Issue: Sophos Central Admin – US-West region - Delays with the enforcement of Central policies on managed endpoints.

Hey fellow Sophos Central users.

This thread has grown quite long, and for the last several months there has been very little real insight or action from Sophos.

Make your voices heard outside of this thread.  There are several IT software review platforms that can be used to share your experiences.

Gartner Peer Insights - https://www.gartner.com/reviews/market/Cloud-Workload-Protection-Platforms/vendor/sophos?pid=12411

G2Crowd - https://www.g2crowd.com/products/sophos-endpoint-security/reviews

TrustRadius - https://www.trustradius.com/products/sophos-endpoint-protection/reviews

Thanks for this. I will definitely be making my voice heard at Gartner.

Sophos shouldn't be listed anywhere on the Quadrant at this time with the state of its Cloud software in such disarray. 

On Monday Michael Anderson SVP of Global Technical Services responded to my email stating that they expected the RCA for this to be posted "by the end of this week". Given that the pre-requisite to posting said RCA was they needed to be sure it was properly fixed, things are looking good!

I expect to see Michael share the good news and RCA here either today or tomorrow.

Regarding Gartner; We partner with them regularly and my manager whom I have been keeping apprised of the headaches is attending the Gartner conference. We are also looping in our tech product and services vendor.

Hi again:

The one thing I need to know!! ANYONE??

How can an Admin (myself) stop Sophos from running on a workstation?? A command or something that will Terminate Sophos "NOW" AS IN "RIGHT FRIGGIN NOW" NOT IN TEN MINS, NOT 30 MIN...NOT AFTER A REBOOT...BUT NOW!!!!!

I had other A/V installations and all I needed to do was enter the admin password and it would start the A/v shutdown procedure. Simple.

I need this same ability in Sophos. If it cannot be done, then we have the Wrong Vendor and the Wrong Product.

EG: User had a deadline, Sophos service was taking over 57% cpu and Excel was having slowness issues. (maybe not related but I needed sophos to leave the picture)

I told her I would terminate Sophos and see if that would help. 

Sadly, and struggle as I did, I could not do it. She missed the deadline for her report. She looks bad...I looked bad and in turn Sophos looks pile of steaming dung.

While attempting to stop Sophos, yes I disabled Tamper proof on her workstation, still failed to stop. Disable tamper Domain wide.....still didn't stop.

Tried to Uninstall Sophos.....failed...please turn off Tamper protection.......well I can tell you...ITS ALREADY OFF DAMN YOU..

This is absurd.

Sophos likes to make things difficult. Disabling tamper protection doesn't automatically stop Sophos, but allows you to stop services and bypass some policies if need be. Turn off tamper protection and open your clients Sophos client. Then go to settings and override all your policies. Next, go to task manager. Under the services tab you can kill each service individually. Stopping SAVService stops the AV. Let me know if that helps.

Trevor - that would be true if disabling Tamper Protection worked correctly.  It does not.  I have had many occurrences like what Howiedog described above.  Many times you tell it to disable Tamper Protection, but it keeps running for hours if it ever shuts off.  The program and/or Central is broken and often unusable.  If we weren't stuck in a contract, we would be LONG GONE.  I advise anyone to think twice before buying this untested and unreliable product.

Keith

Are you guys trying to disable tamper protection from within the Sophos Console? Sophos Console is buggy garbage right now, and I don't know if Sophos is doing anything to actually fix this since it's been going on for two months with almost no communication. I bypass this by going to the Console and getting the "Tamper Protection Password Details" and copying the tamper protection password. Then go to the users Sophos client and input that password. It's always worked for me and is very fast.

Yes Trevors workaround is good for tamper protection, but in general the overall issue is delays in changes being pushed from Central to end point clients. Disabling tamper protection from console is the same as pushing a policy change, and we all know that this is a general issue with Sophos Central. Sometimes policy changes push within 3 minutes, sometimes they take hours or even days.

Hmmmmmm

It would seem like this very statement proves the commitment we will get from Sophos going forward and how much they care about Sophos central being an absolute SLUG. Months without communication. Wow really.

I have been lied to, product has been misrepresented and does not fulfill its obligations. 

I no longer want to be a part of this Beta test and I want a 100% refund along with a 10% aggravation/frustration/swearing fee.

Guessing all their R&D development $$$$ goes in to Marketing. Seem like a lot of people bought into this catastrophe with empty promises.

I am going to capture this screen shot and statement which indicates this Software is as you say ...GARBAGE. (edit: spelling)  

Poor gal that sold me this is not going to be happy after I give her a piece of my mind. Good way to ruin her weekend. Oh well, not my problem.

Does Sophos have a "TOOL" to remove their agents from workstations/.

Oh why in the world would they make that easy either??????? You have to do the tamper protection key and then uninstall manually as far as I know.

I know the feeling during our purchase we had some issues with the pricing vs quote and I could not talk with the sales manager,

He was in the Bahamas or some place like that because they had "hit there numbers" would hope they would have put that $$$ to building a better product.

I know the feeling during our purchase we had some issues with the pricing vs quote and I could not talk with the sales manager,

He was in the Bahamas or some place like that because they had "hit there numbers" would hope they would have put that $$$ to building a better product.