Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 1 subscriber
  • Views 4801 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why is the client firewall appearing when no policy is set?

emps

Hi all.

We have a problem with some machines deciding to enable/install the client firewall and stopping all traffic. 

We do not have a firewall policy set and it isn't installed when it is pushed out with the AD Sync or when installed manually.

The client AV version is 9.7.5 and it is being managed by a 4.7 Console. These are XP SP3 machines.

The default firewall policy has not been enabled/configured/set up.

How can I work out why this is happening? It doesn't always do it straight away and other computers in the same group with the same policy aren't affected. 

Help!

Thanks in advance

Paul

:17363


This thread was automatically locked due to age.
  • 0

    Hello Paul,

    we have a problem with some machines deciding to enable/install the client firewall and stopping all traffic

    Is it really SCF which is installed on these machines when it happens?

    We do not have a firewall policy set

    There's always a firewall policy (by default it's the - forgive the pun - Default policy). The policy - regardless of the settings - does not cause SCF to get installed. Thus some other mechanism must be responsible for this. Again - it is not the policy. If it's not synchronization then a GPO could do it. You say you don't use SCF at all?

    Christian

    :17365
  • 0

    Yes, definately the SCF. 

    I have "same as policy" Version 2.7.0 and Firewall Enabled = Yes in the console when looking at these machines.

    There isn't a GPO set that would install, it is all done through the sync and in rare cases it will be installed manually on the machine in question by pointing it to the CID and giving it the updating account credentials. 

    We don't use the SCF, when opening up the default Firewall Policy it just asks to go through the first installation settings. It is affecting two different groups/containers. 

    The mode is "block by default" for some reason - very annoying as we cannot remotely manage the machine to remove it. So far we have about 8 machines out of 275 with this problem. 

    :17367
  • 0

    The mode is "block by default" for some reason - very annoying as we cannot remotely manage the machine to remove it

    This is indeed the default mode - but SCF has an inbuilt set of rules which should allow downloads an communication with the management server. While you normally can't access the machines by other means in this situation, you should be able to turn off SCF by modifying the policy (using Advanced...).

    To install SCF automatically when syncing is done you have to tick the appropriate box (you should check this setting). When installing using the GUI likewise and when installing with the command line a switch is needed. Apart from that it is possible to request the SCF addition for an existing install by setting certain registry keys/values - but this is unlikely the reason.

    Anyway, the logs (from %Windows%\Temp\ and %ProgramFiles%\Sophos\AutoUpdate\Logs\ should give an insight what happened an when).

    Christian

    :17371
  • 0

    Thank you. 

    I am really hesitant when it comes to setting a default policy - will this only distribute the policy to machines where the SCF has appeared? I need to be able to find a way to get on to these machines and remove the SCF module. Would it be worth creating a brand new policy and applying it to the affected groups and then remove it from add/remove programs rather than setting a default policy? 

    The firewall option isn't ticked but the remove third party AV is. 

    If installing manually we would run setup from the \sophosupdate\CIDs directory, we wouldn't use command line or switches in this case.

    :17375
  • 0

    As I said, the policy doesn't trigger an install. Also if the policy is "disable" it shouldn't have an adverse side effect at all.

    It does no harm though to create a new policy and apply it only to the affected groups. But before removing SCF you should try to find the cause for it "appearing".

    Christian

    :17377
  • 0

    Managed to apply a policy to allow all connections and now I can get on to the machines.

    Is there anything in particular in the alc.log or ALUpdate log file I can look for to see what happened?

    Thanks

    Paul

    :17381
  • 0

    Hello Paul,

    in the alc.log (for which you should use the viewer) check the time it mentions the download (i.e. did it suddenly download this additional package). This should correlate with the timestamp of the firewall install log from the \TEMP directory. The corresponding indicator in the ALUpdate logs is the first occurence of Considering product {4DB41E90-DC56-41DC-B91E-9B8E537489A8} . All this still probably won't tell you why - but it's a start. Look for "other" logs with similar timestamp - these might tell you if it was a complete Sophos install.

    Christian

    :17385
  • 0

    Thanks Christian,

    I can see it in the log file - does this make any sense?

    Trace(2011-Oct-03 09:22:34): Product subscription is disabled: iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} action value is:0
Trace(2011-Oct-03 09:22:34): Product iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} has not been added.
Trace(2011-Oct-03 09:22:34): Product iProductData.{3B758ED7-87C1-4e89-BDE1-F49DFF1249F6} has not been added.
Trace(2011-Oct-03 09:22:34): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} has been added.
Trace(2011-Oct-03 09:22:34): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is  available from Sophos.
Trace(2011-Oct-03 09:22:34): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is  the Spam Rules package.
Trace(2011-Oct-03 09:22:34): ConfigurationImpl, considering PMSR 2.6: PureMessage not installed, PMSR package will not be updated without a subscription
Trace(2011-Oct-03 09:22:34): Considering subscribed products.
Trace(2011-Oct-03 09:22:34): Considering product {4DB41E90-DC56-41DC-B91E-9B8E537489A8}
Trace(2011-Oct-03 09:22:34): Product {4DB41E90-DC56-41DC-B91E-9B8E537489A8} is not already subscribed.
Trace(2011-Oct-03 09:22:34): Product {4DB41E90-DC56-41DC-B91E-9B8E537489A8} was added to the list.
Trace(2011-Oct-03 09:22:34): Considering product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8}
Trace(2011-Oct-03 09:22:34): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} is not already subscribed.
Trace(2011-Oct-03 09:22:34): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} was added to the list.
Trace(2011-Oct-03 09:22:34): IPCBase::IPCBase: Initialising shared memory A32951C539924a12B3C8F2FDA5A268E4
Trace(2011-Oct-03 09:22:34): RMSMessageHandler: ALUpdateStart
Trace(2011-Oct-03 09:22:34): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
Trace(2011-Oct-03 09:22:34): ALUpdate(AutoUpdate.Started): 
Trace(2011-Oct-03 09:22:34): UpdateCoordinator::UpdateNow: Entering
Trace(2011-Oct-03 09:22:34): PopulateCache: Entering
    :17389
  • 0

    Looks like it decided it fancied a full install?

    Trace(2011-Oct-03 09:24:40): CIDUpdateLocation::SyncProduct - Product Checksum: d885a3d962887251ea59ff057fc22838
Trace(2011-Oct-03 09:24:40): CIDUpdate(PrimarySuccess): 
Trace(2011-Oct-03 09:24:40): UpdateLocationFacade::SyncProduct: Last Update Mechanism = CID
Trace(2011-Oct-03 09:24:40): CIDUpdateLocation::SyncProduct - Updating Product: Sophos Client Firewall
Trace(2011-Oct-03 09:24:40): CIDUpdate(SyncProduct.Start): Sophos Client Firewall, \\EMEAMGT1\SophosUpdate\CIDs\S000\SAVSCFXPTrace(2011-Oct-03 09:24:40): CIDUpdateLocation::Sync - Updating from local CID: \\EMEAMGT1\SophosUpdate\CIDs\S000\SAVSCFXP\scf
Trace(2011-Oct-03 09:24:40): CIDSync(CidSyncMessage): 
Trace(2011-Oct-03 09:24:41): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\DriverHelper_x64.exe
Trace(2011-Oct-03 09:24:41): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_data_ja.dll
Trace(2011-Oct-03 09:24:41): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_ctrls_zh_CN.dll
Trace(2011-Oct-03 09:24:41): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\op_log.dll
Trace(2011-Oct-03 09:24:42): CIDSync(CidSyncMessage): Common Files Folder\Sophos\Sophos Client Firewall\ScfRes_SCFCfg_zh_cn.dll
Trace(2011-Oct-03 09:24:42): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_ctrls_es.dll
Trace(2011-Oct-03 09:24:42): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\OpenSSL_License.txt
Trace(2011-Oct-03 09:24:42): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_data_zh_CN.dll
Trace(2011-Oct-03 09:24:42): CIDSync(CidSyncMessage): Common Files Folder\Sophos\Sophos Client Firewall\scfcfg.dll
Trace(2011-Oct-03 09:24:43): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_SCFTray_es.dll
Trace(2011-Oct-03 09:24:43): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_SCFTray_it.dll
Trace(2011-Oct-03 09:24:43): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFService.exe
Trace(2011-Oct-03 09:24:43): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\FirewallPlugin.dll
Trace(2011-Oct-03 09:24:43): CIDSync(CidSyncMessage): Windows\winsxs\b2rg91xw.1p4\msvcp80.dll
Trace(2011-Oct-03 09:24:44): CIDSync(CidSyncMessage): Windows\winsxs\92rg91xw.1p4\msvcp80.dll
Trace(2011-Oct-03 09:24:44): CIDSync(CidSyncMessage): Windows\system32\msvcp80.dll
Trace(2011-Oct-03 09:24:44): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_SCFTray_zh_CN.dll
Trace(2011-Oct-03 09:24:44): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_data_en.dll
Trace(2011-Oct-03 09:24:44): CIDSync(CidSyncMessage): 0x0404.ini
Trace(2011-Oct-03 09:24:44): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\ScfRes_op_data_zh_TW.dll
Trace(2011-Oct-03 09:24:44): CIDSync(CidSyncMessage): w2k_i386\scfndis.cat
Trace(2011-Oct-03 09:24:44): CIDSync(CidSyncMessage): wlh_amd64\scfdriver.sys
Trace(2011-Oct-03 09:24:45): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\ConfigurationManager.dll
Trace(2011-Oct-03 09:24:45): CIDSync(CidSyncMessage): wnet_amd64\scfdriver.sys
Trace(2011-Oct-03 09:24:45): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_viewer_it.dll
Trace(2011-Oct-03 09:24:45): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\op_viewer.exe
Trace(2011-Oct-03 09:24:45): CIDSync(CidSyncMessage): Windows\winsxs\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989.manifest
Trace(2011-Oct-03 09:24:45): CIDSync(CidSyncMessage): Windows\winsxs\b2rg91xw.1p4\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989.manifest
Trace(2011-Oct-03 09:24:45): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_LOGO_RC_zh_TW.dll
Trace(2011-Oct-03 09:24:46): CIDSync(CidSyncMessage): wnet_amd64\scfndis.cat
Trace(2011-Oct-03 09:24:46): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\DriverHelper_Win32.exe
Trace(2011-Oct-03 09:24:46): CIDSync(CidSyncMessage): wxp_i386\scfndis.sys
Trace(2011-Oct-03 09:24:46): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_SCFTray_ja.dll
Trace(2011-Oct-03 09:24:46): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_data_es.dll
Trace(2011-Oct-03 09:24:46): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_LOGO_RC_es.dll
Trace(2011-Oct-03 09:24:47): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\ps_rootca.crt
Trace(2011-Oct-03 09:24:47): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_SCFTray_fr.dll
Trace(2011-Oct-03 09:24:47): CIDSync(CidSyncMessage): Common Files Folder\Sophos\Sophos Client Firewall\ScfRes_SCFCfg_fr.dll
Trace(2011-Oct-03 09:24:47): CIDSync(CidSyncMessage): 0x0409.ini
Trace(2011-Oct-03 09:24:47): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_ctrls_it.dll
Trace(2011-Oct-03 09:24:47): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\scf.dat
Trace(2011-Oct-03 09:24:47): CIDSync(CidSyncMessage): wxp_i386\scfndisProtocol.inf
Trace(2011-Oct-03 09:24:47): CIDSync(CidSyncMessage): wnet_amd64\scfndisProtocol.inf
Trace(2011-Oct-03 09:24:47): CIDSync(CidSyncMessage): w2k_i386\scfndisProtocol.inf
Trace(2011-Oct-03 09:24:47): CIDSync(CidSyncMessage): w2k_i386\scfdriver.sys
Trace(2011-Oct-03 09:24:48): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_SCFTray_zh_TW.dll
Trace(2011-Oct-03 09:24:48): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_ctrls_zh_TW.dll
Trace(2011-Oct-03 09:24:48): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFAdapter.dll
Trace(2011-Oct-03 09:24:48): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_viewer_en.dll
Trace(2011-Oct-03 09:24:48): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\FirewallConfiguration.dll
Trace(2011-Oct-03 09:24:49): CIDSync(CidSyncMessage): Common Files Folder\Sophos\Sophos Client Firewall\ScfRes_SCFCfg_zh_tw.dll
Trace(2011-Oct-03 09:24:49): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_log_de.dll
Trace(2011-Oct-03 09:24:49): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_LOGO_RC_en.dll
Trace(2011-Oct-03 09:24:49): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_SCFTray_en.dll
Trace(2011-Oct-03 09:24:49): CIDSync(CidSyncMessage): wlh_amd64\scfndis.cat
Trace(2011-Oct-03 09:24:49): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_LOGO_RC_it.dll
Trace(2011-Oct-03 09:24:49): CIDSync(CidSyncMessage): wlh_amd64\scfndis.inf
Trace(2011-Oct-03 09:24:49): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_LOGO_RC_zh_CN.dll
Trace(2011-Oct-03 09:24:49): CIDSync(CidSyncMessage): 0x0804.ini
Trace(2011-Oct-03 09:24:49): CIDSync(CidSyncMessage): CommonAppData\Sophos\Sophos Client Firewall\Configuration.conf
Trace(2011-Oct-03 09:24:49): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\logo_rc.dll
Trace(2011-Oct-03 09:24:50): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\libeay32.dll
Trace(2011-Oct-03 09:24:51): CIDSync(CidSyncMessage): Sophos Client Firewall.msi
Trace(2011-Oct-03 09:24:52): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_log_zh_TW.dll
Trace(2011-Oct-03 09:24:52): CIDSync(CidSyncMessage): 0x0410.ini
Trace(2011-Oct-03 09:24:52): CIDSync(CidSyncMessage): Common Files Folder\Sophos\Sophos Client Firewall\ScfRes_SCFCfg_en.dll
Trace(2011-Oct-03 09:24:52): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\op_data.dll
Trace(2011-Oct-03 09:24:52): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_ctrls_fr.dll
Trace(2011-Oct-03 09:24:52): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_log_fr.dll
Trace(2011-Oct-03 09:24:52): CIDSync(CidSyncMessage): wnet_amd64\scfndis.sys
Trace(2011-Oct-03 09:24:53): CIDSync(CidSyncMessage): Common Files Folder\Sophos\Sophos Client Firewall\ScfRes_SCFCfg_it.dll
Trace(2011-Oct-03 09:24:53): CIDSync(CidSyncMessage): wlh_i386\scfdriver.sys
Trace(2011-Oct-03 09:24:53): CIDSync(CidSyncMessage): Setup.ini
Trace(2011-Oct-03 09:24:53): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\ps.crl
Trace(2011-Oct-03 09:24:53): CIDSync(CidSyncMessage): Common Files Folder\Sophos\Sophos Client Firewall\standalone.conf
Trace(2011-Oct-03 09:24:53): CIDSync(CidSyncMessage): w2k_i386\scfndis.sys
Trace(2011-Oct-03 09:24:54): CIDSync(CidSyncMessage): Common Files Folder\Sophos\Sophos Client Firewall\Default.conf
Trace(2011-Oct-03 09:24:54): CIDSync(CidSyncMessage): 0x040a.ini
Trace(2011-Oct-03 09:24:54): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\network.dll
Trace(2011-Oct-03 09:24:54): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_data_fr.dll
Trace(2011-Oct-03 09:24:54): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SecurityManager.dll
Trace(2011-Oct-03 09:24:54): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_viewer_ja.dll
Trace(2011-Oct-03 09:24:54): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_viewer_zh_TW.dll
Trace(2011-Oct-03 09:24:54): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_viewer_zh_CN.dll
Trace(2011-Oct-03 09:24:54): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFManager.exe
Trace(2011-Oct-03 09:24:54): CIDSync(CidSyncMessage): Windows\winsxs\vxgs54we.kj4\8.0.50727.4053.policy
Trace(2011-Oct-03 09:24:54): CIDSync(CidSyncMessage): Windows\winsxs\Policies\uxgs54we.kj4\8.0.50727.4053.policy
Trace(2011-Oct-03 09:24:54): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_LOGO_RC_ja.dll
Trace(2011-Oct-03 09:24:54): CIDSync(CidSyncMessage): Common Files Folder\Sophos\Sophos Client Firewall\ScfRes_SCFCfg_de.dll
Trace(2011-Oct-03 09:24:55): CIDSync(CidSyncMessage): instmsia.exe
Trace(2011-Oct-03 09:24:55): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFMessaging.dll
Trace(2011-Oct-03 09:24:55): CIDSync(CidSyncMessage): Common Files Folder\Sophos\Sophos Client Firewall\ScfRes_SCFCfg_ja.dll
Trace(2011-Oct-03 09:24:55): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\op_log.ini
Trace(2011-Oct-03 09:24:56): CIDSync(CidSyncMessage): 0x040c.ini
Trace(2011-Oct-03 09:24:56): CIDSync(CidSyncMessage): msxml.msi
Trace(2011-Oct-03 09:24:56): CIDSync(CidSyncMessage): wlh_amd64\scfndis.sys
Trace(2011-Oct-03 09:24:57): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_log_es.dll
Trace(2011-Oct-03 09:24:57): CIDSync(CidSyncMessage): Common Files Folder\Sophos\Sophos Client Firewall\scfhandler.dll
Trace(2011-Oct-03 09:24:57): CIDSync(CidSyncMessage): 0x0411.ini
Trace(2011-Oct-03 09:24:57): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\FirewallMessaging.dll
Trace(2011-Oct-03 09:24:57): CIDSync(CidSyncMessage): Windows\winsxs\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989.cat
Trace(2011-Oct-03 09:24:57): CIDSync(CidSyncMessage): Windows\winsxs\b2rg91xw.1p4\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989.cat
Trace(2011-Oct-03 09:24:57): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_viewer_de.dll
Trace(2011-Oct-03 09:24:57): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_log_ja.dll
Trace(2011-Oct-03 09:24:57): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\engine.dll
Trace(2011-Oct-03 09:24:58): CIDSync(CidSyncMessage): wlh_i386\scfndis.cat
Trace(2011-Oct-03 09:24:58): CIDSync(CidSyncMessage): Windows\winsxs\b2rg91xw.1p4\msvcm80.dll
Trace(2011-Oct-03 09:24:58): CIDSync(CidSyncMessage): Windows\winsxs\92rg91xw.1p4\msvcm80.dll
Trace(2011-Oct-03 09:24:58): CIDSync(CidSyncMessage): Windows\system32\msvcm80.dll
Trace(2011-Oct-03 09:24:58): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\FirewallNAIPlugin.dll
Trace(2011-Oct-03 09:24:58): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_ctrls_en.dll
Trace(2011-Oct-03 09:24:58): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_data_it.dll
Trace(2011-Oct-03 09:24:58): CIDSync(CidSyncMessage): Common Files Folder\Sophos\Sophos Client Firewall\ScfRes_SCFCfg_es.dll
Trace(2011-Oct-03 09:24:59): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\learning.dll
Trace(2011-Oct-03 09:24:59): CIDSync(CidSyncMessage): wlh_i386\scfndis.sys
Trace(2011-Oct-03 09:24:59): CIDSync(CidSyncMessage): instmsiw.exe
Trace(2011-Oct-03 09:25:00): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_viewer_fr.dll
Trace(2011-Oct-03 09:25:00): CIDSync(CidSyncMessage): wlh_i386\scfndis.inf
Trace(2011-Oct-03 09:25:00): CIDSync(CidSyncMessage): 0x0407.ini
Trace(2011-Oct-03 09:25:00): CIDSync(CidSyncMessage): Windows\winsxs\vxgs54we.kj4\8.0.50727.4053.cat
Trace(2011-Oct-03 09:25:00): CIDSync(CidSyncMessage): Windows\winsxs\Policies\uxgs54we.kj4\8.0.50727.4053.cat
Trace(2011-Oct-03 09:25:00): CIDSync(CidSyncMessage): wxp_i386\scfndisMiniport.inf
Trace(2011-Oct-03 09:25:00): CIDSync(CidSyncMessage): wnet_amd64\scfndisMiniport.inf
Trace(2011-Oct-03 09:25:00): CIDSync(CidSyncMessage): w2k_i386\scfndisMiniport.inf
Trace(2011-Oct-03 09:25:00): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_log_en.dll
Trace(2011-Oct-03 09:25:00): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_LOGO_RC_de.dll
Trace(2011-Oct-03 09:25:00): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_data_de.dll
Trace(2011-Oct-03 09:25:00): CIDSync(CidSyncMessage): Common Files Folder\Sophos\Sophos Client Firewall\ScfRes.dll
Trace(2011-Oct-03 09:25:01): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\op_ctrls.dll
Trace(2011-Oct-03 09:25:01): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_SCFTray_de.dll
Trace(2011-Oct-03 09:25:01): CIDSync(CidSyncMessage): manifest.dat
Trace(2011-Oct-03 09:25:01): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SystemProxies.dll
Trace(2011-Oct-03 09:25:01): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\presets.ini
Trace(2011-Oct-03 09:25:02): CIDSync(CidSyncMessage): wxp_i386\scfndis.cat
Trace(2011-Oct-03 09:25:02): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_log_it.dll
Trace(2011-Oct-03 09:25:02): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_log_zh_CN.dll
Trace(2011-Oct-03 09:25:02): CIDSync(CidSyncMessage): setup.dll
Trace(2011-Oct-03 09:25:02): CIDSync(CidSyncMessage): Common Files Folder\Sophos\Sophos Client Firewall\presets.conf
Trace(2011-Oct-03 09:25:02): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_ctrls_de.dll
Trace(2011-Oct-03 09:25:02): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_viewer_es.dll
Trace(2011-Oct-03 09:25:02): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_op_ctrls_ja.dll
Trace(2011-Oct-03 09:25:02): CIDSync(CidSyncMessage): Windows\winsxs\b2rg91xw.1p4\msvcr80.dll
Trace(2011-Oct-03 09:25:03): CIDSync(CidSyncMessage): Windows\winsxs\92rg91xw.1p4\msvcr80.dll
Trace(2011-Oct-03 09:25:03): CIDSync(CidSyncMessage): Windows\system32\msvcr80.dll
Trace(2011-Oct-03 09:25:03): CIDSync(CidSyncMessage): program files\Sophos\Sophos Client Firewall\SCFRes_LOGO_RC_fr.dll
Trace(2011-Oct-03 09:25:03): CIDSyncCallback, SynchronisationTerminated - Code = 0
Trace(2011-Oct-03 09:25:03): CIDSyncCallback, SynchronisationTerminated - MapFile = C:\Program Files\Sophos\AutoUpdate\cache\scf.map
Trace(2011-Oct-03 09:25:03): CIDUpdateLocation::SyncProduct - Product Checksum: 617aba3ff8736f33576782472f3a75c7
Trace(2011-Oct-03 09:25:03): CIDUpdate(PrimarySuccess): 
Trace(2011-Oct-03 09:25:04): UpdateLocationFacade::SyncProduct: Last Update Mechanism = CID
Trace(2011-Oct-03 09:25:04): CIDUpdateLocation::SyncProduct - Updating Product: Sophos AutoUpdate
    :17391
  • 0

    Hello Paul,

    was this out of the blue? Or how long after the initial install? Guess Support would be interested in the logs collected with SDU of a client (ideally shortly after it "happened") and the server as well. That are all ideas I have for today.

    Christian

    :17393