[Sophos Notification] Sophos Mac Endpoint - Intermittent hang of web browsing

Hi everyone,

Sophos Support has had reports of Apple Mac OS systems where web browsing stops while Sophos is installed. Currently, this is under high priority investigation do determine the cause and correct the issue.

For more information, please refer to the below article:

  • The KB hasn't been updated in the past few days, what's the status on this?

  • In reply to Trojan Horse:

    Hi  

    Our Global Escalation team and development team is working on the issue and analyzing all the possible scenarios using the different logs from the customers.

    Once, we have any update on the bug ticket, we'll surely update this forum to make all the users aware of.

  • In reply to Jasmin:

    Looks like you aren't keeping your end of the bargain, as there was an update on Friday about this. It's absolutely shocking to me that a problem with this level of issue, with seems to be the highest level of priority, the company isn't even getting the proper information out to customers. It takes a non-employee to update a public facing forum, three days after the fact. Wow.

    For those without a ticket on this problem, here is the update from Friday:

    -------------

    Status as at 11am Friday 27th September.

    Investigations are ongoing into the issue of browsers not responding on macOS, the development team are treating this with the highest priority and have now narrowed the investigation down to machines running SAV for macOS 9.9.3 and 9.9.4. But examination of the data gathered from the Sophos Diagnostic Utility (SDU) logs does not show any particular pattern of macOS, hardware configuration or indeed the presence of any particular third party software. Since we cannot reproduce the issue in-house the development team have setup multiple machines that are running continuously with automated tooling with the aim of reproducing the issue.

    The team have also reviewed the 9.9.3 and 9.9.4 code and have reported that no direct changes were made in the affected area in either of these releases. They did rebuild the entire endpoint with the latest version of XCode which is a standard procedure but a review has not brought anything of interest to the investigation so far, the team are now looking in more depth at changes between earlier versions of SAV for macOS and the affected 9.9.3 and 9.9.4 versions to see if this will highlight any areas for further investigation.

    We continue our investigation with the highest priority and will provide another status mail after having found the cause or Friday next week, whatever is earlier.

  • This is !@#$ up my life right now. Why do you have a Mac issue every other week? Sophos is absolutely the worst Mac product I've ever used. There a concept called "Do no harm" You should study and learn it well. 

     

    BTW the fix is too restart your computer, sometimes 4 times until this clears.

  • Can we get an update on this? Seriously, this is a joke.

  • I ended up removing Sophos Endpoint from my MacBook Pro because the slowness outstripped the value of the product. I really home that Sophos can turn this ship around and provide some quantitative changes that can be proven that this product is not slowing down all operations on the system. I was monitoring Activity Monitor every 30 minutes and EVERY time I reviewed my CPU hogs, Sophos was at the top chewing up greater than 50% CPU, sometimes pegging the processor on my 4 core i7 system.  I finally decided that my battery life and performance was going to be worth the risk of removing the intrusive scanning/updating/whatever else this thing was doing in the background.

    I've been a long time supporter of Sophos, but their rapid growth and acquisitions/feature creep feels like they may have run too fast and not optimized the code in the process.

    Please give us some assurance that you're going to right this ship Sophos.

    Regards,

    -Scott

  • In reply to Scott Mickelson:

    Workaround

    No workaround has been confirmed yet, however turning off Real Time Scanning - Internet and Web Control will likely avoid the issue, as this should avoid the interception occurring, however this has not been fully confirmed yet.
     
    As Recommended, I am going to disable these and see if it helps however I am not holding my breath. This types of fixes never worked in the past.
     
     
     
     
     
     
     
     
  • In reply to I T1:

    The workaround that we are currently deploying is to remove it from our machines. Nothing else helped.

  • Update: October 28, 2019 - Development has tested a fix, both internally and with customers. During this time, the issue no longer occurred. As such, we are confident that the changes included in this fix are successful at correcting the issue. These changes will be incorporated into the release version 9.9.6, which we will be rolling out to Central customers around the end of November / beginning of December.

    As a workaround, we have made a modified version of 9.9.4 available until 9.9.6 is released. Any customers who want this will need to contact support, and it will be applied to all Macs for the customer. Please note that going on this special, you will not get the 9.9.5 release (Mid-November), and be placed in the first group for the 9.9.6 release. The 9.9.5 release contains two major changes, Sophos’ new Managed Threat Response (MTR) protection for Mac (https://www.sophos.com/en-us/products/managed-threat-response.aspx), and a pop-up notification for any permissions issues on Mac OS 10.15 Catalina. 9.9.6 will include everything in 9.9.5 when it releases.

    To determine if you have the special build:

    1. Open the Sophos Endpoint GUI
    2. Option+Click on About (lower right)
    3. The version displayed will be 9.9.4 (217546) if you are on the special build.

    Reference: https://community.sophos.com/kb/en-us/134640