Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 12 subscribers
  • Views 8499 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Real time protection disabled (MAC End points)

TripleJ

All,

I wanted to see if there has been any update on "if the MCS service agent is stops before the other services, it will get a read error and sends the alert."? 

We are using MACs (Catalina, High Sierra & Mojave). I am seeing real time protection disabled on a few machines. The machines have been rebooted on multiple occasions. This does not resolve the issue. 

I have spot checked a few machines, the endpoint agent is also showing "real time protection disabled". How do I resolve this?

I have read thru several different posts on the community, in reference to this same issue. I have not identified anyone posting a resolution to the issue.  

Any help would be greatly appreciated!

Justin 



This thread was automatically locked due to age.
Parents
  • 0

    Hello  

    Are there any other events in Sophos Central around the time that the status showed real time protection as disabled? Are all of the other services started? Are all of the Sophos kernel extensions allowed?

    Thanks!

  • +1 in reply to DianneY

    I had the exact same issue, because the user didn't click Allow to Sophos.

    So by doing this, it worked.

    If the kexts do not load after the above steps, or the prompt to allow the kext does not show, here are the steps to authorize the kext manually.

    1. Boot into macOS Recovery mode.
    2. Open Terminal.
    3. Run the command: /usr/sbin/spctl kext-consent add 2H5GFH3774
    4. Reboot the affected Mac.
Reply
  • +1 in reply to DianneY

    I had the exact same issue, because the user didn't click Allow to Sophos.

    So by doing this, it worked.

    If the kexts do not load after the above steps, or the prompt to allow the kext does not show, here are the steps to authorize the kext manually.

    1. Boot into macOS Recovery mode.
    2. Open Terminal.
    3. Run the command: /usr/sbin/spctl kext-consent add 2H5GFH3774
    4. Reboot the affected Mac.
Children
Unfiltered HTML
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?