What actually throws a "Real Time Detection Disabled" high alert?

Sometimes in the morning when I come in to the office I notice I have "Real Time Detection Disabled" alerts.  The thing that bothers me is that the users and machines this is happening to/on do not have the rights to disable the protection service.  By the time I actually get to checking out the machines, the services are usually back up and running. 

 

Anyone have any words of wisdom here?

  • I was told by support that this can be tripped on shutdown/restart if the services stop out-of-order.  Essentially if the MCS Agent stops *after* the other services, it reads it as an error state and sends the alert.  They told me this was on the radar to be fixed, but that was about a year ago now.

  • In reply to K_M:

    Yeah, it'd be nice if that was cleared up.  It's odd when I have a boss asking after it and I am not able to explain why there are high alerts on the dashboard.  I kinda figured it was an out of order service stop or maybe when the machine is receiving a major Sophos update. 

  • In reply to K_M:

    One more for this too.

    These Alerts regulalrly come up and Look like False Positives.

    When you go into central on the Customer Portal the machine are OK

  • I am also seeing the same....it's a pain in the backside ringing users to get onto their machines to check only to find everything is running as it should. As i've said before, overhead is too big trying to keep on top of clients!

  • In reply to Jay Parmar:

    I guess this hasn't been fixed? I'm sseing this on one machine currently. All services are up and running.

  • This is happening to me too...

  • Hi CharmingYeti,

    As mentioned in the Thread, this is a reported issue and our team is working on it for a fix. Meanwhile, you can refer Sophos Endpoint Self Help - Services and contact support.

  • In reply to Gowtham Mani:

    Hi Gowtham Mani,

    Do you have an ETA on when this fix will be released?

    Thanks.

  • In reply to Jay Parmar:

    Hi Jay Parmar,

    I do not have any ETA as the team is working on it. If there are any new developments, I will keep the thread updated.

  • In reply to Gowtham Mani:

    Thanks Gowtham.

  • In reply to Gowtham Mani:

    Hi Gowtham,

     

    Where will we be able to see when this issue has been fixed. Or if you have created a work around.

  • In reply to Gowtham Mani:

    Hi Gowtham,

     

    Any idea if this issue has been resolved?

     

  • In reply to Jay Parmar:

    I don't think so, I just looked at my dashboard and they are everywhere.

  • In reply to Kim Haymon:

    From what I have read previously stated on this forum, the fix was deployed to have the services with a delayed start to resolve this.

    I may be wrong, but I remember reading this somewhere

  • In reply to Kim Haymon:

    Hi Kim,

    This looks like it requires Support team to investigate and escalate further. I would like to confirm if this issue still comes up after you perform the following steps on any one test machine.

    1. Please go to Run --> Services.msc
    2. Select Sophos Health Service and right-click and select properties.
    3. Please select Startup type as Automatic (Delayed startup) and select OK.
    4. Please reboot the system

    Kindly do let me know if the issue stops post this step. Please do let me know in case you have any case reference for this issue as well.