What actually throws a "Real Time Detection Disabled" high alert?

Sometimes in the morning when I come in to the office I notice I have "Real Time Detection Disabled" alerts.  The thing that bothers me is that the users and machines this is happening to/on do not have the rights to disable the protection service.  By the time I actually get to checking out the machines, the services are usually back up and running. 


Anyone have any words of wisdom here?

  • I was told by support that this can be tripped on shutdown/restart if the services stop out-of-order.  Essentially if the MCS Agent stops *after* the other services, it reads it as an error state and sends the alert.  They told me this was on the radar to be fixed, but that was about a year ago now.

  • In reply to K_M:

    Yeah, it'd be nice if that was cleared up.  It's odd when I have a boss asking after it and I am not able to explain why there are high alerts on the dashboard.  I kinda figured it was an out of order service stop or maybe when the machine is receiving a major Sophos update. 

  • In reply to K_M:

    One more for this too.

    These Alerts regulalrly come up and Look like False Positives.

    When you go into central on the Customer Portal the machine are OK

  • I am also seeing the same....it's a pain in the backside ringing users to get onto their machines to check only to find everything is running as it should. As i've said before, overhead is too big trying to keep on top of clients!

  • In reply to Jay Parmar:

    I guess this hasn't been fixed? I'm sseing this on one machine currently. All services are up and running.