Sophos Central Endpoint: Advance troubleshooting for endpoint reporting one or more service not running/Missing

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.


Hi Community,

After following the steps mentioned in Alerts for missing or stopped services for Windows endpoints article for services not running issue, if you are still seeing the error then below steps can be performed on the endpoint to resolve the issue. 

  1. Disable tamper protection on the endpoint via Sophos Central Dashboard.



  2. On the Endpoint, open Sophos shield from Notification bar on the desktop of Sophos, and enter the Admin Password.
  3. Click on settings and check the column to override policy then turn off tamper protection option at the bottom



  4. Open services.msc to view all services running [Windows-Start-Run-services.msc]
  5. Stop Sophos Auto-update service
  6. Rename the following folders:
    a) Go to C:\ProgramData\Sophos\AutoUpdate\data
    b) Rename the "warehouse" folder to "warehouse.old"
    c) Go to C:\ProgramData\Sophos\AutoUpdate.
    d) Rename the "cache" folder to "cache.old"
  7. Rename the file named "SophosUpdateStatus.xml" at the location C:\ProgramData\Sophos\AutoUpdate\data\status
  8. Restart Sophos Auto-update service
  9. Push the Update again from Sophos GUI [Click on “About” at the bottom screen of Sophos UI and click “Update Now”]
    a) Wait for the update to complete



  10. Reboot the computer.

 

Have an idea or suggestion regarding our Documentation, Knowledgebase, or Videos? Please visit our User Assistance forum on the Community to share your idea!



Updated disclaimer
[edited by: Qoosh at 10:06 PM (GMT -7) on 31 Mar 2023]