Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.

Sophos Endpoint Defense Service not running

windows 10

Sophos Ver :

log link :

  • Hi ,

    Please apply the below steps on the affected machine.

    1. Disable Tamper Protection on the Endpoint if disabling tamper is not applicable you may boot the machine through safe mode by following the KB on this link. Once disabled, boot the device on normal mode.
    2. Set the LaunchProtected flag for Sophos Endpoint Defense Service from 3 (SERVICE_LAUNCH_PROTECTED_ANTIMALWARE_LIGHT) to 0 (SERVICE_LAUNCH_PROTECTED_NONE)
      1. OpenRegistry Editor
      2. Navigate to 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense Service'
      3. Change the LaunchProtected REG_DWORD from 3 to 0
      4. Click OK to confirm the change
      5. Reboot the endpoint for the changes to take effect
    3. If Tamper Protection is enabled again, disable Tamper Protection but try to disable it by entering the password on UI.
    4. Make sure to set the start-up type of the services to "automatic" 
    5. perform force update on the system 2 - 3 times.

    Let me know if this helps solves the issue. 

    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Does the file:

    C:\ProgramData\Sophos\Endpoint Defense\Logs\seds.log exist?  Any errors?