The problem that existed prior to the release of 9.4.1 is back with the latest version of El Capitan that has just been pre-released 10.11.4 Beta (15E27e). The Sophos icon remains dimmed in the menu bar with the error On-Access Scanning Is Disabled. Could someone in engineering please take a look at this?
Julia, try disabling SIP and then see if that doesn't allow SAV to start. The latest build (15E39c) released a couple of days ago, seems to have solved the problem for me and a couple of other contributors to this string. Also, according to Bob Cook, the updated SAV software will be released late February 10th and it, too, is supposed to solve this issue.
You can check to see if SIP is enabled by going to Terminal and typing csrutil status and then Enter. If it's enabled, here are the instructions to disable it.
Reboot into Recovery (Cmd+R at the chime). In Utilities>Terminal enter csrutil disable and reboot. That will disable SIP and On-Access Scanning should work. Note that this is not a "solution" since Apple added SIP to El Capitan for security purposes and really should be enabled. Moreover, it's likely that any future beta will turn it back on by default. Also, csrutil has three arguments: disable, enable, and status. The first two will only work in Recovery. Status will also work in Terminal after booting normally.
bocaboy said:"...You can check to see if SIP is enabled by going to Terminal and typing csrutil status and then Enter. If it's enabled, here are the instructions to disable it.
Reboot into Recovery (Cmd+R at the chime). In Utilities>Terminal enter csrutil disable and reboot. That will disable SIP and On-Access Scanning should work. Note that this is not a "solution" since Apple added SIP to El Capitan for security purposes and really should be enabled. Moreover, it's likely that any future beta will turn it back on by default. Also, csrutil has three arguments: disable, enable, and status. The first two will only work in Recovery. Status will also work in Terminal after booting normally."
While I obviously agree with the stated solution, [;)] testing the latest 10.11.4 build revealed that installing it did not automatically reactivate SIP. Since SIP being active is a good idea for security purposes, it might be wiser to wait until tomorrow afternoon to see if this new issue is resolved by Sophos 9.4.2 which is scheduled to be released then, especially since the actual state of SIP is transparent unless its status is actively checked in Terminal.
bocaboy said:Yep, I discovered the same thing, e.g., SIP didn't get re-enabled...
...I totally understand your thinking about waiting until tomorrow, but I was curious to see what would happen...
My point was the advice to Julia.
We've been down this road before but my original advice, which you quoted to Julia, might have led her to assume that SIP would be reactivated with the new beta (and the release?) of 10.11.4. SIP being active is an important security feature and, unlike the Sophos logo which goes gray when On-Access scanning is off (an excellent interface feature), there's no way of telling SIP's status without checking in Terminal. Waiting until tomorrow's release of Sophos 9.4.2 would fix at least the On-Access scanning issue without tinkering with SIP. Moreover, her issue might or might not be solved with 9.4.2 but with SIP off, we and she would never know and the security benefits of SIP would be lost.
