Big Sur EAP stopping access to Exchange & Microsoft update

Hi,

Thanks for reporting this. 

For the investigation, please provide the following:

• Go into Central, find the device, and click on the generate SDU button
• Once the sdu is uploaded, post the file name here so we can extract it and take a look
• Have you done any alterations to your policy?
  • if yes, has anything changed the symptoms?
  • Or have you just tested removing the product?
• Have you allowed all the permissions for the product and rebooted the machine?
  • The reboot is critical because the permission sets don't apply until it is processed

Thanks Richard.

Ive generated the SDU, do I post it here? Is it only accessible by Sophos staff or should I private message it to you?

Everything I use on Sophos is standard, I havent altered the policy at all.  My only test was removing the EAP and that fixed my issue.  We rebooted several times and left it overnight to see if time helped.  I allowed all of the permissions Sophos asked for and it was giving me the green, you're machine is protected status.

Thanks for re-running the that, we'll get an engineer right on it.

In the meantime we can suggest trying a temporary workaround of disabling the features that rely on the network extension. This will leave file based protections running.

In Central amend, or create new, policies to disable:

• Threat Protection
  

  • • Real-time Scanning - Internet

      • Scan downloads in progress
      • Block access to malicious websites
    • Remediation
      • Enable threat case creation
      • Protect network traffic
• Web Control
  • Disable Web Control 

Once the features are disabled rebooting the machine will ensure the network extension is not loaded.

Wont that disable my protection?  Arent I better off disabling the EAP?

It will disable network protections but keep file based detections (such as real-time scanning, on-demand scanning and cryptoguard) enabled. Disabling the EAP will remove all protection from the affected machines.

Although we've been struggling to reproduce, we think we have a lead as your previous SDUs exhibited a crash in the network extension. Before disabling the features, would you be so kind to reboot and send another SDU once the connection fails? It would be helpful to know if the crash occurs again.

Thanks again for your assistance.

Ok thanks.  I had removed the EAP again so my emails would work.  I have tried reinstalling the EAP today although it has given me troubles all day.  Ive tried uninstalling Sophos Endpoint and reinstalling it today and the EAP is now running again.

Traffic to office updates & exchange still blocked.  No other traffic seems to be affected.

c1720e5c-0eda-548b-9979-22e61ecfadcf_2021-01-29-08-08-08.zip

Please be on the lookout for v10.0.3. The update is rolling out this week and we'd be keen to know if any of the fixes made improve this for you.

Hi David - unfortunately the update doesn't help my issue.  EAP still blocks access.

My exchange emails last updated 7:25pm 15th Feb 2021.  Our other Mac (not on Big Sur) connects no problems.

v10.0.0.4 still causes me trouble with all MS Exchange access.

Ill need to opt back out of the EAP to be able to send emails.  Surely Im not the only person having this problem?

Hi David, I can't seem to opt out of the EAP anymore.  Whether I'm in or out it stays at v 10.0.4 and it won't support Exchange emails.  Should I uninstall Sophos EndPoint and reinstall?

Just ran another SDU to help.  c1720e5c-0eda-548b-9979-22e61ecfadcf_2021-03-16-10-47-35.zip

Thanks Matt

Hi Matt,

10.0.4 is now GA, meaning it's the version for all regardless of EAP status.

I'm sorry to hear that you're still having troubles and I assure you that the team still working hard to improve the experience.

I would recommend raising a case through Support.

Did you get the workaround to work at all? It will disable network protections but keep file based detections (such as real-time scanning, on-demand scanning and cryptoguard) enabled

In Central amend, or create new, policies to disable:

• Threat Protection
  

  • • Real-time Scanning - Internet

      • Scan downloads in progress
      • Block access to malicious websites
    • Remediation
      • Enable threat case creation
      • Protect network traffic
• Web Control
  • Disable Web Control 

Once the features are disabled rebooting the machine will ensure the network extension is not loaded.

Hi Matt,

10.0.4 is now GA, meaning it's the version for all regardless of EAP status.

I'm sorry to hear that you're still having troubles and I assure you that the team still working hard to improve the experience.

I would recommend raising a case through Support.

Did you get the workaround to work at all? It will disable network protections but keep file based detections (such as real-time scanning, on-demand scanning and cryptoguard) enabled

In Central amend, or create new, policies to disable:

• Threat Protection
  

  • • Real-time Scanning - Internet

      • Scan downloads in progress
      • Block access to malicious websites
    • Remediation
      • Enable threat case creation
      • Protect network traffic
• Web Control
  • Disable Web Control 

Once the features are disabled rebooting the machine will ensure the network extension is not loaded.