I recently tried to install a new ubuntu kernel (4.10.0-22). It failed, it seems due to Sophos.

I recently tried to install the latest kernel for ubuntu 17.04 - 4.10.0-22.  It kept failing saying an "operation was not permitted".  When I reported this on the ubuntu bug tracker it was suggested I turn off anti-virus and try again. 

I disabled the on-access scan and tried again, and installation worked.

I had no warnings or alerts from sophos.  I checked that the sophos warnings and emails were on and worked (I tested using the test virus file) and that all worked.

So, somehow sophos is preventing a file access.  I am on the latest version, including talpa.

The ubuntu report with full details is at https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1696132 


  • In reply to DouglasLeeder:

    I am using fanotify as it is easier with Debian kernel

    Once a new kernel is installed I reboot to take it into account, so Sophos is restarted.

    Not a big deal for me

  • Dear all,

    I have the same issue, sophos is blocking upgrades during apt-get upgrade for several packages, often involving the kernel or libreoffice. I always need to manually shut down on-access protection to have these (security) upgrade go through. I am using ubuntu 19.04 and the free version of sophos.


    I don't know about fanotify or talpa, I don't know what either is. It seems sophos is using fanotify in my case. Which one should I be using for this to work?




  • In reply to Philippe Seidel:

    It appears to be a problem with fanotify. At least people seem to have fewer problems with talpa.


    To use Talpa, you need to have kernel headers, gcc and make installed.