Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 13 subscribers
  • Views 8090 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Network Threat Protection not running

dwilson

Last week we suddenly had 30+ systems start reporting "Policy non-compliance: Network Threat Protection". When I check the status of one of these devices it shows "Not started: Sophos Network Threat Protection". So far, I've only found one post that gives two possible options on how to resolve this and neither of them have worked for me. The first was that the MS Visual C++ redistributable wasn't installed or broken so reinstall that, the second option was that the BFE (Base Filtering Engine) service wasn't running so make sure that's started.

Also, many systems seem to just resolved them selves somehow.

So, has anyone else managed to figure out how these resolved systems are resolving themselves, or a way to resolve this without completely reinstalling the endpoint software?


Thank you.



This thread was automatically locked due to age.
  • 0

    Could this be a cause: https://community.sophos.com/kb/en-us/133606  Did they perform a major OS upgrade?

    Regards,

    Jak

  • 0 in reply to jak

    Yes, these did all freak out after the update. And many did resolve themselves but a lot didn't. My own desktop and laptop have been rebooted and such a few times and still aren't running right so I couldn't figure out what was causing some to resolve themselves. From what this article describes it's exactly what is happening. And it appears I just need to wait for Sophos to be in the mood to fix itself.

     

    Thanks!

  • 0 in reply to dwilson

    If you change under:
    HKEY_LOCAL_MACHINE\SOFTWARE\[WOW6432Node]\Sophos\AutoUpdate\

    PlatformRelease

    to a different version than the current OS version then it will similulate the OS upgrade.  For example, if they updated to 1809, maybe set them to 1808.  It only cares about the string being different but the next update will run all the setup plugins and fix MTD.

    Tamper Protection would need to be disabled to change that value.

    Regards,

    Jak

  • 0 in reply to jak

    So, while this does appear to be the issue, it indicates that it should resolve itself "on the first update check performed by the Sophos AutoUpdate (SAU) following the OS upgrade". It states this is about 5 minutes after the start of the update service. I've got numerous systems, mine included, that were upgraded from 1803 to 1809 during the first week of May that exhibit this problem. To this day, they are not resolving themselves. The articles doesn't indicate any other measures to take if the automatic process fails. So at this time, our only recourse seems to be to physically visit each system, or remote in, to uninstall Sophos.

    Are there any options I might be missing or am not aware of? Something I can do without disrupting the users?

    Thanks.

  • 0 in reply to dwilson

    You can manually create the key to fix it. E.g.

    [HKEY_CLASSES_ROOT\AppID\{C092D533-8791-42F8-8EBE-DB116F79B4B7}]
    "LocalService"="SophosNtpService"

    For example using the reg.exe command:

    REG ADD "HKCR\AppID\{C092D533-8791-42F8-8EBE-DB116F79B4B7}" /v LocalService/t REG_SZ /d "SophosNtpService" /f

    Then maybe:

    sc.exe start sntpservice

    This isn't a key that is protected by Tamper Protection so no need to disable that first.

    Regards,

    Jak

Unfiltered HTML