Sophos causing boot failure

rushingj
New Contributor II

Anyone having issues with Sophos causing the computer to fail on boot? Computer gets about half way through the Apple logo boot screen and then hangs. If I boot to safe mode I can uninstall Sophos and the system no longer has any booting issues. This is happening in two different Sophos versions. Any insight would be appreciated.

Update: I have been able to recreate this on multiple mid 2017 MacBook Pro laptops. All running APFS and macOS 10.13.4.

Computer Description:
New just unboxed MacBook Pro
8GB RAM
macOSX 10.13.4
Disk Format: APFS

Sophos:
version 9.6.7
version 9.7.4

5 REPLIES 5

mcooper
New Contributor III

Have you created a configuration profile to whitelist the Sophos related kernel extensions? https://www.jamf.com/jamf-nation/discussions/26583/kextpocalyse-2-the-remediation-blog-post-by-our-o...

The kernel extensions can be found here https://docs.google.com/spreadsheets/d/1IWrbE8xiau4rU2mtXYji9vSPWDqb56luh0OhD5XS0AM/edit#gid=0

rushingj
New Contributor II

I did not create a profile to whitelist the Kexts, I was trying to keep all my variables limited. The process I used was; unbox the Mac laptop, start it up and install Sophos. Then go to to Security & Privacy and click the allow for the Kexts and reboot. Upon reboot the computer would lockup on the apple logo just shy of 50%. I tried this on a few other brand new never used laptops and the same thing happened. These were all mid 2017 MacBook Pro laptops with SSD's in APFS format. I then imaged a few older iMac's to 10.13.4 in HFS format and had zero issues after reboot.

Andrew_R
New Contributor III

I've encountered the same problem with a new 2018 MacBook Pro, never had a problem until this laptop came in, although we've only been doing MacBook Air with HFS+ and 10.12 up until now, so this is all new to me.

I've made a configuration profile for the Sophos Kexts, and also tried approving them manually, but didn't seem to make a difference either way.

I've pared it back to installing 10.13 through Internet Recovery after wiping the drive, adding a user account, and installing Sophos. Then I get stuck at about 50% through the boot progress bar. I can actually SSH into the laptop at this point, but nothing I do seems to help. So far the system.log hasn't been particularly useful. It's as if Sophos starts and prevents the login window from starting.

If I remove Sophos it all goes back to normal. I haven't gotten to enable File Vault yet, so that's not interfering.

We'll probably have to contact Sophos and see what they suggest in the coming week.

tjhall
Contributor III

Old thread but check that the sophos kext approval is present before the Sophos install happens (smart group based on kext extension being present)

Andrew_R
New Contributor III

According to Sophos this is a known issue. We're on an older version of Sophos Enterprise Console which is hosted in-house. We typically are delayed a lot in getting new versions of Sophos.

I haven't been able to test it yet, but version 9.7.5 came out for us at the end of October 2018, which is supposed to contain a fix for the hang on boot up.