Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 1 reply
  • Subscribers 10 subscribers
  • Views 12383 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HITMANPRO Service not Started

skyisbluescreen

Several Systems have the HMPRO Service Stopped automatically, However When its manually started its back runnning

 

However in first instance, Why does it stop automatically and do we  Prevent this?



This thread was automatically locked due to age.
Parents
  • 0

    If you look in:

    C:\ProgramData\HitmanPro.Alert\Logs\Sophos.log

    ...do you see the following lines logged:

    2018-02-22T23:45:22.624Z [Service] Stopping...
    2018-02-22T23:45:23.358Z [Service] Stopped

    I wonder if it stopped gracefully?

    Other evidence of when it stopped would be when Health noticed it.  Either in the log of Health. e.g. C:\ProgramData\Sophos\Health\Logs\Health.log

    2018-02-22T23:46:28.968Z [ 4992] INFO EventPublisher::PostServiceEvent Posting service stopped event: 81c193fe-667b-4050-9d5d-965298a81536 HitmanPro.Alert service
    2018-02-22T23:46:29.221Z [ 4956] INFO DatabaseAccessor::AddEvent Processing event id: 0dc12220-3b45-4d71-a40a-44bddde59163
    2018-02-22T23:46:29.226Z [ 4956] INFO DatabaseAccessor::UpdateHealthCategories Health state has changed to - Overall: 3, Service: 3, Threat: 1

    or in the trail of messages stored here:

    C:\ProgramData\Sophos\Health\Event Store\Trail\

    When the service stops the content of the file would be something like:

    {"id":"0dc12220-3b45-4d71-a40a-44bddde59163","familyId":"81c193fe-667b-4050-9d5d-965298a81536","timeStamp":"2018-02-22T23:46:28Z","app":"SHS","sequence":"0","severity":3,"serviceName":"HitmanPro.Alert service","resourceId":"health.service.stopped","showNotification":true,"updateSummary":true}

    It should be therefore possible to understand when the service stopped.  I would then check the event logs at this time and maybe in \windows\temp\ for log files to see if there was as update.

    Regards,

    Jak

Reply
  • 0

    If you look in:

    C:\ProgramData\HitmanPro.Alert\Logs\Sophos.log

    ...do you see the following lines logged:

    2018-02-22T23:45:22.624Z [Service] Stopping...
    2018-02-22T23:45:23.358Z [Service] Stopped

    I wonder if it stopped gracefully?

    Other evidence of when it stopped would be when Health noticed it.  Either in the log of Health. e.g. C:\ProgramData\Sophos\Health\Logs\Health.log

    2018-02-22T23:46:28.968Z [ 4992] INFO EventPublisher::PostServiceEvent Posting service stopped event: 81c193fe-667b-4050-9d5d-965298a81536 HitmanPro.Alert service
    2018-02-22T23:46:29.221Z [ 4956] INFO DatabaseAccessor::AddEvent Processing event id: 0dc12220-3b45-4d71-a40a-44bddde59163
    2018-02-22T23:46:29.226Z [ 4956] INFO DatabaseAccessor::UpdateHealthCategories Health state has changed to - Overall: 3, Service: 3, Threat: 1

    or in the trail of messages stored here:

    C:\ProgramData\Sophos\Health\Event Store\Trail\

    When the service stops the content of the file would be something like:

    {"id":"0dc12220-3b45-4d71-a40a-44bddde59163","familyId":"81c193fe-667b-4050-9d5d-965298a81536","timeStamp":"2018-02-22T23:46:28Z","app":"SHS","sequence":"0","severity":3,"serviceName":"HitmanPro.Alert service","resourceId":"health.service.stopped","showNotification":true,"updateSummary":true}

    It should be therefore possible to understand when the service stopped.  I would then check the event logs at this time and maybe in \windows\temp\ for log files to see if there was as update.

    Regards,

    Jak

Children
No Data
Unfiltered HTML