Recent Sophos update has broken HIP checks on Global Protect

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Recent Sophos update has broken HIP checks on Global Protect

L0 Member

We have an issue that we have logged a PA TAC case but wanted to stick out a forum post to see if others are having this issue.


It seems when the machine upgrades Sophos from 2.20.11 to 2.20.13, we get the following message:


"Your AntiVirus is not updated". HIP checks then fail. The only thing changed is the version of Sophos, but the HIP checks don't care about versions, or arent meant to care about versions.


This issue is happening on multiple portals deployed, all running different versions of PAN-OS. 9.0.3-h3, 9.1.7 and 10.1.3


L1 Bithead

Can confirm.  Same issue first noticed yesterday.


L3 Networker

Same issue noticed yesterday.

Reinstalling Sophos has fixed the issue for us.

L1 Bithead

Unfortunately, reinstalling Sophos did not fix it for me.

L0 Member

We've had the same issue running 9.1.12-h3, we've deployed a work around but could really do with a fix. The work around we've implemented is stop checking for virus definitions within a specific period which is less than ideal. 

L3 Networker

Uninstall and Reinstall stopped working.
When sophos is reinstalled it is at version 2.20.11, this version works but due to automatic updates enabled, it upgrades it self to 2.20.13 and this version breaks HIP checks..
Hope there will be a fix soon...

L1 Bithead

I logged a ticket with Sophos.  Their position is that PA would have to make changes.

"Sophos is on Sting 2.0 version which is Core Agent 2.20.13 and SAV is merged into SED

Your vendor's VPN is unable to detect SED, We would recommend to contact their support so, they can make changes from their end to work with new Sophos updates. "
and referred to this page:

L2 Linker

Hey @VAsupport ! We're currently working with both Sophos and OPSWAT's Engineering Teams to resolve this issue. If you're encountering the issue, please feel free to open a Support case for us to track alongside the others and we'll post any updates and/or resolution immediately once they become available! 


L0 Member

Is there any resolution to this problem ?   I have a remote consultant using Sophos and it is causing delays on the project.

L3 Networker

On the TAC case we opened Palo confirmed that they got a new SDK from Opsswat which can detect new version of Sophos. TAC thinks that this new version will be included in the next GP version release but have no confirmation yet.

@ttec_fw @SuryaR we have already updated the GP App with the new OPSWAT SDK and we're currently prepping it for release. Please contact either TAC or your Account Team on the definite release date, however, we're unable to provide one at this time. 


Hi bud


We have the same issue.

Can you please supply me with a bug ID ?


L1 Bithead

Is Palo going to release official communication about this and its resolution?

L4 Transporter

Was this ever fixed?  I'm having the same issue with a contractor.  I've tried 5.x and now 6.x and neither worked.

Now that nearly 3 months has passed since the last update, I thought I'd check and see if anybody found a resolution to this issue?


We experienced it today for the first time, as we just switched to Sophos Intercept X but haven't made an update to the Palo Alto firewalls.

  • 24 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!