This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

An account appeared unexpectedly named Sophos Endpoint (Mac 10.10.3). Why has this happened? What can/should I do about it?

I have discovered that after logging into my user account (Mac 10.10.3) that I am not actually in my user account but an account that appeared unexpectedly named Sophos Endpoint. Why has this happened? What should I do about it, since I seem to be unable to get to my files or use my account password to take any action. I had just performed an upgrade to 10.10 from 10.7 and I expect this caused the problem. I will go back to 10.7 and remove SAV in the hopes that this does not re-occur, and considering all the problems reported with 10.11.x I will be waiting for news that it is supported correctly. I am also assuming that I ended up in this endpoint user because my own user was compromised. It would be helpful to understand the cause and without knowing what is happening I am uncomfortable both using and recommending sophos. It takes a lot of time to prepare for such an upgrade. Please advise users of a safe way to make such a migration if leaving SAV in place causes such problems. Excuse the wordiness. I did look for similar questions, and I did not really find a match so I apologize in advance if I missed anything. Thanks to all of you for your help in advance.



This thread was automatically locked due to age.
  • Completely removing Sophos AV seems to have worked to return all my files to me. I'd still like to understand why this occurs. I will be reinstalling SAV after I finish backing up my successful migration. Thanks for reading!
  • We automatically create an account called "_sophos" when we install the software. Its full name is "Sophos Endpoint". If you run the uninstall app we will automatically remove that user from your system.

    We needed to do this because we no longer run all of our software as root, and we didn't want to "borrow" any of Apple's standard accounts. We have intentionally disabled login to the account, and limit its access to the rest of your system: it can't do anything that requires privileges, and it cannot access the private data of any other users on the system. This is a fairly standard security technique for UNIX-y systems (which includes Mac OS X).

    ---

    Bob Cook (bob.cook@sophos.com) Director, Software Development