Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
Advisory: Sophos XG Firewall - Antivirus service stopped due to failed pattern update. Please visit this KBA for the latest updates
We'd love to hear about it! Click here to go to the product suggestion community
I installed InterceptX onto a computer and i get following error. "The security health cannot be reported at the moment" in Sophos Central. Is there a fix for this?
Sorry to hear the issue you are facing , you share any snaps or logs on this post . For discretion you may also private message me .
Thanks and Regards
The Sophos Health Service is responsible for creating the registry keys under:HKLM\Software\Wow6432node\sophos\Health\Status
The MCS Agent service reads these to report on the health of the services, so I would suggest:
1. Check that the Sophos Health service exists and is started.
2. Check the above registry key. Does the above key exist but with no values underneath? A working computer could be useful for reference.
3. Does the adapter registry key exist under:HKLM\software\wow6432node\sophos\remote magement system\ManagementAgent\Adapters\SHS and does the DllPath value point to the shsadapter.dll and the file exist in the referenced location. Again checking a working computer for referecence. You may also want to check that the shsadapter.dll is loaded in the MCSAgent.exe process. You can do this with Process Explorer (Sysinternals).
Maybe use Process Monitor (Sysinternals) to monitor what happens when you start the Sophos Health service in terms of the above key. Problems writing the values?
Hope it helps.
In reply to jak:
I have one computer in our network where the Healthservice will not start. I followed your suggestion for looking at a computer with no problems as reference, but i cannot find the registry keys you refer to. I do see the same keys under HKLM\software\sophos....
When i try to start the service on the problem conputer i get an 575 error. All other services are working fine ?
Besides that it is a little bit strange that the option to stop and start this service is available. On computer with no problems stopping and starting teh service is greyed out.
In reply to Hans Prins:
By any chance was an eSata drive connected to that PC?
In reply to Rick DeFilippo:
i have the same issue after cloning sata hdd to SSDThe Health service won t start with 575 error !
In reply to Fabien DUGUE:
I have the same problem as well. Sophos Central for one of my devices says The security health cannot be reported at the moment. On the client computer, the Sophos Health Service won't start Error 575. I cannot uninstall or re-install because tamper protection won't allow me to. I disabled Tamper Protection from Central but the command is not reaching the client because it remains enabled. Suggestions?
In reply to Dennis Lawrence:
Here is what i did to solve the issue
First disable the tamper protection
Reboot the system in normal mode.
After that you can reinstalling the sophos endpoint software
What worked for me:
First disable Tamper Protection in Sophos Web Interface. Then make this changes in Safe Mode
After that reinstall Endpoint Protection (uninstall didn't work the first time don't know why)
Then Uninstall Sophos Endpoint Protection
Delete the Machine from Sophos Web Interface
Reboot the Device and install Sophos Endpoint Protection again.
If you may ask why to uninstall it again. I've tried only to reinstall it but after Activating Tamper Protection again the same error occured so i've testet it with uninstalling and deleting the object and after that everything was fine.
Can these fixes be built into the installer? Asking us to boot into safe mode every time we have these issues is really annoying.
I'm getting this issue on one of our workstations.As others have mentioned, it's kind of ridiculous that we should be expected to boot the workstation in to safe mode and modify the Windows registry to fix this issue.
It's obviously just a bug in Sophos that needs to be addressed.
Come on guys, this is why we pay the big bucks for Sophos...
In reply to Beverly Glen:
Hi Beverly Glen
The Sophos Health Service is responsible for creating the registry keys under HKLM\Software\Wow6432node\sophos\Health\Status. The MCS Agent Service reads these keys to report the Health status. This error occurs when there are problems writing the values, for which Process monitor logs will be helpful to monitor what happens when you start Sophos health Service, in terms of the above keys. I would recommend you to open a support case for in-depth investigation.
Sophos needs to fix the issue in their installer. I have found that the issue occurs when you try to install Sophos after the warning of "It is recommended that you reboot your machine before installing..." but ignore it, and install anyways. Sophos should either require a reboot or prevent you from installing, if this issue is going to occur. We didn't realize this until we had 8-9 computers with the service error. What we've found as a way to fix it, without entering safe mode is to run the commands listed in this KB article:
I did end up scripting this as a batch file and was able to deploy it with PDQ Deploy - group policy wasn't working for us, but other deployment methods should work as long as they run it as admin or as the local service account.
fsutil resource setautoreset true c:\ attrib -r -s -h c:\windows\System32\Config\TxR\* del c:\windows\System32\Config\TxR\* attrib -r -s -h c:\windows\System32\SMI\Store\Machine\* del c:\windows\System32\SMI\Store\Machine\*.tm* del c:\windows\System32\SMI\Store\Machine\*.blf del c:\windows\System32\SMI\Store\Machine\*.regtrans-ms
Echo Onfsutil resource setautoreset true c:\attrib -r -s -h c:\windows\System32\Config\TxR\*echo y | del c:\windows\System32\Config\TxR\*attrib -r -s -h c:\windows\System32\SMI\Store\Machine\*del c:\windows\System32\SMI\Store\Machine\*.tm*del c:\windows\System32\SMI\Store\Machine\*.blfdel c:\windows\System32\SMI\Store\Machine\*.regtrans-msexit
In reply to Jack Beggs:
The version of Sophos Health in the EAP for new features no longer uses the transactional registry APIs so I guess any problems with the dependency on that working goes away in the future.
Any update on this, I noticed this error reoccurring on a clients system, then I had the same issue with my laptop. Looking at our estate there are many systems with the same problem.
In reply to McDuck:
Please have a look at this related post, if it helps.