Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 70 replies
  • Answers 2 answers
  • Subscribers 22 subscribers
  • Views 301345 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Latest pre-release of 10.11.4 breaks Sophos AV Home Edition

bocaboy

The problem that existed prior to the release of 9.4.1 is back with the latest version of El Capitan that has just been pre-released 10.11.4 Beta (15E27e). The Sophos icon remains dimmed in the menu bar with the error On-Access Scanning Is Disabled. Could someone in engineering please take a look at this?



This thread was automatically locked due to age.
  • 0 in reply to ZRL1
    Thanks you were correct.
  • 0 in reply to bobcook
    Thank you for the link and your reply - both are much appreciated.
  • 0 in reply to bobcook
    I'm going to return to the legacy Sophos Home for Mac (9.4.1) until these two products can be brought into line in terms of functionality and update schedule. For the record, I also like being able to create a custom scan schedule for my computers which currently isn't part of the new version of Home. Thanks for supplying the link to the original software, Bob. As Paul noted in his post, it is, indeed, hard to find on the Sophos site.
  • 0
    Hi Just updated to Beta 3 and sops seems to be back working
  • 0
    I agree with Chris. Build 15E39c of 10.11.4 seems to have corrected the issue that caused the problem. Hopefully, combined with the release of 9.4.2 of SAV due later this week, this problem will finally be put to bed, at least until Apple updates OS X later this year.
  • 0
    I am also having issues with 10.11.4Beta. In trying to trouble shoot, I found the following in Sophos Anti-Virus.log - Is this part of the issue you are working on?


    com.sophos.autoupdate: Download completed at 09:46:27 09 February 2016
    com.sophos.autoupdate: Update started at 09:47:05 09 February 2016
    com.sophos.autoupdate: Update completed at 09:53:08 09 February 2016
    com.sophos.autoupdate: Info: Checked primary server at 09:53 on 09 February 2016
    com.sophos.autoupdate: Sophos Anti-Virus was updated
    com.sophos.autoupdate:
    com.sophos.intercheck: Info: ic_worker_start: kext not found, attempting to load at 09:53 on 09 February 2016
    com.sophos.intercheck:
    com.sophos.intercheck: Info: ic_worker_start: unable to load on access kext at 09:53 on 09 February 2016
    com.sophos.intercheck:
  • 0 in reply to JuliaOlsen
    Possibly. You would also find some messages in the Console about kext signing, if its the same issue. Disabling the System Integrity Protection feature is a workaround, although admittedly not a great one.

    ---

    Bob Cook (bob.cook@sophos.com) Director, Software Development

  • 0 in reply to JuliaOlsen

    Julia, try disabling SIP and then see if that doesn't allow SAV to start. The latest build (15E39c) released a couple of days ago, seems to have solved the problem for me and a couple of other contributors to this string.  Also, according to Bob Cook, the updated SAV software will be released late February 10th and it, too, is supposed to solve this issue.

    You can check to see if SIP is enabled by going to Terminal and typing csrutil status and then Enter. If it's enabled, here are the instructions to disable it.

    Reboot into Recovery (Cmd+R at the chime). In Utilities>Terminal enter csrutil disable and reboot. That will disable SIP and On-Access Scanning should work. Note that this is not a "solution" since Apple added SIP to El Capitan for security purposes and really should be enabled. Moreover, it's likely that any future beta will turn it back on by default. Also, csrutil has three arguments: disable, enable, and status. The first two will only work in Recovery. Status will also work in Terminal after booting normally.

  • 0 in reply to bocaboy

    bocaboy said:

    "...You can check to see if SIP is enabled by going to Terminal and typing csrutil status and then Enter. If it's enabled, here are the instructions to disable it.

    Reboot into Recovery (Cmd+R at the chime). In Utilities>Terminal enter csrutil disable and reboot. That will disable SIP and On-Access Scanning should work. Note that this is not a "solution" since Apple added SIP to El Capitan for security purposes and really should be enabled. Moreover, it's likely that any future beta will turn it back on by default. Also, csrutil has three arguments: disable, enable, and status. The first two will only work in Recovery. Status will also work in Terminal after booting normally."

    While I obviously agree with the stated solution, [;)] testing the latest 10.11.4 build revealed that installing it did not automatically reactivate SIP. Since SIP being active is a good idea for security purposes, it might be wiser to wait until tomorrow afternoon to see if this new issue is resolved by Sophos 9.4.2 which is scheduled to be released then, especially since the actual state of SIP is transparent unless its status is actively checked in Terminal.

  • 0 in reply to ZRL1
    Yep, I discovered the same thing, e.g., SIP didn't get re-enabled. If I hadn't read a post as part of this string that the new build fixed the problem, I never would have re-enabled SIP on my box to see if SAV now worked, which it did.

    I totally understand your thinking about waiting until tomorrow, but I was curious to see what would happen. The real question is, did Apple make an error in the previous build that they've now fixed, or was it something else that was the problem. I guess we'll never now, but good that SAV is releasing a fix tomorrow!
Unfiltered HTML