Applies to: Sophos Home Premium and Free (Mac)

• What's happening
• Troubleshooting
  • Restart the Mac
  • Allow Sophos under Security & Privacy
  • Re-enable Real-Time Protection on the dashboard
  • Make sure the Mac has available virtual slots for Sophos Home to load
  • Manually adding kexts
  • Re-install Sophos Home

What's happening: 

On the Sophos Home dashboard, or on the Sophos Home Shield, you may have received the alert This device is vulnerable after installing/updating Sophos Home

Dashboard example:

Sophos Home Shield example: 

This article provides a list of the different scenarios and causes of the alert This device is vulnerable and link to its corresponding solution.

Troubleshooting steps

Scenario 1 - The Mac needs to be restarted

Usually, the alert is cleared after restarting the Mac and waiting for 10-15 minutes. 

Scenario 2 - Sophos Home needs to be allowed under Security & Privacy

First time installations may require allowing Sophos Home signed extensions to run on the Mac. Follow these steps to do so: The Sophos KEXT was not allowed on the first time installation of Sophos Home

Scenario 3 - Real Time Protection (or other) was disabled via the Sophos Home dashboard

If  protections are disabled via Sophos Home dashboard, Sophos Home will reflect that on the Shield. To check protections are enabled, follow these steps: The real-time protection is disabled.

Scenario 4 - The Mac doesn't have available slots to load Sophos Home

This issue occurs when the Mac runs out of  virtual slots to load applications (this usually happens when virtual machines are installed, and similar software is being used). Follow these steps to correct that: There are too many applications that register virtual devices.

Scenario 5 - None of the above scenarios worked- Kexts need to be manually added

In some cases, the Sophos Home kexts need to be manually enabled. To do so, follow these steps:
Note: Click here to watch a video with the instructions. 

1. Boot into Recovery mode (Apple Article ht201314)
2. Open the Terminal (From the menu at the top)
3. Type the following command:
   /usr/sbin/spctl kext-consent add 2H5GFH3774
   (Please mind the space between spctl and kext, the space between consent and add, and the space between add and 2H... )
    Hit Enter
4. Type command:
   csrutil disable
    Hit Enter
5. Reboot your Mac
6. After confirming Sophos Home shield's status area is green, follow steps 1 and 2, then type the following command in the terminal:
   csrutil enable
7. Reboot your Mac

Note: If  the above scenarios do not fix your issue, try re-installing Sophos Home

Related information

• System Extension Blocked appears on new installations on macOS High Sierra 10.13
• Notifications to allow Sophos Home kernel extensions (KEXT) did not appear
• How to reinstall Sophos Home