Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 70 replies
  • Answers 2 answers
  • Subscribers 22 subscribers
  • Views 301149 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Latest pre-release of 10.11.4 breaks Sophos AV Home Edition

bocaboy

The problem that existed prior to the release of 9.4.1 is back with the latest version of El Capitan that has just been pre-released 10.11.4 Beta (15E27e). The Sophos icon remains dimmed in the menu bar with the error On-Access Scanning Is Disabled. Could someone in engineering please take a look at this?



This thread was automatically locked due to age.
  • 0
    Having the same problem, except that even with 'Not Secure' glaring at me I was able to get a full scan just by clicking the Scan Now button (apparently unlike ZRL1). Hoping for a quick fix.
  • 0 in reply to JohnGillett
    You misunderstood what I said. The issue was with turning On-Access Scanning on, not with doing a scan.
  • 0
    I am also having the exact same problem. After updating from OS X 10.11.4 Beta 3 to beta 4 on-access protection is off and can not be enabled.
  • 0 in reply to VincentCina
    Note that if you turn System Integrity Protection off, you can enable On-Access Protection and it should stay enabled, at least until the next Beta is released.
  • 0 in reply to bobcook
    $ ls -lR /Library/Extensions/SophosNetworkInterceptor.kext
    total 0
    dr-xr-xr-x 6 root wheel 204B 16 Nov 20:51 Contents/

    /Library/Extensions/SophosNetworkInterceptor.kext/Contents:
    total 8
    -r--r--r-- 1 root wheel 1.4K 16 Nov 20:51 Info.plist
    dr-xr-xr-x 3 root wheel 102B 16 Nov 20:51 MacOS/
    dr-xr-xr-x 3 root wheel 102B 16 Nov 20:51 Resources/
    dr-xr-xr-x 3 root wheel 102B 16 Nov 20:51 _CodeSignature/

    /Library/Extensions/SophosNetworkInterceptor.kext/Contents/MacOS:
    total 224
    -r-xr-xr-x 1 root wheel 110K 16 Nov 20:51 SophosSocketFilter*

    /Library/Extensions/SophosNetworkInterceptor.kext/Contents/Resources:
    total 8
    -r--r--r-- 1 root wheel 458B 16 Nov 20:51 build-info.plist

    /Library/Extensions/SophosNetworkInterceptor.kext/Contents/_CodeSignature:
    total 8
    -r--r--r-- 1 root wheel 426B 16 Nov 20:51 CodeResources
    $ find /Library/Extensions/SophosNetworkInterceptor.kext -type f -exec md5 '{}' \;
    MD5 (/Library/Extensions/SophosNetworkInterceptor.kext/Contents/_CodeSignature/CodeResources) = 9bd102f37637c83812aa36b4aeb6c5db
    MD5 (/Library/Extensions/SophosNetworkInterceptor.kext/Contents/Info.plist) = 62a4ad5a0134537d5a1badd6230006a9
    MD5 (/Library/Extensions/SophosNetworkInterceptor.kext/Contents/MacOS/SophosSocketFilter) = 445675e047d911f354fc5e24bc88a679
    MD5 (/Library/Extensions/SophosNetworkInterceptor.kext/Contents/Resources/build-info.plist) = 9f86d916dd7b91f35131868a308b5706
  • 0
    As requested:

    Rons-Macbook:~ Ron$ ls -lR /Library/Extensions/SophosNetworkInterceptor.kext
    total 0
    dr-xr-xr-x 6 root wheel 204 Jan 13 07:53 Contents

    /Library/Extensions/SophosNetworkInterceptor.kext/Contents:
    total 8
    -r--r--r-- 1 root wheel 1437 Jan 13 07:53 Info.plist
    dr-xr-xr-x 3 root wheel 102 Jan 13 07:53 MacOS
    dr-xr-xr-x 3 root wheel 102 Jan 13 07:53 Resources
    dr-xr-xr-x 3 root wheel 102 Jan 13 07:53 _CodeSignature

    /Library/Extensions/SophosNetworkInterceptor.kext/Contents/MacOS:
    total 224
    -r-xr-xr-x 1 root wheel 112900 Jan 13 07:53 SophosSocketFilter

    /Library/Extensions/SophosNetworkInterceptor.kext/Contents/Resources:
    total 8
    -r--r--r-- 1 root wheel 458 Jan 13 07:53 build-info.plist

    /Library/Extensions/SophosNetworkInterceptor.kext/Contents/_CodeSignature:
    total 8
    -r--r--r-- 1 root wheel 426 Jan 13 07:53 CodeResources


    Rons-Macbook:~ Ron$ find /Library/Extensions/SophosNetworkInterceptor.kext -type f -exec md5 '{}' \;
    MD5 (/Library/Extensions/SophosNetworkInterceptor.kext/Contents/_CodeSignature/CodeResources) = 6d72b40fd8ecf726a68a0b0392ce2caf
    MD5 (/Library/Extensions/SophosNetworkInterceptor.kext/Contents/Info.plist) = 62a4ad5a0134537d5a1badd6230006a9
    MD5 (/Library/Extensions/SophosNetworkInterceptor.kext/Contents/MacOS/SophosSocketFilter) = 70b673c2f950f13ed054b24fc08ae403
    MD5 (/Library/Extensions/SophosNetworkInterceptor.kext/Contents/Resources/build-info.plist) = 1e778eccca3cee7fcf311cd65c6f213b
  • 0
    Thanks to everyone who provided the directory listings and hashes, confirmed these are correct. It appears that Apple has done something new in 10.11.4 - could be a bug, could be a new feature, only Apple seems to know. We are working to understand the root cause, and get a fix (if required) out quickly.

    We do codesign our kexts (verify with "codesign -dvvv <path_to_bundle>") but its possible Apple has silently introduced new requirements, like they did to everyone in 10.9.5. Yay.

    ---

    Bob Cook (bob.cook@sophos.com) Director, Software Development

  • 0 in reply to ZRL1
    Unfortunately that is not working for me. Did send Feedback to Apple earlier. Hopefully others here did so as well.
  • 0 in reply to JohnGillett

    JohnGillett said:
    Unfortunately that is not working for me

    Assuming you mean getting On-Access Scanning working, did you turn off System Integrity Protection using csrutil in Terminal while in Recovery?

Unfiltered HTML