This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos System Protection Service

All of my virtual machines running Windows Server 2012 R2 have a security health issue related to the Sophos System Protection Service not running. The windows administrative tool Services reports the status of the service as Starting and not Running. The service can't be stopped or started since the options are greyed out. A restart of the server didn't resolve the issue.



This thread was automatically locked due to age.
Parents Reply
  • Hi Jerome, 

    The fix in our environment is as follows: 

    1- Obtain the Admin Sign-in from Sophos Central for the Endpoint with the issue. 
    2- Open Sophos Endpoint agent on the machine with the issue. Sign in as Admin
    3- Enable the override Sophos Central Policy for up to 4 hours.
    4- Toggle off Tamper Protection and Data Loss Prevention.
    5- Reboot the machine and update the Sophos Endpoint Agent.

Children
  • Hi Ndangi,

    Thanks for your answer. The workaround suggested by Qoosh works fine for my Windows 2012R2.

    I still got an issue with a Windows 10 computer which was auto-isolated previously (before the workaround was provided). Sophos detect all services running fine but PC is still auto-isolated... even if i reomve then install Sophos again.

    So i'm going to try the way you proceed.

    Many thanks,

    Best regards,

    Jérôme.

  • can you check if you have an updated behave.dec under 
    C:\ProgramData\Sophos\Endpoint Defense\Data\DecisionRulesV2\[version]\
    If so, with DLP re-enabled, does the SSPService now start OK?