Sophos Central Endpoint: Advance troubleshooting for endpoint reporting one or more service not running/Missing

Disclaimer: This information is posted as-is and the content should be referenced at your own risk

Hi Community,

After following the steps mentioned in Alerts for missing or stopped services for Windows endpoints article for services not running issue, if you are still seeing the error then below steps can be performed on the endpoint to resolve the issue. 

  1. Disable tamper protection on the endpoint via Sophos Central Dashboard.

  2. On the Endpoint, open Sophos shield from Notification bar on the desktop of Sophos, and enter the Admin Password.
  3. Click on settings and check the column to override policy then turn off tamper protection option at the bottom

  4. Open services.msc to view all services running [Windows-Start-Run-services.msc]
  5. Stop Sophos Auto-update service
  6. Rename the following folders:
    a) Go to C:\ProgramData\Sophos\AutoUpdate\data
    b) Rename the "warehouse" folder to "warehouse.old"
    c) Go to C:\ProgramData\Sophos\AutoUpdate.
    d) Rename the "cache" folder to "cache.old"
  7. Rename the file named "SophosUpdateStatus.xml" at the location C:\ProgramData\Sophos\AutoUpdate\data\status
  8. Restart Sophos Auto-update service
  9. Push the Update again from Sophos GUI [Click on “About” at the bottom screen of Sophos UI and click “Update Now”]
    a) Wait for the update to complete

  10. Reboot the computer.


Have an idea or suggestion regarding our Documentation, Knowledgebase, or Videos? Please visit our User Assistance forum on the Community to share your idea!