Guest User!

You are not Sophos Staff.

Thread Info
  • Locked Locked
  • Replies 1 reply
  • Subscribers 9 subscribers
  • Views 8311 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Real Time Protection Disabled

Berzerk

Hi All,


Everyone knows here about this common issue in Sophos that everytime we open up the dashboard we will sure be seeing this alert. So, i have few queries to ask i hope someone with good hands in sophos could help me

 

1. Does this issue comes basically on windows 7 os.

2. Is really sophos automatically disable windows defender and If not. than this is what causing the issue here.

3. I also read in few community articles that vendor suggested users to put SHS in automatic mode from Delayed Startup . So, it's particular that we need to put this service in automatic.

4. Also, does alerts generally comes when any of the sophos services is missing or not runing or if any setup file failed to run

5. and, how we can enable back the real time protection 

I hope i will get the response and it will be helpful 

much thanks

berzerk



This thread was automatically locked due to age.
Parents

  • Could it be that the SAVService takes a while to startup when the computer boots?

    As a result the MCS Agent service queries for the status and finds it stopped.  Shortly after the SAVService finishes starting, MCS Agent re-queries, sees it's fine and you get a disabled/enabled event list?

    I would use the following logs to try and build up a time line of the SAVService starting at boot.
    C:\ProgramData\Sophos\Sophos Anti-Virus\logs\sav.txt
    C:\ProgramData\Sophos\Sophos Anti-Virus\logs\SAV-Trace.txt
    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Sophos Anti-Virus Startup Log_TIMESTAMP.txt

    Then check what MCS sees:
    C:\ProgramData\Sophos\Management Communications System\Endpoint\Logs\mcsagent.log
    And Health reports:
    C:\ProgramData\Sophos\Health\logs\

    Regards,

    Jak

Reply

  • Could it be that the SAVService takes a while to startup when the computer boots?

    As a result the MCS Agent service queries for the status and finds it stopped.  Shortly after the SAVService finishes starting, MCS Agent re-queries, sees it's fine and you get a disabled/enabled event list?

    I would use the following logs to try and build up a time line of the SAVService starting at boot.
    C:\ProgramData\Sophos\Sophos Anti-Virus\logs\sav.txt
    C:\ProgramData\Sophos\Sophos Anti-Virus\logs\SAV-Trace.txt
    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Sophos Anti-Virus Startup Log_TIMESTAMP.txt

    Then check what MCS sees:
    C:\ProgramData\Sophos\Management Communications System\Endpoint\Logs\mcsagent.log
    And Health reports:
    C:\ProgramData\Sophos\Health\logs\

    Regards,

    Jak

Children
No Data
Unfiltered HTML