This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I have never seen this before

Today I am seeing a popup on my laptop that notifies me that "On access scanning is disabled".

When I check in Sophos Endpoint Security and Control (on the laptop), under status it shows On Access Scanning as enabled.

I also noticed that "Authenticate User" is greyed out, despite the fact that in the UTM > Endpoint Protection > Computer Management > Advanced I have Tamper Protection configured with a password.

I also see that in the Endpoint Protection Staus that my laptop is being shown as "Out of Date". Could not understand why, but I did a manual update on the laptop, but it was reported that all files were up to date.

I ran a manual scan of the laptop (as both the user and as administrator) and nothing was identified.

This only started today.
Prior to this, everything was working as you would expect and Tamper Protection was enabled/enforced on the laptop by the UTM.
The Tamper Protection log is empty.

No configuration changes have been made to the UTM for a few months.
Something very weird is going on here, but I have no idea what it is, nor how to address this issue.

 

(Sophos UTM Release 9.505-4)



This thread was automatically locked due to age.
Parents
  • I don't know if I have fixed this problem or not, but things are looking better today. Don't know if this will last... I will have to wait and see.

    In the UTM the computer object showed that tamper protection was enabled, but it wasn't.
    I should note, on further investigation I found most of the computers in my network were being reported as "Out of Date" or tamper protection was not enabled on them.

    On the computer:





    On the UTM


    Working on the theory that something really screwy had happened, I chose to do the following:

    * delete the managed computers out of Endpoint Protection > Computer Management > Manage Computers
    * download the Endpoint Installation Package again and install it on the affected computers

    After doing this, tamper protection is being enforced again on the computers by the UTM.

    As I said, this problem seemed to happen over a single day. Prior to that, nothing appeared to be wrong.
    Not real happy that I have had to reinstall the endpoint client again on all workstations, but nothing (and I tried lots of things) fixed the problems on the computers.
    This was not a virus on a single computer, as it was network wide.

Reply
  • I don't know if I have fixed this problem or not, but things are looking better today. Don't know if this will last... I will have to wait and see.

    In the UTM the computer object showed that tamper protection was enabled, but it wasn't.
    I should note, on further investigation I found most of the computers in my network were being reported as "Out of Date" or tamper protection was not enabled on them.

    On the computer:





    On the UTM


    Working on the theory that something really screwy had happened, I chose to do the following:

    * delete the managed computers out of Endpoint Protection > Computer Management > Manage Computers
    * download the Endpoint Installation Package again and install it on the affected computers

    After doing this, tamper protection is being enforced again on the computers by the UTM.

    As I said, this problem seemed to happen over a single day. Prior to that, nothing appeared to be wrong.
    Not real happy that I have had to reinstall the endpoint client again on all workstations, but nothing (and I tried lots of things) fixed the problems on the computers.
    This was not a virus on a single computer, as it was network wide.

Children
No Data