GSS 3.x - Dagent is not connected to engine on latest Windows 10 with Sophos Antivirus

book

Article ID: 195099

calendar_today

Updated On:

Products

Ghost Solution Suite Deployment Solution

Issue/Introduction

Using GSS 3.3 - with Windows 1903 and later and latest supported Sophos client - Dagent is failing to establish connection to engine

No visible error.

Dagent service is running but not able to connect to engine

All of our Windows 10 clients were unable to register with the software distribution service. Consequently, all of the desktops were unable to install any software from our software repository.

Cause

Sophos product have an option to use Win10 antimalware feature - AMSI. Which apparently preventing Dagent service to establish a connection. There was a similar issue with McAfee as well. See 175885 "GSS 3.x - Dagent is not connected to engine on latest Windows 10 with McAfee Antivirus"

See Sophos website detailing the new Sophos AMSI functionality from July 1st 2020.  

https://community.sophos.com/kb/en-us/134719

In that article it has a note. issues to be aware of:

·         "The Altiris Deployment Agent service hangs when the Sophos AMSI Provider dll is registered. A fix for this issue will be released with Sophos AMSI Protection version 1.4 which will be available in Early Access Program (EAP) as of July-21. The Knowledge Base Article will be updated once recommended line (non-EAP) release dates for Sophos AMSI Protection version 1.4 Endpoints become available."

Environment

GSS 3.3 x

Resolution

Sophos has a recent release that is conflicting with DAgent in GSS. They have a KB on it https://community.sophos.com/kb/en-us/134719#How%20do%20I%20disable%20Sophos%20AMSI%20Protection

Follow this guide from Sophos: https://community.sophos.com/kb/en-us/125831 


Sophos Antimalware Scan Interface (AMSI) Protection Frequently Asked Questions (FAQ) - Sophos Community

community.sophos.com

 "Are there any known issues that I should be aware of The Altiris Deployment Agent service hangs when the Sophos AMSI Provider dll is registered. This is currently under investigation by Sophos Development. To mitigate the problem the Sophos AMSI Provider dll can be unregistered."