Thread Info
  • State Suggested Answer
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 6 subscribers
  • Views 9442 views
  • Users 0 members are here
Options
Suggested

Sophos Intercept X with EDR - EAP 10.0.2 - Services not working

Jeffrey Bodine

A lot of the services and protection features are not working. I am running Big Sur 11.1.

1. Web Control - Blocking certain categories - It only works after I do a uninstall and install of the program, sync with Sophos Central, and then test it. I did this last night and now this morning I am able to get to all the categories I blocked.

2. Agent Update - This is not happening on a regular basis. Even when I force an update it takes doing it a few times before it updates.

3. Going to Sophos Test site or Eicar only works right after a fresh install.

4. A lot of trouble uninstalling and reinstalling. Had to disable system integrity to get rid of all the extensions and services that were not uninstalled. When reinstalling sometimes I had to force the update 4-5 times before it would update to 10.0.2.

Parents
  • 0

    Hi

    Thanks for your feedback. I'm sorry you're having issues, we'd definitely like to help understand what is going on here.

    Does the issue with Web Control always occur right after install, or is it on a change of policy? Sometimes the policy can a few minutes to be retrieved from Central. The Endpoint Self-help Tool may be able to provide some clarity here - open the UI, click About and then the "Run Diagnostic Tool" button.

    Your update/install issue may be related to policy retrieval as the EAP assignment is contained within update policy. With that, there will be no update available until the update policy is retrieved.

    I'm not sure I understand the issue with Sophos Test or Eicar, if you could provide some more details of the issue here I'd be happy to look into it.

    System Extensions remaining after uninstall is a known issue, unfortunately it's an artifact of how we install and how Big Sur manages the extensions. We have informed Apple and are hoping for an API fix or a workaround. In the meantime, this may help:

    https://community.sophos.com/intercept-x-endpoint/big-sur-eap/f/recommended-reads/124391/how-to-remove-system-extensions

    In order to help us with the investigation, please provide an SDU from the affected machine by following these steps:

    • Go into Central, find the device, and click on the generate SDU button
    • Once the sdu is uploaded, post the file name here so we can extract it and take a look
  • 0 in reply to David Lancaster

    The issue with web control seems to happen well after install. For example, last night I did a fresh install, synced with central and it was blocking the appropriate categories. As of this morning web control was no longer working. I haven't changed any policies either.

    As for Sophos Test and Eicar, what I meant was when I download the test files I do not get any alerts. Again, the alerts work right after a fresh install but then they stop working after a while.

    I have two iMacs. Here are the SDU file names:

    1e99c700-3b11-f42e-7806-a89b28c94d3c_2021-01-28-20-16-36.zip

    7836ba2c-e132-74fc-db25-d141b342a2cf_2021-01-28-20-16-13.zip

  • 0 in reply to Jeffrey Bodine

    Thanks Jeffrey - the SDUs were very helpful - there's a crash log for the network extension in there that explains the issues you're seeing. We have an engineer working on that crash right now and will have a fix in place for GA.

Reply Children
No Data
Unfiltered HTML