Sophos software seems to not be updating or working when going through the web filter/proxy.
The Sophos services can't respond to proxy authentication requests, so if NTLM or Kerberos is used, bypass authentication for the "sophos.com" domain. This can be done by adding the domain to an existing category listed in the "Web proxy - Authentication - Exceptions" or by creating a new category and adding the sophos.com domain to that and then add that to the included categories in "Web proxy - Authentication - Exceptions".
In addition, the domain should be excluded from HTTPS decrypt and inspect. Same procedure as above, except this time the policies are in "Guardian - HTTPS inspection - Manage policies".