Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +4 person also asked this people also asked this
  • Locked Locked
  • Replies 17 replies
  • Answers 2 answers
  • Subscribers 14 subscribers
  • Views 49444 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"Not started: Sophos System Protection Service" on Exchange servers

phl

I'm going through some "One or more Sophos services are not running" alerts for our customers and the last five have been the same service (Sophos System Protection Service) on mail servers.  I can start the service successfully, but it stops again several seconds later.  Any idea what I can do to resolve this?  Rebooting is kind of tough because these are production mail servers. Also, was there a software update that happened last night that would have caused this?



This thread was automatically locked due to age.
Parents
  • 0

    Does the log file offer any insight?

    It is under \programdata\

    Thing is a new version is just being rolled out and the log location for this has just changed.

    If it's the old, there will be a Sophos System Protection sub folder and then logs.  If it's the new version it will be under Endpoint Defense and then logs.

    Regards,

    Jak

  • 0 in reply to jak

    For what it's worth, I'm seeing this in C:\ProgramData\Sophos\Endpoint Defense\Logs\sdr.log

    2018-07-07T18:56:58.738Z SDR Init Info Service Starting...
    2018-07-07T18:56:58.738Z SDR Init Info Version: 1.3.0.0 0000000
    2018-07-07T18:56:58.738Z SDR Init Info SysInfo: EXCH2013 PID 14880
    2018-07-07T18:56:58.738Z SDR Init Info 64Bit Kernel: 1
    2018-07-07T18:56:58.738Z SDR Init Info Dirname: C:\Program Files\Sophos\Endpoint Defense\
    2018-07-07T18:56:58.738Z SDR Init Info Basename: SSPService
    2018-07-07T18:56:58.801Z SDR Init Info AgentManager successfully started.
    2018-07-07T18:56:58.817Z SDR Init Info ApplicationManager successfully started.
    2018-07-07T18:57:03.817Z SDR Comms Error Unable to open async communications port - error 0x80070002
    2018-07-07T18:57:08.817Z SDR Comms Error Unable to open async communications port - error 0x80070002
    2018-07-07T18:57:13.817Z SDR Comms Error Unable to open async communications port - error 0x80070002
    2018-07-07T18:57:18.817Z SDR Comms Error Unable to open async communications port - error 0x80070002
    2018-07-07T18:57:23.817Z SDR Comms Error Unable to open async communications port - error 0x80070002
    2018-07-07T18:57:28.817Z SDR Comms Error Unable to open async communications port - error 0x80070002
    2018-07-07T18:57:33.817Z SDR Comms Error Unable to open async communications port - error 0x80070002
    2018-07-07T19:01:12.869Z SDR Init Notice Registry DebugFacilities 0xffffffff DebugLevel 2

    Those lines keep repeating over and over again, and the Sophos System Protection Service keeps starting and stopping.  I think I'm going to have to reboot eventually.  How imperative is it that this service be running, in terms of anti-virus protection?  Like I said I'm seeing this same issue on a number of servers, mostly servers running Microsoft Exchange (though that could be completely coincidental).

  • 0 in reply to phl

    Do you have these: log file you could share:

    C:\ProgramData\Sophos\Endpoint Defense\Logs\SSP.log
    C:\ProgramData\Sophos\Endpoint Defense\Logs\sed.log

    You could set the log level of SSP to 3 as per:

    https://community.sophos.com/kb/en-us/121631

    Regards,
    Jak

Reply Children
Unfiltered HTML