I currently have Sophos Endpoint AV 9.7.1 installed on a Redhat 7 system running kernel 3.10.0-123.9.3.el7.x86_64 and I get errors trying to start or restart services.
If the sav-protect service is running and I try to start or restart the httpd service the service fails to start. I've attached the error message from systemd.
I've noticed this issue with the MariaDB service as well.
If I disable the sav-protect service then I can stop and start services without issue.
This isn't a recent issue, I've had this problem since I built the system and the Sophos client has been updating automatically to provide support for newer kernels as they've been released.
selinux is enabled and enforcing however there are no selinux denied events. Setting selinux to permissive mode makes no difference.
Ignoring the issue with starting other services the EndPoint on access scanning works well, it communicates with the Enterprise console, updates without issue and has detected the eicar test file I had on the system.
The log information in the attachment is about the only useful information logged that I can find on my system. Is there some additional logging I can turn on for the sav-protect service or does anyone have any ideas on why it might be failing?
My best guess at the moment is that the private tmp feature of systemd may be interferring with the on access scanning.
This thread was automatically locked due to age.
