Sophos Endpoint security On-Access scanning is broken following a kernel update.

  • 7017264
  • 17-Feb-2016
  • 17-Feb-2016


SUSE Linux Enterprise Server 11
Novell Open Enterprise Server 11 (OES 11) Linux
Sophos Anti-Virus for Linux/Unix v9


When Sophos Antivirus is installed, it is configured for the current running kernel on a SUSE Linux Enterprise Server based system.

The 'On Access' scanning functionality is working properly until the server is updated with a newer kernel version, than the Talpa module was compiled for at installation time.


Following the installation of a new kernel, the Talpa module needs to be re-compiled for the updated kernel.

Under YaST > Software Management > Patterns, select to install the 'Development' pattern.
This will install kernel-sources and other modules required to manually rebuild the Talpa module for the updated kernel.


The Sophos Talpa module (required for 'On Access' scanning), is built for the current kernel only, and still based on kernel 2.6 kernel-headers.

Additional Information

Guidance from Sophos on how to manually re-compile the Talpa binary is described in the Sophos knowledge-base under Article ID: 13503