Latest pre-release of 10.11.4 breaks Sophos AV Home Edition

bocaboy said:

...How did you figure out that it was SIP that was causing the problem? It's a little puzzling that it's the problem since, as noted by VincentCina, SIP has been running in El Capitan since it was released.

When El Cap was first introduced, SIP was the new security feature and it got enough coverage that some discussions included the Terminal commands to control it. After my original upgrade to El Cap, Sophos stopped working so turning off SIP seemed worth a try and it worked. As Sophos improved, I'd turn SIP on again as a test and left it on when the problem was solved. But when the problem recurred, turning SIP off was worth a try again, especially since it's simple enough to do. But since SIP is a good idea for security, the csrutil fix should be temporary at best if the betas are on a production machine. 

Thanks for the explanation. I had the same problem as I described here when I installed SAV under Yosemite on my iMac. (Inexplicably, my MacBook Pro was fine under the same OS. Go figure) Anyway, the problem with SAV resolved itself when 9.4.1 was released. It's also been working fine all the way to this beta of 10.11.4. In other words, SIP was never an issue prior to this beta.

Anyway, I did disable SIP, and that solved the problem of the dimmed icon. I have no idea if the problem is with Apple or Sophos, but I've reported it as a bug on the Developer forum at Apple as well as via Feedback Assistant. We'll see if that changes anything.

For the record, I'm surprised that Sophos QA doesn't uncover these problems. They have access to the same builds we do, and based on how many people experience issues, how is it that they're not uncovered prior to release? I'll give them a buy on 10.11.4 as it was just released last week, but this problem has existed on previous builds as well. Anyway, not trying to be difficult, just questioning the QA process at Sophos and that maybe it should be re-examined.

Rather than disable SIP I decided to install 10.11.3 last night. Sophos AV Home, and on-access scanning is working once again. I have lost the use of Photos until it is updated, but I can live with that as I have another production machine. I can live without this beta, as there are not any earth shattering feature enhancements.

That's a good solution in that you have both security systems working as well as whatever improvements 10.11.3 offers, especially when it's applied to a production machine.

We are developing a fix for this issue. Its being tested this week and should be available in the first week of February (pending test results). Hang in there.

Bob, a lot of us are already involved in the Apple beta program. The perfect test crew for your fix is right here.

Oh don't get me wrong, I'm sure you guys are qualified for testing this change. There are other fixes in the pipeline for the same release, and we have some internal testing gates that have to be satisfied before any software goes out the door.

Just adding my name to the list of me toos. Was hoping it was something on Apple's end that would be fixed in today's update, but no joy. Good to hear that a fix is in the work and there's a temporary work around -- think I'll wait though.

Should work is not it does work. It does not work. On access scanning still does not work with SIP disabled.