We may have resolved this by doing the following:
1. In active directory delete the Sophos computer account
2. On the Sophos go to the SSO tab and put in invalid credentials. This will force the Sophos to unjoin. Click a different tab and go back to verify. - Note make sure your AD account didn't get locked out or you will fail the next step.
3. Rejoin the Sophos to the domain. Verify the AD computer object called Sophos is there.
4. If you disabled logging, turn it back on. Verify you don't see function="read_winbindd_response" file="auth_adir.c" line="239" message="epoll_read_until: Transport endpoint is not connected"
5. Users will need to reboot or log off and log back in.
So far so good. Were not seeing the error messages now but it's only been 45 minutes. Users were seeing slow internet connectivity and proxy popups. If we used transparent mode with no authentication on a test group of users everything worked fine, it only affected proxy with authentication.