Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

The security health cannot be reported at the moment error

I installed InterceptX onto a computer and i get following error.  "The security health cannot be reported at the moment" in Sophos Central.  Is there a fix for this? 



This thread was automatically locked due to age.
  • HI Jeff, 

    Sorry to hear the issue you are facing , you share any snaps or logs on this post . For discretion you may also private message me .

    Thanks and Regards

    Aditya Patel 

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • The Sophos Health Service is responsible for creating the registry keys under:
    HKLM\Software\Wow6432node\sophos\Health\Status

    The MCS Agent service reads these to report on the health of the services, so I would suggest:

    1. Check that the Sophos Health service exists and is started.

    2. Check the above registry key.  Does the above key exist but with no values underneath? A working computer could be useful for reference.

    3. Does the adapter registry key exist under:
    HKLM\software\wow6432node\sophos\remote magement system\ManagementAgent\Adapters\SHS 
    and does the DllPath value point to the shsadapter.dll and the file exist in the referenced location.  Again checking a working computer for referecence.  You may also want to check that the shsadapter.dll is loaded in the MCSAgent.exe process.  You can do this with Process Explorer (Sysinternals).

    Maybe use Process Monitor (Sysinternals) to monitor what happens when you start the Sophos Health service in terms of the above key.  Problems writing the values?

    Hope it helps.

    Regards,

    Jak

  • Hi Jak,

    I have one computer in our network where the Healthservice will not start. I followed your suggestion for looking at a computer with no problems as reference, but i cannot find the registry keys you refer to. I do see the same keys under HKLM\software\sophos....

    When i try to start the service on the problem conputer i get an 575 error. All other services are working fine ?

    Besides that it is a little bit strange that the option to stop and start this service is available. On computer with no problems stopping and starting teh service is greyed out.

    Regards,

    Hans.

  • By any chance was an eSata drive connected to that PC?

  • i have the same issue after cloning sata hdd to SSD
    The Health service won t start with 575 error !

  • I have the same problem as well. Sophos Central for one of my devices says The security health cannot be reported at the moment. On the client computer, the Sophos Health Service won't start Error 575. I cannot uninstall or re-install because tamper protection won't allow me to. I disabled Tamper Protection from Central but the command is not reaching the client because it remains enabled. Suggestions?

  • Hi,

    Here is what i did to solve the issue

    First disable the tamper protection

    1. Boot the system into Safe Mode.
    2. Click Start > Run > services.msc > right-click Sophos Anti-Virus service > properties > set to disabled > OK
    3. Click Start Run and type regedit and then click OK.
    4. Go to the following location in the registry editor:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos MCS Agentand set the REG_DWORD Start to 0x00000004
    5. Go to the following location in the registry editor:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Configand set the following REG_DWORD values SAVEnabled and SEDEnabled to 0
    6. Go to the following location in the registry editor:
      HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\SAVService\TamperProtectionand set the REG_DWORD Enabled to 0

    Reboot the system in normal mode.

     

    After that you can reinstalling the sophos endpoint software

    Best regards

  • What worked for me:

    First disable Tamper Protection in Sophos Web Interface. Then make this changes in Safe Mode

     

    1. Boot the system into Safe Mode.
    2. Click Start > Run > services.msc > right-click Sophos Anti-Virus service > properties > set to disabled > OK
    3. Click Start Run and type regedit and then click OK.
    4. Go to the following location in the registry editor:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos MCS Agentand set the REG_DWORD Start to 0x00000004
    5. Go to the following location in the registry editor:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Configand set the following REG_DWORD values SAVEnabled and SEDEnabled to 0
    6. Go to the following location in the registry editor:
      HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\SAVService\TamperProtectionand set the REG_DWORD Enabled to 0

     

    After that reinstall Endpoint Protection (uninstall didn't work the first time don't know why)

    Then Uninstall Sophos Endpoint Protection

    Delete the Machine from Sophos Web Interface

    Reboot the Device and install Sophos Endpoint Protection again.

     

    If you may ask why to uninstall it again. I've tried only to reinstall it but after Activating Tamper Protection again the same error occured so i've testet it with uninstalling and deleting the object and after that everything was fine.

    Best regards,

    Alex

  • Can these fixes be built into the installer? Asking us to boot into safe mode every time we have these issues is really annoying.

  • I'm getting this issue on one of our workstations.

    As others have mentioned, it's kind of ridiculous that we should be expected to boot the workstation in to safe mode and modify the Windows registry to fix this issue.

    It's obviously just a bug in Sophos that needs to be addressed.

    Come on guys, this is why we pay the big bucks for Sophos...