This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Latest pre-release of 10.11.4 breaks Sophos AV Home Edition

The problem that existed prior to the release of 9.4.1 is back with the latest version of El Capitan that has just been pre-released 10.11.4 Beta (15E27e). The Sophos icon remains dimmed in the menu bar with the error On-Access Scanning Is Disabled. Could someone in engineering please take a look at this?



This thread was automatically locked due to age.
Parents
  • I am also having issues with 10.11.4Beta. In trying to trouble shoot, I found the following in Sophos Anti-Virus.log - Is this part of the issue you are working on?


    com.sophos.autoupdate: Download completed at 09:46:27 09 February 2016
    com.sophos.autoupdate: Update started at 09:47:05 09 February 2016
    com.sophos.autoupdate: Update completed at 09:53:08 09 February 2016
    com.sophos.autoupdate: Info: Checked primary server at 09:53 on 09 February 2016
    com.sophos.autoupdate: Sophos Anti-Virus was updated
    com.sophos.autoupdate:
    com.sophos.intercheck: Info: ic_worker_start: kext not found, attempting to load at 09:53 on 09 February 2016
    com.sophos.intercheck:
    com.sophos.intercheck: Info: ic_worker_start: unable to load on access kext at 09:53 on 09 February 2016
    com.sophos.intercheck:
  • Julia, try disabling SIP and then see if that doesn't allow SAV to start. The latest build (15E39c) released a couple of days ago, seems to have solved the problem for me and a couple of other contributors to this string.  Also, according to Bob Cook, the updated SAV software will be released late February 10th and it, too, is supposed to solve this issue.

    You can check to see if SIP is enabled by going to Terminal and typing csrutil status and then Enter. If it's enabled, here are the instructions to disable it.

    Reboot into Recovery (Cmd+R at the chime). In Utilities>Terminal enter csrutil disable and reboot. That will disable SIP and On-Access Scanning should work. Note that this is not a "solution" since Apple added SIP to El Capitan for security purposes and really should be enabled. Moreover, it's likely that any future beta will turn it back on by default. Also, csrutil has three arguments: disable, enable, and status. The first two will only work in Recovery. Status will also work in Terminal after booting normally.

  • bocaboy said:

    "...You can check to see if SIP is enabled by going to Terminal and typing csrutil status and then Enter. If it's enabled, here are the instructions to disable it.

    Reboot into Recovery (Cmd+R at the chime). In Utilities>Terminal enter csrutil disable and reboot. That will disable SIP and On-Access Scanning should work. Note that this is not a "solution" since Apple added SIP to El Capitan for security purposes and really should be enabled. Moreover, it's likely that any future beta will turn it back on by default. Also, csrutil has three arguments: disable, enable, and status. The first two will only work in Recovery. Status will also work in Terminal after booting normally."

    While I obviously agree with the stated solution, [;)] testing the latest 10.11.4 build revealed that installing it did not automatically reactivate SIP. Since SIP being active is a good idea for security purposes, it might be wiser to wait until tomorrow afternoon to see if this new issue is resolved by Sophos 9.4.2 which is scheduled to be released then, especially since the actual state of SIP is transparent unless its status is actively checked in Terminal.

Reply
  • bocaboy said:

    "...You can check to see if SIP is enabled by going to Terminal and typing csrutil status and then Enter. If it's enabled, here are the instructions to disable it.

    Reboot into Recovery (Cmd+R at the chime). In Utilities>Terminal enter csrutil disable and reboot. That will disable SIP and On-Access Scanning should work. Note that this is not a "solution" since Apple added SIP to El Capitan for security purposes and really should be enabled. Moreover, it's likely that any future beta will turn it back on by default. Also, csrutil has three arguments: disable, enable, and status. The first two will only work in Recovery. Status will also work in Terminal after booting normally."

    While I obviously agree with the stated solution, [;)] testing the latest 10.11.4 build revealed that installing it did not automatically reactivate SIP. Since SIP being active is a good idea for security purposes, it might be wiser to wait until tomorrow afternoon to see if this new issue is resolved by Sophos 9.4.2 which is scheduled to be released then, especially since the actual state of SIP is transparent unless its status is actively checked in Terminal.

Children
  • Yep, I discovered the same thing, e.g., SIP didn't get re-enabled. If I hadn't read a post as part of this string that the new build fixed the problem, I never would have re-enabled SIP on my box to see if SAV now worked, which it did.

    I totally understand your thinking about waiting until tomorrow, but I was curious to see what would happen. The real question is, did Apple make an error in the previous build that they've now fixed, or was it something else that was the problem. I guess we'll never now, but good that SAV is releasing a fix tomorrow!
  • bocaboy said:
    Yep, I discovered the same thing, e.g., SIP didn't get re-enabled...

    ...I totally understand your thinking about waiting until tomorrow, but I was curious to see what would happen...

    My point was the advice to Julia.

    We've been down this road before but my original advice, which you quoted to Julia, might have led her to assume that SIP would be reactivated with the new beta (and the release?) of 10.11.4. SIP being active is an important security feature and, unlike the Sophos logo which goes gray when On-Access scanning is off (an excellent interface feature), there's no way of telling SIP's status without checking in Terminal. Waiting until tomorrow's release of Sophos 9.4.2 would fix at least the On-Access scanning issue without tinkering with SIP. Moreover, her issue might or might not be solved with 9.4.2 but with SIP off, we and she would never know and the security benefits of SIP would be lost.