diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index cb5ec65d4..fae574cae 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -1108,6 +1108,8 @@ suricata_idstools_removal_pre() {
 # For SOUPs beginning with 2.4.200 - pre SOUP checks
 
 # Create syncBlock file
+install -d -o 939 -g 939 -m 755 /opt/so/conf/soc/fingerprints
+install -o 939 -g 939 -m 644 /dev/null /opt/so/conf/soc/fingerprints/suricataengine.syncBlock
 cat > /opt/so/conf/soc/fingerprints/suricataengine.syncBlock << EOF
 Suricata ruleset sync is blocked until this file is removed. Make sure that you have manually added any custom Suricata rulesets via SOC config - review the documentation for more details: securityonion.net/docs
 EOF