Issue: Sophos Central Admin – US-West region - Delays with the enforcement of Central policies on managed endpoints.

We use LogMeIn with our clients and every single time I connect to a machines dashboard (any machine out of 150) I get to see windows event viewer full of Sophos 504 errors. I have not gone a full week without getting a 504 from the amazon server hosting this, whether it be for updates, installs or policy changes. I pushed for moving to central from enterprise console because of the additional features and ease of being able to access a web interface, all based on the assumptions that the service actually worked since my sales rep advised it's the same as EC but cloud hosted. Boy was that incorrect, reporting is a joke on central, the interface is unresponsive at the best of times, e-mail notifications are also a joke, it's almost funny how poorly implemented some of these features are.

I suppose I can't be too upset that it isn't what I was expecting, but this is a very poor service. It really does feel like we are the beta testers for central and there isn't a day that goes by that I don't regret moving to it from enterprise console. If I hadn't already reprovisioned the server that was being used elsewhere I would be making the switch back in a heartbeat. 

Hi Geoff.  I hope you don't have the Cloud Web Gateway.  It is completely incompatible with LogMeIn (which is interesting given that it is the remote agent Sophos support uses).  We have had a ticket open to get this fixed since April.  Given their current trend of breaking more and more things when they *patch* the system, I wouldn't be surprised if it is another 6 months before this even gets looked at.  The worst part is that I have had to fight to keep the ticket open as support has closed it in the past claiming it was fixed (they never tested it or contacted us - they just closed the ticket!).  I wish you luck with your clients.  We all need it with this company.

-Keith

Ok..coming to wits end with Spohos. Central reports "Malware or potentially unwanted applications in quarantine" Wow...fabulous, but where the hell is it??

So lets walk all the way over/up/across to where this workstation is and see what we can see. Have to Open Sophos agent on PC and looks for events, Malware and PUA's. Ok.

There is a path mentioned, but you can't really see that path because the windows is too frigging small and does not scale (DOH)

Hold mouse over 'path' so it displays, quickly make note of path, because you cannot copy/paste, holy shit batman.

The we have to go to said location, and it happens to be a folder I put on the PC a few days ago. Ok cool. Found PSEXEC.exe. Ok..fine. I go to delete the file. Nope.

Apparently I need to ask myself for permission before myself can remove the file from myself's PC.

So now I have to reboot into safe mode to delete this file. How the hell does this garbage get out the door??

This is now turning out to be a bad bad choice. Very good Marketing Sophos, because you managed to suck me in hook line and sinker, but your product sucks.

I want my money back......is there a 60 day money back guarantee??

Getting the "one or more services missing"  problem too. I really have no idea why the product cant restart the service itself?

Had two Cryptoguard events this week, that neither generated RCA.. and the event itself doesn't tell me anything. Emailed support, but I've now given up doing this. I cant see the point anymore as their fix / troubleshooting suggestions are always the same (dont help) and quite often would put the company at additional risk. Eg - I was having an issue with a exclusion working on a single policy for single user, so they requested I fix this by making a global exclusion. /facepalm

Now my central console is running so slow, its taking so long to do tasks this morning. Also the dashboard is not displaying correctly. 

The company signed up recently to 3 years (massive cost benefit reasons) - so I REALLY hope there is some major development happening in just fixing up this service. There are so many things missing/not functioning that I would consider to be pretty base requirements for product like this. 

Hey fellow Sophos Central users.

This thread has grown quite long, and for the last several months there has been very little real insight or action from Sophos.

Make your voices heard outside of this thread.  There are several IT software review platforms that can be used to share your experiences.

Gartner Peer Insights - https://www.gartner.com/reviews/market/Cloud-Workload-Protection-Platforms/vendor/sophos?pid=12411

G2Crowd - https://www.g2crowd.com/products/sophos-endpoint-security/reviews

TrustRadius - https://www.trustradius.com/products/sophos-endpoint-protection/reviews

Thanks for this. I will definitely be making my voice heard at Gartner.

Sophos shouldn't be listed anywhere on the Quadrant at this time with the state of its Cloud software in such disarray. 

On Monday Michael Anderson SVP of Global Technical Services responded to my email stating that they expected the RCA for this to be posted "by the end of this week". Given that the pre-requisite to posting said RCA was they needed to be sure it was properly fixed, things are looking good!

I expect to see Michael share the good news and RCA here either today or tomorrow.

Regarding Gartner; We partner with them regularly and my manager whom I have been keeping apprised of the headaches is attending the Gartner conference. We are also looping in our tech product and services vendor.

Hi again:

The one thing I need to know!! ANYONE??

How can an Admin (myself) stop Sophos from running on a workstation?? A command or something that will Terminate Sophos "NOW" AS IN "RIGHT FRIGGIN NOW" NOT IN TEN MINS, NOT 30 MIN...NOT AFTER A REBOOT...BUT NOW!!!!!

I had other A/V installations and all I needed to do was enter the admin password and it would start the A/v shutdown procedure. Simple.

I need this same ability in Sophos. If it cannot be done, then we have the Wrong Vendor and the Wrong Product.

EG: User had a deadline, Sophos service was taking over 57% cpu and Excel was having slowness issues. (maybe not related but I needed sophos to leave the picture)

I told her I would terminate Sophos and see if that would help. 

Sadly, and struggle as I did, I could not do it. She missed the deadline for her report. She looks bad...I looked bad and in turn Sophos looks pile of steaming dung.

While attempting to stop Sophos, yes I disabled Tamper proof on her workstation, still failed to stop. Disable tamper Domain wide.....still didn't stop.

Tried to Uninstall Sophos.....failed...please turn off Tamper protection.......well I can tell you...ITS ALREADY OFF DAMN YOU..

This is absurd.

Sophos likes to make things difficult. Disabling tamper protection doesn't automatically stop Sophos, but allows you to stop services and bypass some policies if need be. Turn off tamper protection and open your clients Sophos client. Then go to settings and override all your policies. Next, go to task manager. Under the services tab you can kill each service individually. Stopping SAVService stops the AV. Let me know if that helps.

Trevor - that would be true if disabling Tamper Protection worked correctly.  It does not.  I have had many occurrences like what Howiedog described above.  Many times you tell it to disable Tamper Protection, but it keeps running for hours if it ever shuts off.  The program and/or Central is broken and often unusable.  If we weren't stuck in a contract, we would be LONG GONE.  I advise anyone to think twice before buying this untested and unreliable product.

Keith