Thread Info
  • State Suggested Answer
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 6 subscribers
  • Views 9441 views
  • Users 0 members are here
Options
Suggested

Sophos Intercept X with EDR - EAP 10.0.2 - Services not working

Jeffrey Bodine

A lot of the services and protection features are not working. I am running Big Sur 11.1.

1. Web Control - Blocking certain categories - It only works after I do a uninstall and install of the program, sync with Sophos Central, and then test it. I did this last night and now this morning I am able to get to all the categories I blocked.

2. Agent Update - This is not happening on a regular basis. Even when I force an update it takes doing it a few times before it updates.

3. Going to Sophos Test site or Eicar only works right after a fresh install.

4. A lot of trouble uninstalling and reinstalling. Had to disable system integrity to get rid of all the extensions and services that were not uninstalled. When reinstalling sometimes I had to force the update 4-5 times before it would update to 10.0.2.

Parents
  • 0

    Hi

    Thanks for your feedback. I'm sorry you're having issues, we'd definitely like to help understand what is going on here.

    Does the issue with Web Control always occur right after install, or is it on a change of policy? Sometimes the policy can a few minutes to be retrieved from Central. The Endpoint Self-help Tool may be able to provide some clarity here - open the UI, click About and then the "Run Diagnostic Tool" button.

    Your update/install issue may be related to policy retrieval as the EAP assignment is contained within update policy. With that, there will be no update available until the update policy is retrieved.

    I'm not sure I understand the issue with Sophos Test or Eicar, if you could provide some more details of the issue here I'd be happy to look into it.

    System Extensions remaining after uninstall is a known issue, unfortunately it's an artifact of how we install and how Big Sur manages the extensions. We have informed Apple and are hoping for an API fix or a workaround. In the meantime, this may help:

    https://community.sophos.com/intercept-x-endpoint/big-sur-eap/f/recommended-reads/124391/how-to-remove-system-extensions

    In order to help us with the investigation, please provide an SDU from the affected machine by following these steps:

    • Go into Central, find the device, and click on the generate SDU button
    • Once the sdu is uploaded, post the file name here so we can extract it and take a look
Reply
  • 0

    Hi

    Thanks for your feedback. I'm sorry you're having issues, we'd definitely like to help understand what is going on here.

    Does the issue with Web Control always occur right after install, or is it on a change of policy? Sometimes the policy can a few minutes to be retrieved from Central. The Endpoint Self-help Tool may be able to provide some clarity here - open the UI, click About and then the "Run Diagnostic Tool" button.

    Your update/install issue may be related to policy retrieval as the EAP assignment is contained within update policy. With that, there will be no update available until the update policy is retrieved.

    I'm not sure I understand the issue with Sophos Test or Eicar, if you could provide some more details of the issue here I'd be happy to look into it.

    System Extensions remaining after uninstall is a known issue, unfortunately it's an artifact of how we install and how Big Sur manages the extensions. We have informed Apple and are hoping for an API fix or a workaround. In the meantime, this may help:

    https://community.sophos.com/intercept-x-endpoint/big-sur-eap/f/recommended-reads/124391/how-to-remove-system-extensions

    In order to help us with the investigation, please provide an SDU from the affected machine by following these steps:

    • Go into Central, find the device, and click on the generate SDU button
    • Once the sdu is uploaded, post the file name here so we can extract it and take a look
Children
Unfiltered HTML