This article covers how to troubleshoot Sophos Home issues on macOS 11 – Big Sur & macOS 12 – Monterey.
TROUBLESHOOTING Post-installation (or upgrade) issues on Big Sur or Monterey
Sophos Home requires 4 steps in order to run on macOS 11 Big Sur & 12 Monterey
1 – Enabling System Extensions
2 – Allowing Notifications *
3 – Granting Full Disk Access to components
4 – Rebooting the Mac
If any of those steps are not completed, or do not trigger, you may encounter issues.
Please refer to the scenarios below in order to troubleshoot problems.
*A message will appear on the top right, informing users to enable notifications. Click on the message and use the slider to turn them on. You may need to perform this twice.
Updating message appears on the Sophos Home Shield
The Updating message is informational, and will clear as soon as the update finishes. After that, you will be able to proceed with allowing notifications and clearing the welcome screen, as listed in the installation section for this article Support for macOS 11- Big Sur
Sophos Home Shield is Orange, yellow or red
The shield can change colors when a component/extension hasn’t loaded properly, or when a significant change (such as a major update or installation) takes place. The first step to address this situation is restarting your Mac and ensuring macOS is updated to the latest version – https://support.apple.com/en-ca/HT201541
This allows components to reload and will fix the situation in most cases. If the problem persists, follow these steps to force the system extensions to reload:
1 -Check if system extensions need to be allowed
There are 2 System Extensions for macOS 11 & 12, SophosScanD and Sophos Network Extension They both need to be allowed (sometimes one at a time, in between reboots), in order to fully load all components.
Video Steps
Step-by-step-guide
- Click on the Apple menu from the taskbar then select System Preferences…
- On the System Preferences window, select Security & Privacy.
- Under the “General” section, click on the padlock at the bottom left to be able to make changes.
- Ensure “App Store and identified developers” option is selected under “Allow apps downloaded from”
- You will see either “Details…” if more than one extension needs to be allowed, or “Allow“, if only one extension needs to be allowed. Click on the available button to proceed.
Note: To make changes, you may need to click on the lock, as per the screenshot (bottom left).
(Click on an image to see it in full size) - Restart your Mac and re-check to ensure no other extension needs to be loaded – If there is, repeat the steps and restart.
2 -If no extensions are listed – Reload them- Video steps
Follow the video steps to force the system extensions to reload, then go back to step 1 to allow them as needed.
2.1 Step-by-step -Reload system extensions
Follow the steps to force the system extensions to reload, then go back to step 1 to allow them as needed.
- Open Finder (Note: This requires Finder, no other interface will work.)
- At the top menu, click Go > Go to folder…
- You will be accessing 2 locations and moving 2 files to the Trash:
First location (network extension)
1. Navigate to:/Applications/Sophos/Sophos Network Extension.app/Contents/MacOS/
2. Right-click Sophos Network Extension.app and select Move to Trash.Second location (scan extension)
1. Navigate to: /Applications/Sophos/Sophos Scan.app/Contents/MacOS/
2. Right-click SophosScanD.app and select Move to Trash. - NOTE: When moving the apps to the trash, the mac will prompt a message stating you’re removing a system extension, and it may be loaded. Click Continue and authenticate as prompted.
- After having moved both extensions to the Trash:
- Click the Trash icon in the lower right of your Mac screen.
- Locate SophosScanD and Sophos Network Extension.app
- Right-click each extension and select Put Back.
- Restart the mac and follow the prompts to re-allow the system extensions.
Scan aborted OR Action Required! appears on the shield
These messages appear when the scan component is not loaded.
To address them, ensure you are running the latest version of your macOS system, then reboot your Mac. If the problems persist after updating your mac and rebooting, follow these steps:
1 -Check if system extensions need to be allowed
There are 2 System Extensions for macOS 11 & 12, SophosScanD and Sophos Network Extension They both need to be allowed (sometimes one at a time, in between reboots), in order to fully load all components.
Video Steps
Step-by-step-guide
- Click on the Apple menu from the taskbar then select System Preferences…
- On the System Preferences window, select Security & Privacy.
- Under the “General” section, click on the padlock at the bottom left to be able to make changes.
- Ensure “App Store and identified developers” option is selected under “Allow apps downloaded from”
- You will see either “Details…” if more than one extension needs to be allowed, or “Allow“, if only one extension needs to be allowed. Click on the available button to proceed.
Note: To make changes, you may need to click on the lock, as per the screenshot (bottom left).
(Click on an image to see it in full size) - Restart your Mac and re-check to ensure no other extension needs to be loaded – If there is, repeat the steps and restart.
2 -If no extensions are listed – Re-trigger them- Video steps
Allowing system extensions after restarting
2.1 Step-by-step -Re-triggering prompts for system extensions
Follow the steps to force the system extensions to reload, then go back to step 1 to allow them as needed.
- Open Finder (Note: This requires Finder, no other interface will work.)
- At the top menu, click Go > Go to folder…
- Enter the directory below depending on which one didn’t have approval
To re-trigger: com.sophos.endpoint.networkextension
Navigate to:/Applications/Sophos/Sophos Network Extension.app/Contents/MacOS/To re-trigger:com.sophos.endpoint.scanextension
Navigate to:/Applications/Sophos/Sophos Scan.app/Contents/MacOS/
- Right-click Sophos Network Extension.app / SophosScanD.app and select Move to Trash.
- The system will likely prompt you that you’re removing a system extension, and it may be loaded. Click Continue if this appears and authenticate as prompted.
- Click the Trash icon in the lower right of the screen.
- Find the file you just moved to Trash.
- Right-click the file and select Put Back.
- Prompts for Allowing the extensions should now appear. If not, Restart the mac, and they should appear.
Welcome to Sophos Screen keeps appearing on reboot
This issue is related to missing components in the Full Disk Access list. Follow the troubleshooting video/steps below to address this situation.
Video Steps
The video is broken down into 3 parts – Be sure to restart the computer before and after completing each section of the steps.
Part 1- Resolving the Welcome to Sophos Home window
Part 2- Allowing extensions
Part 3 -Adding missing components
Use the navigation bar to move to another section within the video
Step-by-Step guide
Part 1- Resolving the Welcome to Sophos Home window
2- Use the “Click here” section to access Security & Privacy
3 – Unlock the padlock in Security & Privacy
4- Drag and drop the icons from the Welcome to Sophos Home window into the Full Disk Access list
5 – Ensure all the components added have been checked-marked
6 – Restart your computer
Part 2 -Allowing extensions
2 – Once at the General tab, look at the bottom section to find whether one or more Sophos extensions may need to be allowed (if none present, skip this section).
3- You will see either “Details…” if more than one extension needs to be allowed, or “Allow”, if only one extension needs to be allowed. Click on the button to proceed.
Part 3- Adding missing components to Full Disk Access
You will not be able to perform these steps until Sophos Home has fully upgraded (wait for the Updating… message to clear). A reboot is necessary after the installation in order to load the needed extensions.
If an extension is already listed in the Full Disk Access, you DO NOT need to add it again, instead, ensure they are check-marked .
Either use the Welcome to Sophos Home screen or Click on the Apple logo -> System Preferences-> Security & Privacy Scroll down to locate Full Disk Access Use the padlock at the bottom left to unlock changes Use the '+' symbol to add new components Search for com.sophos.endpoint.scanextension.systemextension Click Open Once added to the list, ensure it is check-marked After having added all missing components, restart your computer Repeat the above listed steps if any of the following extensions are missing from the Full Disk Access list (restart after having added all of them) com.sophos.endpoint.scanextension.systemextension [^^This may show as SophosScan instead] Sophos Network Extension Sophos Diagnostic Utility SophosScanAgent SophosCleanD SophosServiceManager
After that, you should be able to click Done, and the Welcome to Sophos Home window should stop popping up.
How to remove Sophos system extensions
- Disable system integrity protection (this will let us make adjustments to Sophos extension in later steps)
Text instructions for disabling System Integrity Protection can be found here - Restart your mac and Uninstall Sophos Home
- Restart once more to ensure all components are properly unloaded
- After the reboot open up the terminal (it’s in the utilities folder of your applications) and type in each of the following commands (without quotes), pressing enter after each one:
“sudo systemextensionsctl uninstall 2H5GFH3774 com.sophos.endpoint.scanextension”“sudo systemextensionsctl uninstall 2H5GFH3774 com.sophos.endpoint.networkextension”
- Restart your mac
- Re-enable system integrity protection