Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 13 subscribers
  • Views 8086 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Network Threat Protection not running

dwilson

Last week we suddenly had 30+ systems start reporting "Policy non-compliance: Network Threat Protection". When I check the status of one of these devices it shows "Not started: Sophos Network Threat Protection". So far, I've only found one post that gives two possible options on how to resolve this and neither of them have worked for me. The first was that the MS Visual C++ redistributable wasn't installed or broken so reinstall that, the second option was that the BFE (Base Filtering Engine) service wasn't running so make sure that's started.

Also, many systems seem to just resolved them selves somehow.

So, has anyone else managed to figure out how these resolved systems are resolving themselves, or a way to resolve this without completely reinstalling the endpoint software?


Thank you.



This thread was automatically locked due to age.
Parents
  • 0

    Could this be a cause: https://community.sophos.com/kb/en-us/133606  Did they perform a major OS upgrade?

    Regards,

    Jak

  • 0 in reply to jak

    So, while this does appear to be the issue, it indicates that it should resolve itself "on the first update check performed by the Sophos AutoUpdate (SAU) following the OS upgrade". It states this is about 5 minutes after the start of the update service. I've got numerous systems, mine included, that were upgraded from 1803 to 1809 during the first week of May that exhibit this problem. To this day, they are not resolving themselves. The articles doesn't indicate any other measures to take if the automatic process fails. So at this time, our only recourse seems to be to physically visit each system, or remote in, to uninstall Sophos.

    Are there any options I might be missing or am not aware of? Something I can do without disrupting the users?

    Thanks.

  • 0 in reply to dwilson

    You can manually create the key to fix it. E.g.

    [HKEY_CLASSES_ROOT\AppID\{C092D533-8791-42F8-8EBE-DB116F79B4B7}]
    "LocalService"="SophosNtpService"

    For example using the reg.exe command:

    REG ADD "HKCR\AppID\{C092D533-8791-42F8-8EBE-DB116F79B4B7}" /v LocalService/t REG_SZ /d "SophosNtpService" /f

    Then maybe:

    sc.exe start sntpservice

    This isn't a key that is protected by Tamper Protection so no need to disable that first.

    Regards,

    Jak

Reply
  • 0 in reply to dwilson

    You can manually create the key to fix it. E.g.

    [HKEY_CLASSES_ROOT\AppID\{C092D533-8791-42F8-8EBE-DB116F79B4B7}]
    "LocalService"="SophosNtpService"

    For example using the reg.exe command:

    REG ADD "HKCR\AppID\{C092D533-8791-42F8-8EBE-DB116F79B4B7}" /v LocalService/t REG_SZ /d "SophosNtpService" /f

    Then maybe:

    sc.exe start sntpservice

    This isn't a key that is protected by Tamper Protection so no need to disable that first.

    Regards,

    Jak

Children
No Data
Unfiltered HTML