This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos System Protection Service

All of my virtual machines running Windows Server 2012 R2 have a security health issue related to the Sophos System Protection Service not running. The windows administrative tool Services reports the status of the service as Starting and not Running. The service can't be stopped or started since the options are greyed out. A restart of the server didn't resolve the issue.



This thread was automatically locked due to age.
Parents
  • Hi Craig,

    Thanks for reaching out to the Sophos Community Forum.

    If you're unable to interact with the services, this may be due to Tamper Protection being enabled. 

    Try sharing some of the recent log lines from the following log file. 
    -  C:\ProgramData\Sophos\Endpoint Defense\Logs\SSP.log

    You may also want to check for any errors in windows event viewer as well.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hi Qoosh, 

    I have a similar is, but it seems to be affecting only my windows 10 and 11 endpoints. 

    Investigation from windows 11:

    Edition Windows 11 Enterprise
    Version 22H2
    Installed on ‎9/‎27/‎2022
    OS build 22621.521
    Experience Windows Feature Experience Pack 1000.22634.1000.0

    Endpoint Advanced 10.8.11.4

    SophosIntercept X 2.0.25


    When checking the logs I get the error below:  C:\ProgramData\Sophos\AutoUpdate\Logs

    2022-10-13T13:16:04.896Z [11180: 1240] I Checking service "Sophos System Protection Service" is running...
    2022-10-13T13:16:04.896Z [11180: 1240] W >> NO: Service "Sophos System Protection Service" is not running.
    2022-10-13T13:17:51.788Z [11180: 1240] I >> FIXING: Starting service "Sophos System Protection Service"...
    2022-10-13T13:17:51.789Z [11180: 1240] I >> FIXING: Service "Sophos System Protection Service" is starting. Waiting for it to start.
    2022-10-13T13:30:12.933Z [11180: 1240] W Service Sophos System Protection Service timed out (exceeded 240000ms, while waiting to change status from 2.

    Actions taken: 

    1- Updated Sophos endpoint XDR

    2- Rebooted, issues still persist.

    3- Installed Sophos XDR in an attempt to repair any issues. 

    4- reboot. The issue still persists.

    Any suggestions on a fix are welcome.
     

Reply
  • Hi Qoosh, 

    I have a similar is, but it seems to be affecting only my windows 10 and 11 endpoints. 

    Investigation from windows 11:

    Edition Windows 11 Enterprise
    Version 22H2
    Installed on ‎9/‎27/‎2022
    OS build 22621.521
    Experience Windows Feature Experience Pack 1000.22634.1000.0

    Endpoint Advanced 10.8.11.4

    SophosIntercept X 2.0.25


    When checking the logs I get the error below:  C:\ProgramData\Sophos\AutoUpdate\Logs

    2022-10-13T13:16:04.896Z [11180: 1240] I Checking service "Sophos System Protection Service" is running...
    2022-10-13T13:16:04.896Z [11180: 1240] W >> NO: Service "Sophos System Protection Service" is not running.
    2022-10-13T13:17:51.788Z [11180: 1240] I >> FIXING: Starting service "Sophos System Protection Service"...
    2022-10-13T13:17:51.789Z [11180: 1240] I >> FIXING: Service "Sophos System Protection Service" is starting. Waiting for it to start.
    2022-10-13T13:30:12.933Z [11180: 1240] W Service Sophos System Protection Service timed out (exceeded 240000ms, while waiting to change status from 2.

    Actions taken: 

    1- Updated Sophos endpoint XDR

    2- Rebooted, issues still persist.

    3- Installed Sophos XDR in an attempt to repair any issues. 

    4- reboot. The issue still persists.

    Any suggestions on a fix are welcome.
     

Children