Sophos Intercept X with EDR - EAP 10.0.2 - Services not working

A lot of the services and protection features are not working. I am running Big Sur 11.1.

1. Web Control - Blocking certain categories - It only works after I do a uninstall and install of the program, sync with Sophos Central, and then test it. I did this last night and now this morning I am able to get to all the categories I blocked.

2. Agent Update - This is not happening on a regular basis. Even when I force an update it takes doing it a few times before it updates.

3. Going to Sophos Test site or Eicar only works right after a fresh install.

4. A lot of trouble uninstalling and reinstalling. Had to disable system integrity to get rid of all the extensions and services that were not uninstalled. When reinstalling sometimes I had to force the update 4-5 times before it would update to 10.0.2.

Parents
  • Hi

    Thanks for your feedback. I'm sorry you're having issues, we'd definitely like to help understand what is going on here.

    Does the issue with Web Control always occur right after install, or is it on a change of policy? Sometimes the policy can a few minutes to be retrieved from Central. The Endpoint Self-help Tool may be able to provide some clarity here - open the UI, click About and then the "Run Diagnostic Tool" button.

    Your update/install issue may be related to policy retrieval as the EAP assignment is contained within update policy. With that, there will be no update available until the update policy is retrieved.

    I'm not sure I understand the issue with Sophos Test or Eicar, if you could provide some more details of the issue here I'd be happy to look into it.

    System Extensions remaining after uninstall is a known issue, unfortunately it's an artifact of how we install and how Big Sur manages the extensions. We have informed Apple and are hoping for an API fix or a workaround. In the meantime, this may help:

    https://community.sophos.com/intercept-x-endpoint/big-sur-eap/f/recommended-reads/124391/how-to-remove-system-extensions

    In order to help us with the investigation, please provide an SDU from the affected machine by following these steps:

    • Go into Central, find the device, and click on the generate SDU button
    • Once the sdu is uploaded, post the file name here so we can extract it and take a look
  • Hi David, I forgot to mention that Synchronized Application Control is not woking either.

Reply Children
  • Hi, upgraded to 10.0.3. Web Control is not working. Synchronized Application Control appears to be working. When downloading files from Sophos Test site and clicking on categories notifications center alerts are not popping up. Same thing if I try to download files from eicar. No  alerts. I uninstalled and reinstalled. I ran the Mac OS 11.2.1 last night. SDU name acd0b04b-e0c4-a477-a871-7e6c2615bc38_2021-02-11-01-14-56.zip