AutoUpdate and On-Access scanning not running with Sophos Anti-Virus for Mac version 9.1.6

  • Article ID: 121324
  • Rating:
  • 50 customers rated this article 1.7 out of 6
  • Updated: 18 Sep 2014


When running Sophos Anti-Virus for Mac (SAV for Mac) version 9.1.6 you see one or more of the following symptoms:

  • On-Access is for the Mac is reported to Sophos Enterprise Console (SEC) as inactive. 
  • The Sophos shield in the menu bar is grayed out
  • A pop-up dialog box on the Mac endpoint warns that 'Sophos Anti-Virus is not running'

To confirm your computer is affected by this problem look at the local install.log file (open Console and on the left hand panel select the /var/log/install.log file) locally on any endpoints, then search for these entries in the string matching field:

  • [SMEReceiptServiceStrategy.m:213] "(null)" success: YES
  • Failed to launch daemon com.sophos.notification. Continuing.
  • Failed to launch daemon com.sophos.webd. Continuing.
  • Failed to launch daemon com.sophos.intercheck. Continuing.

First seen in
Sophos Anti-Virus for Mac OS X 9.1.6

Fixed in
Sophos Anti-Virus for Mac OS X 9.1.7


A race condition in SAV for Mac v9.1.6 can result in AutoUpdate and the On-Access scanner being left in a disabled state after an update occurs. Note that this issue can occur more than once while v9.1.6 is installed (if the same race condition occurs again).

What To Do

This issue will be resolved in SAV for Mac v9.1.7 which is being released on Wednesday 3rd September 2014

Until this date, and depending on the number of Mac endpoints affected, use the workarounds below to resolve the issue immediately

Small number of Macs affected

Run the following one-line command in Terminal:

sudo /Library/Caches/com.sophos.sau/CID/Sophos\ Anti-Virus.mpkg/Contents/Resources/ --install

Note: It is still possible for the issue to reoccur after running this command.

A number of Macs affected

Downgrade the installed version of SAV for Mac to version 9.0.11 by configuring your Sophos Update Manager (SUM) to use the ‘Previous Recommended’ subscription.

  1. In Enterprise Console subscribe to v9.0.11 which is available under the 'Previous Recommended' package label.  For more information on managing your subscriptions see article 110302.
  2. Modify the updating policy (attached to the group containing the affected systems) so that this new subscription is used.

Important: You now need to run the same Terminal command - shown in the section above - on any affected systems to resolve the immediate issue to allow them to downgrade to v9.0.11.  Once the command is run on affected Macs they will then receive the new updating policy, connect to the folder with v9.0.11 shared out, and proceed to downgrade.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent