Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +5 person also asked this people also asked this
  • Locked Locked
  • Replies 30 replies
  • Answers 2 answers
  • Subscribers 24 subscribers
  • Views 120390 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Download of WindowsCloudNextGen failed from server http:∕∕dci.sophosupd.com∕update.

Paul Hutchings

We see this a fair bit for no obvious reason and no common reason i.e. mix of clients, mix of locations, internet access works.

Doesn't appear to have any practical impact other than being an annoyance in the logs.

Any ideas what's causing it please?



This thread was automatically locked due to age.
  • 0 in reply to jak

    Is this a configuration issue? It's identifying Sophos as a trojan. I guess I am just curious why this is something that we have to take care of spending an hour or two on the phone with them, or opening up our external firewall when the program itself is being identified as an issue. In the past, when Sonicwall was blocking a program by grandMA, they contacted their support and handled the issue.

    Is it wrong to expect the same level of support from Sophos?

  • 0

    I'm a new Sophos user as well. I am just in the process of switching over to end point protect and then will be swapping out our sonicwall for a sophos xg.  I just resolved this by adding the cloud av signiture ID 55394638 to the exclusion list.  In your sonicwall control panel go to =>Security services=>Gateway Anti-virus, scroll down and click on the button "Cloud AV DB exclusion settings" and add 55394638 to the list.  

  • 0 in reply to Garrett

    There is another way to resolve this.

    White-list a group of trusted Sophos Sites (domains/URLs) and add them to a SonicWALL firewall to bypass the SonicWALL Cloud AntiVirus scanning security and allow for proper installation/update of the Sophos products. Add the following list of Sophos sites as FQDN WAN objects to the SonicWALL firewall:

    *.sophos.com

    *.sophosupd.com

    *.sophosupd.net

    *.sophosxl.net

    ocsp2.globalsign.com

    crl.globalsign.com

     

  • 0 in reply to jak

    We have the same problem. I've try this and able to download "http://d1.sophosupd.com/update/537a1ca1123a7e6dc6d6127bae7df5fex000.dat" but unable to paste it to "C:\ProgramData\Sophos\AutoUpdate\data\warehouse\". Its says i need permission. Im using administrator account.

  • 0 in reply to TA ITD

    You could try using an administrative command prompt to copy the file into place.  The other possible cause is that Tamper Protection is preventing you writing to what would be a protected area. 

    Can you disable TP and try again if it is enabled?

    Maybe worth checking if Tamper Protection, i.e. Sophos Endpoint Defense component installed?

    In an admin prompt, does running:
    fltmc

    list 

    Sophos Endpoint Defense

    Regards,
    Jak

  • 0 in reply to jak

    Hello,

     

    we have the same problem.

     

    I just downloaded the "http://d1.sophosupd.com/update/537a1ca1123a7e6dc6d6127bae7df5fex000.dat" but I’m unable to copy the file in the share "C:\ProgramData\Sophos\AutoUpdate\data\warehouse\".

     

    After deactivating the temper protection, it is possible to copy the file.

     

    What can we do? We have this issues on a bunch of systems. 

     

    Firewall is a XG. 

     

    Thank you.

     

    Michael Kreymborg

  • 0 in reply to Michael Kreymborg

    Normally to fix this issue for me, I have to disable automatic updates from Global Settings > Endpoint Protection > Controlled Updates.

    If I configure to update manually, then push an update, it will succeed.

    If automatic updates are turned on, it will fail almost every time.

  • 0 in reply to Patrick Mulvehill

    I see a number of errors that seem to revolve around registry keys:

    2017-05-19T17:47:23.551Z [13340] ERROR ProductInstaller::RunUpdateCheck Endpoint is not currently updateable. Aborting endpoint update
    ...
    2017-05-19T17:47:23.552Z [13340] ERROR RegistryReporter::SetHealthEvent Could not create SOFTWARE\Sophos\AutoUpdate\UpdateStatus\HealthEvents\e6b6976e-6362-4fe0-aa04-c7b3856e7272 with error: 5
    2017-05-19T17:47:23.553Z [13340] ERROR SDDSDownloader::ReportSyncFailure Aborting update.
    ...
    2017-05-19T17:47:23.555Z [13340] ERROR RegistryVersionPersister::Save Error writing version for line ID WindowsCloudNextGen, error: 5
    2017-05-19T17:47:23.556Z [13340] ERROR RegistryVersionPersister::Save Error writing version for line ID WindowsCloudHitmanProAlert, error: 5
    2017-05-19T17:47:23.556Z [13340] ERROR RegistryVersionPersister::Save Error deleting line ID subkey WindowsCloudHitmanProAlert, error: 5
    2017-05-19T17:47:23.556Z [13340] ERROR RegistryVersionPersister::Save Error deleting line ID subkey WindowsCloudNextGen, error: 5
    ..
    2017-05-19T17:47:23.557Z [13340] WARN RegistryReporter::StoreUpdateDetails StoreUpdateDetails[SDU]: failed to delete subkey: 5
    2017-05-19T17:47:23.558Z [13340] ERROR RegistryReporter::SetUpdateStatus SetUpdateStatus: Failed to write LastUpdateTime:5
    2017-05-19T17:47:23.558Z [13340] ERROR RegistryReporter::SetUpdateStatus SetUpdateStatus: Failed to write Result:5
    2017-05-19T17:47:23.558Z [13340] ERROR RegistryReporter::SetUpdateStatus SetUpdateStatus: Failed to write FallbackInUse: 5
    2017-05-19T17:47:23.559Z [13340] ERROR RegistryReporter::SetUpdateStatus SetUpdateStatus: Failed to write FirstFailedUpdateTime: 5
    ..
    2017-05-19T17:47:24.563Z [13340] ERROR RegistryVersionPersister::Save Error writing version for line ID WindowsCloudNextGen, error: 5
    2017-05-19T17:47:24.564Z [13340] ERROR RegistryVersionPersister::Save Error writing version for line ID WindowsCloudHitmanProAlert, error: 5
    2017-05-19T17:47:24.565Z [13340] ERROR RegistryVersionPersister::Save Error deleting line ID subkey WindowsCloudHitmanProAlert, error: 5
    2017-05-19T17:47:24.565Z [13340] ERROR RegistryVersionPersister::Save Error deleting line ID subkey WindowsCloudNextGen, error: 5

    I suspect if you run Process Monitor - docs.microsoft.com/.../procmon - during an update, you might see Access Denied results for registry operations on the keys under:

    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos

    So either there are permission issues on the registry keys (although as the process is running as System it should be ok) or possibly Sophos Endpoint Defense (SED) is blocking them which would be odd.  If that is the case, you might see entries in the SED log file.  C:\ProgramData\Sophos\Endpoint Defense\Logs\sed.log.

    Regards,
    Jak

  • 0 in reply to Nick Cuddemi

    Yup....got this same error......and keeps happening time and time again. A real pain in the *sss.

     

    I have gone into "Controlled Updates". But I do not see anywhere one can PUSH the update to any clients?

    How is this accomplished?

    Only TWO options here:

    View release notes, which takes you to Sophos website.

    Manage Computers: The ONLY thing that can be done is add\remove computers.

     

    Where is the PUSH...button?? I am curious as to how this is accomplished. 

     

     

  • 0

    We had the same message for many Clients - after 4 weeks with Sophos-Support and a new supporter - we found the solution: the license had run out. - New License: everything fine :-). 

Unfiltered HTML
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?