Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 15 subscribers
  • Views 4128 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Real time protection disabled on Mac OS endpoint

Owen Brearley

2 of our Mac OS endpoints are showing the same high severity alert. Both of these were installed by the end-user using an installer and instructions that we provided for them. I'm wondering if they failed to give Sophos the correct security permissions at the end of the install process. Unfortunately is has been hard to get a hold of them. I sent them this link https://support.sophos.com/support/s/article/KB-000039014?language=en_US but never heard back. I have 2 main questions:

1. These alerts are marked as having occurred 8 days or more in the past and everything but the "legacy" services are showing as running.. Does that mean that they are ongoing or that they have been resolved and I should simply acknowledge them? The alert shows up in the device's Status page ( screenshot below ) and the customer's "Alerts" section in Sophos Central Admin. 

2. If this is an ongoing issue what is the best way to resolve it? There is a "Reinstall Endpoint Protection" option available but I'm thinking maybe connecting to the machines via remote control and using the instructions in the link above would be more reliable. 



This thread was automatically locked due to age.
Parents
  • 0

    Hello Owen,

    The alerts are simply to notify you of the issue and regardless of the machine status, you would need to acknowledge them yourself. Based on your screenshot, the issue is still happening - the user needs to follow the steps from the article that you already sent - specifically:

    1. Open System Preferences.
    2. Open Security & Privacy.
    3. There should be a prompt asking to approve Sophos extensions.

    If that fails, the next step would be to do what GlennSen suggested with Recovery mode command. 

    Fixing that will get the services into a green state. You can acknowledge the alert when all services are green, or acknowledge the alert now, as it will not affect the machine status - it really depends what you are using to keep an eye on current issues - machines health status (orange\red\green) or alerts. Some of our customers keep the alert open until the issue is completely resolved and some create a ticket with their own internal IT, then acknowledge the alert. 

    Hope that helps! Please let me know if you have any further questions! 

    If a post solves your question please use the 'Verify Answer' link.

  • 0 in reply to PavSupport

    Thanks for the assistance everyone. Both users are reporting that there is no entry for Sophos requesting access under Security and Privacy. Physically getting my hands on these machines would be very difficult right now so I'm not sure that I can access the recovery console. I can gain remote access though. Maybe a removal and re-installation of the client? It is interesting that only the "Legacy" services are failing. One Mac is report that they are running. 10.16. I thought that Big Sur was version 11 but it looks like 10.16 might be Big Sur as well. If this is the case what is the best way forward? I cannot get them to downgrade their operating system. 

Reply
  • 0 in reply to PavSupport

    Thanks for the assistance everyone. Both users are reporting that there is no entry for Sophos requesting access under Security and Privacy. Physically getting my hands on these machines would be very difficult right now so I'm not sure that I can access the recovery console. I can gain remote access though. Maybe a removal and re-installation of the client? It is interesting that only the "Legacy" services are failing. One Mac is report that they are running. 10.16. I thought that Big Sur was version 11 but it looks like 10.16 might be Big Sur as well. If this is the case what is the best way forward? I cannot get them to downgrade their operating system. 

Children
Unfiltered HTML