This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Latest pre-release of 10.11.4 breaks Sophos AV Home Edition

The problem that existed prior to the release of 9.4.1 is back with the latest version of El Capitan that has just been pre-released 10.11.4 Beta (15E27e). The Sophos icon remains dimmed in the menu bar with the error On-Access Scanning Is Disabled. Could someone in engineering please take a look at this?



This thread was automatically locked due to age.
Parents
  • I am also having the exact same problem. After updating from OS X 10.11.4 Beta 3 to beta 4 on-access protection is off and can not be enabled.
  • Note that if you turn System Integrity Protection off, you can enable On-Access Protection and it should stay enabled, at least until the next Beta is released.
  • Thanks for the explanation. I had the same problem as I described here when I installed SAV under Yosemite on my iMac. (Inexplicably, my MacBook Pro was fine under the same OS. Go figure) Anyway, the problem with SAV resolved itself when 9.4.1 was released. It's also been working fine all the way to this beta of 10.11.4. In other words, SIP was never an issue prior to this beta.

    Anyway, I did disable SIP, and that solved the problem of the dimmed icon. I have no idea if the problem is with Apple or Sophos, but I've reported it as a bug on the Developer forum at Apple as well as via Feedback Assistant. We'll see if that changes anything.

    For the record, I'm surprised that Sophos QA doesn't uncover these problems. They have access to the same builds we do, and based on how many people experience issues, how is it that they're not uncovered prior to release? I'll give them a buy on 10.11.4 as it was just released last week, but this problem has existed on previous builds as well. Anyway, not trying to be difficult, just questioning the QA process at Sophos and that maybe it should be re-examined.
  • Rather than disable SIP I decided to install 10.11.3 last night. Sophos AV Home, and on-access scanning is working once again. I have lost the use of Photos until it is updated, but I can live with that as I have another production machine. I can live without this beta, as there are not any earth shattering feature enhancements.
  • That's a good solution in that you have both security systems working as well as whatever improvements 10.11.3 offers, especially when it's applied to a production machine.
  • Should work is not it does work. It does not work. On access scanning still does not work with SIP disabled.
  • GaryAlevy said:
    Should work is not it does work. It does not work. On access scanning still does not work with SIP disabled.

    In Terminal "csrutil status" returns "disabled?" After a reboot, if On Access scanning is off, trying to turn it on fails? And you're using OS X 10.11.4?

  • I am using the OS X 10.11.4 beta. I found the following: SIP can be completely or partially disabled. When SIP is completely disabled - On-Access scanning does work. When SIP is partially disabled - On-Access scanning does not work. Note that csrutil reports the status of six different configuration variables. In my case I had OS X system configured using csrutil disable --without debug. When configured this way On-Access scanning did not work but another pre-SIP program that relies on code injection, Total Finder, does work while On-Access scanning will not.
    SIP configuration components are:
    Apple Internal, Kext Signing, Filesystem Protection, Debugging Restrictions, DTrace Restrictions, NVRAM Protections.
  • GaryAlevy said:
    I am using the OS X 10.11.4 beta. I found the following: SIP can be completely or partially disabled. When SIP is completely disabled - On-Access scanning does work. When SIP is partially disabled - On-Access scanning does not work...

    So the instructions I offered for disabling SIP do work to enable On-Access scanning but the method to disable SIP just enough to allow TotalFinder to work isn't also enough for On-Access scanning to work. As I understand it, "csrutil status" will only report the six different configuration variables when a custom configuration has been set (e.g., "--without debug") though there was a bug at one point which produced that list even when SIP was completely disabled.

    Fortunately, the issue should be resolved with the release of 9.4.2 [:)] It doesn't look like TotalFInder's author will pursue a solution though.

  • Thanks you were correct.
  • I'm coming to this a bit late. I'm on El Capitan 10.11.6 and I too have a greyed out menu item for Sophos and "On-Access Scanning is disabled" still showing up. What can I do to get it working again?

  • SharonBaker said:

    I'm coming to this a bit late. I'm on El Capitan 10.11.6 and I too have a greyed out menu item for Sophos and "On-Access Scanning is disabled" still showing up. What can I do to get it working again?

    First, have you tried opening Preferences in Sophos and trying to turn on On-Access scanning there?

    Second, which version of Sophos do you currently have (About Sophos Anti-Virus in the dropdown menu in the Shield)?

    Third, also in that menu, try "Update Now" and see if that helps.

Reply
  • SharonBaker said:

    I'm coming to this a bit late. I'm on El Capitan 10.11.6 and I too have a greyed out menu item for Sophos and "On-Access Scanning is disabled" still showing up. What can I do to get it working again?

    First, have you tried opening Preferences in Sophos and trying to turn on On-Access scanning there?

    Second, which version of Sophos do you currently have (About Sophos Anti-Virus in the dropdown menu in the Shield)?

    Third, also in that menu, try "Update Now" and see if that helps.

Children
  • Hello and thank you for responding. I cannot do what you ask because I don't have that ability. See below.

    • "Update Now" is greyed out (as seen in the menu screenshot)
    • If I click on any of the available clickable menu items (seen in the screenshot), no windows open and nothing happens (with the exception of two things "About..." (see screenshot) and "Show AutoUpdate Window" which just shows a progress bar with no progress.
    • Regarding the "About" screenshot, that is just WEIRD. I don't know why it says it's an unknown version and shows null for threat detection engine, etc. (this said that even before I tried to do anything, like uninstalling or reinstalling)

    After all this, I thought that maybe I should uninstall what I had and reinstall. I went to my Applications folder and found a Sophos App, maybe it was called Sophos Home, I can't remember now. I tried to open it, but nothing would really happen. It would attempt to open, but there was nothing to see within the app. I decided to just delete it, but I don't remember if I deleted before I went to find the installer or after. To download the installer, I remembered that I had login to the Sophos website. So logged in to Sophos Home Dashboard  (which was very confusing to find on your website by the way... At first I was confused by the Sophos ID which was different...) and under the Alerts section, it said something about not having been updated in a while, so I clicked on that (expecting that would help me somehow) and I went back to my Sophos menu item and nothing had changed. I still couldn't do anything. So I tried to look in other areas of the Dashboard to see if I could find a download to reinstall, and nothing. Oh, one more thing, after I decided to delete the Sophos app that was in my Applications folder, I thought the Sophos menu item would disappear and I could start from scratch, but no. I restarted after I deleted the app and the Sophos menu item still shows up, showing the same information it did before the removal of said application. Interestingly enough, I went to my trash to see if the app was still there from when I deleted it (because I haven't emptied my trash) and it's not even there, which is very weird... I'm very confused about how this app works. It's kind of making me suspicious...

    Mind you, I still cannot find a download to do a reinstall, and I gave up trying anything so I looked to see if anyone else had similar issues and found a few threads. I decided to respond to this one.

    P.S. To Sophos Staff, I did a search on my computer for any files with text 'Sophos' and found some .plist and .bom files and a .log file. If you need it, please give me a place where I can send them to you. I don't want to post them here.