I recently tried to install a new ubuntu kernel (4.10.0-22). It failed, it seems due to Sophos.

I recently tried to install the latest kernel for ubuntu 17.04 - 4.10.0-22.  It kept failing saying an "operation was not permitted".  When I reported this on the ubuntu bug tracker it was suggested I turn off anti-virus and try again. 

I disabled the on-access scan and tried again, and installation worked.

I had no warnings or alerts from sophos.  I checked that the sophos warnings and emails were on and worked (I tested using the test virus file) and that all worked.

So, somehow sophos is preventing a file access.  I am on the latest version, including talpa.

The ubuntu report with full details is at https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1696132