what is "Real time protection disabled" high Alert On Sophos Dashboard and how to clean it up ? Thanks

We have a few computer that have Real time protection disabled on Sophos Central, and we no idea how to clean it up. Anyone in here know exactly what is it ? 

  • I receive these alerts daily.  I gather its from a pc being offline when Sophos Central sends out a request to ask its status.  Usually if it comes back online, it goes back green.

  • me too.


    using latest Client versions on PCs, Macs, and servers.

    But getting these alerts regularly.


    Anyone know of a fix?

  • In reply to uk4567:

    I still have not found a full fix for this.  Its usually when the PC is offline.  I usually wait a day or two and it goes back green.  One thing I have found lately is some services have stopped running.  If the services cannot be started in the services.msc, I usually end up having to uninstall and reinstall the client. 

  • In reply to JohnMintz:

    hi I have seen this one before on another place. 

    if the MCS service agent is stops before the other services, it will get a read error and sends the alert. 

    Sophos said they will fix this but we all still waiting. 

  • In reply to avi arditi:

    Phew.. All this while i was thinking i can figure it out and resolve. So its a Bug aint it ??

  • In reply to skyisbluescreen:

    It's a bug that hasn't been fixed in many months and I doubt Sophos will ever fix it. What I suspect is happening is that when an update gets pushed to a computer, it temporarily goes unprotected because well, it's updating the software and needs to turns itself off for a split second to do that. That split second of non-protection triggers the alert.

    It's also laughably stupid that you can't change who gets what emails from Sophos Central. Every little alert is sent to everyone and nope, there's no way you can change that. The CTO gets the same alerts from Sophos as the tier 1 tech support guy you hired last week, so the only solution is for the higher ups to make Email Rules deleting the low end stuff.

    Thanks, Sophos, great job with that!

  • Had this happen to me today with a few endpoints. Sophos had been updating.