Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +4 person also asked this people also asked this
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 16 subscribers
  • Views 22888 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Some sophos services not running after update

lara20

I need some help in tackling this issue with Sophos cloud endpoint protection. Whenever there is a component update with sophos, i can see atleast 5 -10 pc's in the cloud portal missing (not running) some services. Some services include Sophos System Protection Service, Sophos Web Control Service. What is the easiest way to get round this issue. Does sophos expect the sysadmin to go to the pc everytime whenever this occurs and take logs and send it to the tech team for resolution. I have tried remotely connecting to the pc and restarting the services but this doesnt seem to work always. Can someone throw some light on this so it makes life easy for people maintaining endpoints. 



This thread was automatically locked due to age.
Parents
  • 0

    This information would be very useful! I have many PC's that stop running a serive after updates, I have not noticed a trend, and the only way to get it back is a reinstall. There has to be something we can do!

  • 0 in reply to skouki

    What are the services that aren't running? 

    Presumably they are present when you run services.msc but not started?

    From there we know which install logs to check as we'll know what component is having the issue.

  • 0 in reply to jak

    They were installed and working, but shows up like this in our dashboard. 

    The two that seem to keep reappearing are

    •  Sophos System Protection Service
    •  Sophos Device Encryption Service

  • 0 in reply to skouki

    OK, When you look at the client's services in services.msc, is the service is present and starts fine?

    You can actually tell from Sophos Central if the service is missing or just stopped.  From the developer tools of the browser - F12.  If you filter to XHR requests and maybe add a filter for requests that contain:

    get_health_status=true

    With this setup, when you're on the device page that shows the services, refresh the page and you can see the API result for the computer details. 

    In the "Preview" tab you can expand the services status:



    Where:
    2 = the service is missing
    1 = the service is stopped
    0 = the service is started

    On the client, the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\[WOW6432Node]\Sophos\Health\Status has the same values as this is the state the Health service, Health.exe last recorded for the services.

    The log file of the SSP component is:

    C:\ProgramData\Sophos\Sophos System Protection\Logs\SSP.log

    that might be interesting to see as it has when the process started and stopped.

    I 10/10/2017 20:55:52 Process starting
    I 10/10/2017 20:55:52 Service start requested
    I 10/10/2017 20:55:52 Sophos System Protection 2.6.0.71
    I 10/10/2017 20:56:00 The service has been requested to stop
    I 10/10/2017 20:56:00 Process stopping
    I 10/10/2017 20:56:00 Sophos System Protection is shutting down (0)
    I 10/10/2017 20:56:00 The Sophos System Protection service has stopped

    When did it last stop?  What did that co-incide with?  Maybe an update to the component? The log file of the install for this component would be:

    \windows\temp\SophosSystemProtectionSetup_[timestamp]log

    Regards,

    Jak

  • 0 in reply to jak

    The services are there and they have just stopped. I am able to go in our console and manually start the service again. I make sure to set it back to automatic, but it would be nice to see why these services are stopping to prevent it happening in the future. Here are the logs I was able to grab from one of the machines that was having this issue. 

     

    I 21/08/2017 14:56:35 Process starting
    I 21/08/2017 14:56:35 Service start requested
    I 21/08/2017 14:56:35 Sophos System Protection 2.6.0.71
    I 21/08/2017 14:56:35 HST: Database not found, creating
    I 21/08/2017 14:56:37 HST: Created database
    I 21/08/2017 14:58:16 The service has been requested to stop
    I 21/08/2017 14:58:16 Process stopping
    I 21/08/2017 14:58:16 Sophos System Protection is shutting down (0)
    I 21/08/2017 14:58:16 The Sophos System Protection service has stopped
    I 21/08/2017 14:58:16 Process starting
    I 21/08/2017 14:58:16 Service start requested
    I 21/08/2017 14:58:16 Sophos System Protection 2.6.0.71
    I 21/08/2017 15:00:47 The service has been requested to stop
    I 21/08/2017 15:00:47 Process stopping
    I 21/08/2017 15:00:47 Sophos System Protection is shutting down (0)
    I 21/08/2017 15:00:47 The Sophos System Protection service has stopped
    I 21/08/2017 15:00:47 Process starting
    I 21/08/2017 15:00:47 Service start requested
    I 21/08/2017 15:00:47 Sophos System Protection 2.6.0.71
    I 21/08/2017 15:00:53 The service has been requested to stop
    I 21/08/2017 15:00:53 Process stopping
    I 21/08/2017 15:00:53 Sophos System Protection is shutting down (0)
    I 21/08/2017 15:00:53 The Sophos System Protection service has stopped
    I 21/08/2017 15:00:53 Process starting
    I 21/08/2017 15:00:53 Service start requested
    I 21/08/2017 15:00:53 Sophos System Protection 2.6.0.71
    I 15/09/2017 07:48:36 Process starting
    I 15/09/2017 07:48:36 Service start requested
    I 15/09/2017 07:48:38 Sophos System Protection 2.6.0.71
    I 15/09/2017 08:03:09 Process starting
    I 15/09/2017 08:03:09 Service start requested
    I 15/09/2017 08:03:11 Sophos System Protection 2.6.0.71
    I 15/09/2017 17:51:15 Process starting
    I 15/09/2017 17:51:15 Service start requested
    I 15/09/2017 17:51:19 Sophos System Protection 2.6.0.71
    I 05/10/2017 08:03:19 Process starting
    I 05/10/2017 08:03:19 Service start requested
    I 05/10/2017 08:03:23 Sophos System Protection 2.6.0.71

Reply
  • 0 in reply to jak

    The services are there and they have just stopped. I am able to go in our console and manually start the service again. I make sure to set it back to automatic, but it would be nice to see why these services are stopping to prevent it happening in the future. Here are the logs I was able to grab from one of the machines that was having this issue. 

     

    I 21/08/2017 14:56:35 Process starting
    I 21/08/2017 14:56:35 Service start requested
    I 21/08/2017 14:56:35 Sophos System Protection 2.6.0.71
    I 21/08/2017 14:56:35 HST: Database not found, creating
    I 21/08/2017 14:56:37 HST: Created database
    I 21/08/2017 14:58:16 The service has been requested to stop
    I 21/08/2017 14:58:16 Process stopping
    I 21/08/2017 14:58:16 Sophos System Protection is shutting down (0)
    I 21/08/2017 14:58:16 The Sophos System Protection service has stopped
    I 21/08/2017 14:58:16 Process starting
    I 21/08/2017 14:58:16 Service start requested
    I 21/08/2017 14:58:16 Sophos System Protection 2.6.0.71
    I 21/08/2017 15:00:47 The service has been requested to stop
    I 21/08/2017 15:00:47 Process stopping
    I 21/08/2017 15:00:47 Sophos System Protection is shutting down (0)
    I 21/08/2017 15:00:47 The Sophos System Protection service has stopped
    I 21/08/2017 15:00:47 Process starting
    I 21/08/2017 15:00:47 Service start requested
    I 21/08/2017 15:00:47 Sophos System Protection 2.6.0.71
    I 21/08/2017 15:00:53 The service has been requested to stop
    I 21/08/2017 15:00:53 Process stopping
    I 21/08/2017 15:00:53 Sophos System Protection is shutting down (0)
    I 21/08/2017 15:00:53 The Sophos System Protection service has stopped
    I 21/08/2017 15:00:53 Process starting
    I 21/08/2017 15:00:53 Service start requested
    I 21/08/2017 15:00:53 Sophos System Protection 2.6.0.71
    I 15/09/2017 07:48:36 Process starting
    I 15/09/2017 07:48:36 Service start requested
    I 15/09/2017 07:48:38 Sophos System Protection 2.6.0.71
    I 15/09/2017 08:03:09 Process starting
    I 15/09/2017 08:03:09 Service start requested
    I 15/09/2017 08:03:11 Sophos System Protection 2.6.0.71
    I 15/09/2017 17:51:15 Process starting
    I 15/09/2017 17:51:15 Service start requested
    I 15/09/2017 17:51:19 Sophos System Protection 2.6.0.71
    I 05/10/2017 08:03:19 Process starting
    I 05/10/2017 08:03:19 Service start requested
    I 05/10/2017 08:03:23 Sophos System Protection 2.6.0.71

Children
No Data
Unfiltered HTML