Disclaimer: Please contact Sophos Professional Services if you require assistance with your specific environment.
Microsoft's Process Monitor tool (or other similar tools) reports many access denied messages for Sophos-related processes.
Applies to the following Sophos products and versions:
Restore the computer to a working state. Follow the steps in the Microsoft article https://support.microsoft.com/en-us/windows/backup-and-restore-in-windows-10-352091d2-bb9d-3ea3-ed18-52ef2b88cbef.
The script below uses the Microsoft utility SubInACL to force the Administrators group and local SYSTEM account on three hives of the registry and the system folder on disk. Both are granted full control permission.
C:\Program Files\Windows Resource Kits\Tools
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=fsubinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=fsubinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=fsubinacl /subdirectories %SystemDrive% /grant=administrators=fsubinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=fsubinacl /subkeyreg HKEY_CURRENT_USER /grant=system=fsubinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=fsubinacl /subdirectories %SystemDrive% /grant=system=f
"C:\Program Files\Windows Resource Kits\Tools\reset.cmd"
The permissions will be reset after a few minutes. Errors will pop up about keys that the script can't change, which is normal behavior. It’s recommended to run the script twice, with a restart in between, before continuing to troubleshoot.Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.