3CX DLL-Sideloading attack: What you need to know

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New device enrollment now working

i am trying to enroll new galaxy tab 2 device and when i get to the google email i enter afw#sophos as instructed but nothing sophos related installs and I end up at the desktop with no enrollment completed.   

i cannot click on anything in the play store and it just says Android Enterprise.  I have tried on a few different devices all with the same outcome.

can anyone offer any advice?



This thread was automatically locked due to age.
  • We are experiencing the same issue today. When trying to enroll a device, we enter the "afw#sophos" and then it proceeds through the rest of the setup steps without any mention of Sophos, IT managing the device, etc.. Once we get to the home screen of the device after initial setup, Sophos is not installed. When we try to open the play store, we get an authentication error stating that we need to sign back into the google account. When we click the button to "try again" it basically does nothing. Just keeps looping us back to the same screen. Since Sophos is not getting installed, the device is not enrolled, and has no policies or restrictions yet. There is not much we can influence on our side. We have tried on 4 different devices (3 older tablets, and 1 brand new phone). All are acting exactly the same. We have also tried on 3 different networks (1 with our firewall, 2 without any restrictions/security) and all act the same.

  • Hi, just logged a support call, so will see what they have to say.  Tried again this morning and still not working

  • Thanks for the response. I am attempting to do the same. I usually dread contacting Sophos Support, as I've not had the best experiences with them in the past. I am hoping they can get us some help this time. I will keep you posted as well if we find a resolution on our side.

  • i managed to get it done albeit very long exercise using QR code enrollment.

    Set up QR code enrollment

    You must configure the settings that are required to create the QR code and to enroll the device.


    You’ve created a task bundle for QR code enrollment. The task bundle must have an Assign policy task for an Android Enterprise device policy and must not have an Enroll task.

    To set up QR code enrollment:

    1. On the menu sidebar, under SETTINGS, select Setup > Google setup, and then select the QR code enrollment tab.
    2. Select Configure Android Enterprise QR code enrollment.
    3. Under Configure QR code, configure the settings for the device setup:
      • Enable system apps: On Android Enterprise fully managed devices, system apps with a launcher icon are disabled by default. Select this setting to keep all system apps enabled.
      • Language: The language of the Android user interface.
      • Wi-Fi settings: Select the security type of the Wi-Fi connection or select Don’t configure Wi-Fi to configure no network in the QR code. In this case, users must manually connect to a Wi-Fi network when they set up the device.
      • Wi-Fi SSID: The ID of the Wi-Fi network.
      • SSID is hidden: Select this if the Wi-Fi network is hidden.
      • Wi-Fi password: The password for the Wi-Fi network.

      Devices will automatically connect to the Wi-Fi network if it’s available.

    4. Under Configure enrollment, configure how Sophos Mobile manages the device:
      • Task bundle: The task bundle transferred to the device.
      • Device group: The device group devices are assigned to.

    The QR code is displayed on the QR code enrollment tab. You can print it out to use it without access to Sophos Mobile Admin.


    Enroll devices with QR code

    To enroll an Android Enterprise fully managed device with a QR code, you scan the QR code during the initial device setup.


    • You have a Sophos Central account with a User role. You must enter the account credentials during the enrollment process.
    • You have the enrollment QR code available.

    To enroll a device:

    1. Turn on a new device, or reset it to its factory settings if it was already in use.
    2. On the Welcome page of the Android setup assistant, tap six times in the same spot.

      This opens a QR code reader.

      On some devices, you must connect to a Wi-Fi network so that Android can download the QR code reader.

    3. Scan the QR code.
    4. If the QR code doesn’t contain a Wi-Fi configuration, or if the Wi-Fi network isn’t available, connect to a network manually.
    5. Follow the enrollment instructions.

    The device enrolls with Sophos Mobile as an Android Enterprise fully managed device.

    Depending on the device, the setup procedure might be shorter compared to a manual setup. For example, vendor-specific configuration steps might be skipped.

  • Same problem here. Enrolling using AFW#Sophos is not working at the moment. (for a couple of days)
    When entering the AFW#Sophos and pressing next, an Enterprise account is made, but not SOPHOS Enterprise. This making the phone unable to use the QR code.

    I am "ok" right now.. i have 40 phones ready to scan the QR. But i cannot make new ones and we are expecting a rush in new employees soon.

  • Same issue here, reporting can't connect to network after entering afw#sophos.

  • Thanks for the help.

    I tried using this method and it seemed to almost work for me. But it was needing a Sophos Central account with the user role to sign in with on the phone during enrollment process (as stated in pre-requisites). I could not figure out which account to use that would make it work. I also found a couple of other items did not match how we want things set up. So this method won't work for us unfortunately.

    I spoke with Sophos and they created a ticket. Then the engineer never called back. But instead they emailed me super late in the day and asked for irrelevant info and other questions that I had already provided the answer to. I suppose I will just wait a couple more days and see if this is resolved. Worst case scenario, we are considering switching MDM's soon anyway. 

    For anyone else that may be reading this, here is the Sophos Knowledge Base article that most closely matches the issue. I am not getting the error message that it states in the article. But the issue seems to likely be caused by the same root.


  • It's working again. Issue is Resolved.

  • Confirmed working on my end again after resolution posted. Thanks for the heads up!