Help

Sophos causing boot failure

rushingj
New Contributor II

Posted on ‎05-14-2018 08:45 AM

Anyone having issues with Sophos causing the computer to fail on boot? Computer gets about half way through the Apple logo boot screen and then hangs. If I boot to safe mode I can uninstall Sophos and the system no longer has any booting issues. This is happening in two different Sophos versions. Any insight would be appreciated.

Update: I have been able to recreate this on multiple mid 2017 MacBook Pro laptops. All running APFS and macOS 10.13.4.

Computer Description:
New just unboxed MacBook Pro
8GB RAM
macOSX 10.13.4
Disk Format: APFS

Sophos:
version 9.6.7
version 9.7.4

0 Kudos
Reply
5 REPLIES 5

mcooper
New Contributor III

Posted on ‎05-14-2018 01:14 PM

Have you created a configuration profile to whitelist the Sophos related kernel extensions? https://www.jamf.com/jamf-nation/discussions/26583/kextpocalyse-2-the-remediation-blog-post-by-our-o...

The kernel extensions can be found here https://docs.google.com/spreadsheets/d/1IWrbE8xiau4rU2mtXYji9vSPWDqb56luh0OhD5XS0AM/edit#gid=0

0 Kudos
Reply

rushingj
New Contributor II

Posted on ‎05-14-2018 03:41 PM

I did not create a profile to whitelist the Kexts, I was trying to keep all my variables limited. The process I used was; unbox the Mac laptop, start it up and install Sophos. Then go to to Security & Privacy and click the allow for the Kexts and reboot. Upon reboot the computer would lockup on the apple logo just shy of 50%. I tried this on a few other brand new never used laptops and the same thing happened. These were all mid 2017 MacBook Pro laptops with SSD's in APFS format. I then imaged a few older iMac's to 10.13.4 in HFS format and had zero issues after reboot.

0 Kudos
Reply

Andrew_R
New Contributor III

Posted on ‎09-08-2018 08:46 PM

I've encountered the same problem with a new 2018 MacBook Pro, never had a problem until this laptop came in, although we've only been doing MacBook Air with HFS+ and 10.12 up until now, so this is all new to me.

I've made a configuration profile for the Sophos Kexts, and also tried approving them manually, but didn't seem to make a difference either way.

I've pared it back to installing 10.13 through Internet Recovery after wiping the drive, adding a user account, and installing Sophos. Then I get stuck at about 50% through the boot progress bar. I can actually SSH into the laptop at this point, but nothing I do seems to help. So far the system.log hasn't been particularly useful. It's as if Sophos starts and prevents the login window from starting.

If I remove Sophos it all goes back to normal. I haven't gotten to enable File Vault yet, so that's not interfering.

We'll probably have to contact Sophos and see what they suggest in the coming week.

0 Kudos
Reply

tjhall
Contributor III

Posted on ‎10-16-2018 03:37 AM

Old thread but check that the sophos kext approval is present before the Sophos install happens (smart group based on kext extension being present)

0 Kudos
Reply

Andrew_R
New Contributor III

Posted on ‎11-09-2018 02:19 PM

According to Sophos this is a known issue. We're on an older version of Sophos Enterprise Console which is hosted in-house. We typically are delayed a lot in getting new versions of Sophos.

I haven't been able to test it yet, but version 9.7.5 came out for us at the end of October 2018, which is supposed to contain a fix for the hang on boot up.

0 Kudos
Reply