Hi everyone,


Lately one of our cusotmers are getting a lot of high alerts regarding the What happened: Real-time protection has been disabled on a computer else A computer does not comply with the Sophos Central policy you applied to it.


IS there any fix for this as a number of PC seem to be affected all at once while they are fully protected and updated?



  • Hi Patryk,

    It could be that the machines are shutting down/starting up and Sophos MCS sends a health status back while the Sophos Anti-virus service was not running.  It's also possible that the health of the machine is reported back to Central as Sophos Anti-virus performs a major update where in that time the Sophos Anti-virus service may not be running.

    It would be helpful to determine what's causing this.  If it occurs on start-up, Sophos MCS Client service could be set to delayed start to ensure Sophos Anti-virus starts up before the health status reports back.  If this occurs on shutdown I do not think there's anything that can be done as there's no way to control the order in which services shut down.