File Scanner: Failed to create restricted process: The handle is invalid.

Getting the error on all of our application (virtual) servers for a health physics server:


  • Launching worker
  • Error: Failed to create restricted process: The handle is invalid
  • SED Async Comm initialized

Searched and I can't find any useful information, so I thought I'd try the community before I submit a support request.

Windows Server 2012
Core Agent: 2.6.0
Server A/V: 10.8.6
Intercept X: 2.0.16

Any ideas?


  • Hello  

    Can you please check if there is any GPO set for any of the Sophos Services, and the Cryptographic services? If so please remove this and do a gpupdate, and try to start the Sophos File Scanner service again?

  • In reply to DianneY:

    Great first thought, I am impressed.
    These servers are all encrypted at the (NetApp) SAN level since the databases hold PII information.

    Is that a deal breaker for the File Scanner?

  • In reply to Michael McGee:


    I have reviewed the error message you have in the logs and found that there is already one Jira ticket open on which development team is working. 

    Have you already created any case till now? If yes, please PM me the case number. I'll let you know the required logs needed to escalate it further.

    If not, please PM me the license number, I'll open a case.

  • In reply to Michael McGee:


    If you have GPO's for Sophos services, please have a look at this article. Regarding GPO's for Cryptographic services and Sophos File Scanner, I would suggest following  's recommendation on having a ticket opened for further review since we have a Jira for it already in place.

  • In reply to Michael McGee:


    I just wanted to follow up with you on this thread, are you still facing the issue?