Sophos Client Connect config file disappears

Hello Sophos Community,

I hope you can help, or at least advise what could be the cause so I can focus my efforts to resolve...



I'm using Client Connect for the end points, connecting from client to Sophos XG. Client Connect uses a configuration file to point to Sophos XG, which is tested, and works if deployed whilst the agent is open and the configuration file is linked (browsed and opened).

As I've 250+ deployments, I'm using GPO (as per KB 133555) to deploy the configuration file to C:\Program Files (x86)\Sophos\Connect\Import


Now here comes the issues / weirdness:

The file deploys, but within seconds disappears. ~Actually any file I copy or create (New > Text Document) within this location disappears. A folder I've since learned stays, and files in that folder remain.

The parent allows for files to be added and remain as well.


Antivirus is in play, however there isn't anything suggesting that this is removing the file(s) from this location.


Any help greatly appreciated.

  • Hi  

    Please suggest which AntiVirus you are using and also please check the behavior after disabling "On-access scanning" of the Anti-Virus.

  • In reply to Keyur:




    Please suggest which AntiVirus you are using and also please check the behaviour after disabling "On-access scanning" of the Anti-Virus.

    The version of AV is Sophos Protection, and "On-access scanning" is enabled by policy, although I've created an exclusion for the configuration file type '.scx' not to be scanned:

    As per there's not anything in the logs to suggest this is the root cause.


    So looking elsewhere reviewing the client connect logs, I found this:

    2019-10-17 10:30:42AM [5816] dbg Auto-import handler called with 'C:\Program Files (x86)\Sophos\Connect\import\SophosVPNConnect.scx'

    2019-10-17 10:30:42AM [5816] dbg Connection SophosVPNConnect in file 'C:\Program Files (x86)\Sophos\Connect\import\SophosVPNConnect.scx' auto-imported successfully

    2019-10-17 10:30:42AM [5816] dbg Sending notification: Connection SophosVPNConnect was auto-imported from file SophosVPNConnect.scx


    2019-10-17 10:36:24AM [5816] dbg Auto-import handler called with 'C:\Program Files (x86)\Sophos\Connect\import\New Text Document.txt'

    2019-10-17 10:36:24AM [5816] err Connection import failed:

    2019-10-17 10:36:24AM [5816] err Failed to auto-import 'C:\Program Files (x86)\Sophos\Connect\import\New Text Document.txt': 1026

    2019-10-17 10:36:24AM [5816] dbg Sending notification: Auto-import of file New Text Document.txt failed


    As soon as a file is dropped to that Import folder a process is executed which attempts to upload the configuration... But in doing so removes the original file in the process. ~Surely the removing of the file isn't correct?


    Any thoughts? Thanks.

  • In reply to Kristopher Rout:


    The issue required further investigation, I would request you to contact technical support and open a service request. Please PM us the service request number.

  • In reply to Keyur:

    Hello Kristopher,


    The behavior is correct and intentional. We want the admin to be able to push connection file via GPO to that folder. As soon as the client reads in that file and creates a connection it is no longer required and hence SC deletes it from that folder. This is so no one gets access to that file.