions/SophosNetworkInterceptor.kext/Contents/Resources/build-info.plist) = 1e778eccca3cee7fcf311cd65c6f213b

    The Sophos agent I chatted with online about an hour ago was totally unaware of this issue with the new beta.
  • Bob,
    Here are the results:

    Glenn-Gardiners-MacBook-Pro:~ glenng6$ ls -lR /Library/Extensions/SophosNetworkInterceptor.kext
    total 0
    dr-xr-xr-x 6 root wheel 204 Sep 25 06:03 Contents

    /Library/Extensions/SophosNetworkInterceptor.kext/Contents:
    total 8
    -r--r--r-- 1 root wheel 1437 Sep 25 06:03 Info.plist
    dr-xr-xr-x 3 root wheel 102 Sep 25 06:03 MacOS
    dr-xr-xr-x 3 root wheel 102 Sep 25 06:03 Resources
    dr-xr-xr-x 3 root wheel 102 Sep 25 06:03 _CodeSignature

    /Library/Extensions/SophosNetworkInterceptor.kext/Contents/MacOS:
    total 224
    -r-xr-xr-x 1 root wheel 112900 Sep 25 06:03 SophosSocketFilter

    /Library/Extensions/SophosNetworkInterceptor.kext/Contents/Resources:
    total 8
    -r--r--r-- 1 root wheel 458 Sep 25 06:03 build-info.plist

    /Library/Extensions/SophosNetworkInterceptor.kext/Contents/_CodeSignature:
    total 8
    -r--r--r-- 1 root wheel 426 Sep 25 06:03 CodeResources
    Glenn-Gardiners-MacBook-Pro:~ glenng6$


    Glenn-Gardiners-MacBook-Pro:~ glenng6$ find /Library/Extensions/SophosNetworkInterceptor.kext -type f -exec md5 '{}' \;
    MD5 (/Library/Extensions/SophosNetworkInterceptor.kext/Contents/_CodeSignature/CodeResources) = 9bd102f37637c83812aa36b4aeb6c5db
    MD5 (/Library/Extensions/SophosNetworkInterceptor.kext/Contents/Info.plist) = 62a4ad5a0134537d5a1badd6230006a9
    MD5 (/Library/Extensions/SophosNetworkInterceptor.kext/Contents/MacOS/SophosSocketFilter) = 445675e047d911f354fc5e24bc88a679
    MD5 (/Library/Extensions/SophosNetworkInterceptor.kext/Contents/Resources/build-info.plist) = 9f86d916dd7b91f35131868a308b5706
    Glenn-Gardiners-MacBook-Pro:~ glenng6$
  • Same problem. Same MD5 checksums. It breaks are security, so i cannot use VPN technology to do my work...