Please continue to monitor this KB for updates.
The following has been suggested as a workaround:
- Sophos Central → Endpoint Protection → Computers → Choose the computer that has the issue → Check if Real-time protection is disabled → GetRTPState returns false → expected.
- After that, try to change this status on the Dashboard, or Turn off tamper protection (Sophos Central → Endpoint Protection → Computers → Settings → Tamper Protection → turn off this, we can manually turn on/off RTP state on the UI of product) → will get this state correctly.
If the issue persists after these changes, please open a support ticket with the following attached:
- ESAP Diagnostics Logs (KB28146, linked below)
- A screenshot from the Sophos "About" page, showing the version number