This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intercept X installs only "half" - how can I fix this ?

Hi to all,

on a few computers we installed Intercept X Endpoint.
The installer was downloaded from our Sophos Central Management Console.
The installation finished without error.
All machines are shown in healty state in the Central Management Console.

But some components seem to be missing.
Even though Sophos is running, Windows security reports missing threat protection.



When I rightclick on a file, I'm missing the scan on demand option of Sophos.


Only defender is present.
Thus some components of Intercept X seem not to have installed.

I'd be happy, if somebody can provide a solution to this.

Best regards
ranX



This thread was automatically locked due to age.
  • Hello RanX,

    Thank you for reaching out to the Sophos Community. 

    I recommend ensuring that any pending reboots are completed after the initial installation. Once rebooted, check the Sophos Endpoint UI to see if any further updates need to be installed. 

    You can also use the "Sophos Endpoint Self Help" tool to verify the health and installation status of Sophos Antivirus. 

    You may want to check the directory "C:\Windows\temp" for a file by the name of "avremove.log." If there's another AV product installed/detected on the device, some of Sophos' components may not install fully. 

    Let me know what your findings are.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hi Qoosh,

    thanks for the fast reply !
    All respective computers were installed four days ago.
    Thus all of them have been rebootet at least three times.

    I also have run the update function in the informations menu severeal times.
    This doesn't change anything.
    Self help tells me everything is green.

    The previous AV Suite has been completely uninstalled with no errors before Intercept X came into play.
    A file "C:\Windows\temp\avremove.log" is not present.

    When I download Eicar, it is detected and removed by Defender and not by Intercept X
    I got still no idea, what causes this poor behaviour.
    To be true, I pretty dissapointed by Sophos, as things like these should not happen.
    At least I should receive a big fat warning, that Sophos doesn't run properly.
    Instead: everything green ...
    This doesn't build up trust for the reliablity of Sophos AV.

    As I have to enroll this for the whole company soon, I hope for a quick solution.
    Best Regards

    ranX

  • Hi, please take a look at my recent post about installer using a new FQDN to download packages. Maybe you have a similar issue.

    You can check  the logs here to identify issues the installer may have:

    %ProgramData%\Sophos\CloudInstaller\Logs\

  • Thanks for the hint but I see no issues in the Logfile.

  • is it server or client OS?

  • Client OS.
    The server Installations work.
    On all four clients I enrolled so far, Intercept X isn't fully operational.

  • can you show some screenshots of the Sophos components?

    You find it here:

  • that looks good. not like "half" installed.

    Im only aware that defender will not get disabled on server OS automatically. Which OS Version are you using? Maybe this is a Windows 11 or brand new Windows 10 where eventually Defender acts like on Server OS?

    What if you follow the steps to disable Defender? Does the Scan with Sophos appear in right click then?

  • OS is Win 10 Professional.
    The described behaviour seems to be "global" as it appears on all four computers, where I have enrolled Intercept X til now.

    When Defender is disabled, the situation stays the same.
    No Sophos Scan on rightclick; Windows Security reports issues in the taskbar.