Is any one else seing this alert - Shh/Updater-B False positives

---

Jeff1527 wrote:

It does not do anything.  does not recreate the warehouse folder.

012-09-20 13:09:50 : Cmd-ALL << [I1018][DispatcherSupplements-2012-09-20T18-09-50-3][1] Started dispatcher with ID 'DispatcherSupplements-2012-09-20T18-09-50-3'. It will run 1 events.
2012-09-20 13:09:50 : Cmd-ALL << [I1021][ActionSyncSupplements][DispatcherSupplements-2012-09-20T18-09-50-3] Action 'ActionSyncSupplements' with caller 'DispatcherSupplements-2012-09-20T18-09-50-3' started...
2012-09-20 13:09:50 : Sync failure: Couldn't create catalogue sdds.local.xml

---

Very strange. This error is back to what I'd expect a repair of SUM would fix. I can only assume we're overlooking something somewhere, but I can't think of what or how to identify it through the forum. I'm sorry I wasn't able to help more. Unfortunately I think your best bet is to try your luck getting through to Support.

Azurus - Your batch file worked GREAT for all the machines running Windows XP. But on Windows 7 machines, it fails with ALMon.exe causing "error loading external resources (0x8007007e)" Any thoughts?

Sorry if I missed it some place in the thread but once you get the Sophos Fup fixed how are we to get the quarantined files released back to the appropriate applications directory? 

---

DTD646 wrote:

Nathan,

My update server is running but I am having some problems reinstalling to some workstations.  I followed the instructions from the KB article 118311 for cleints that were set to "delete" and it did work on a few but I am getting this error on a few cleints when I try to project the workstation:

Verification of update files failed. The files did not match the manifest.

Can seem to reinstall on these cleints because of this.  Anyone else seeing this error?

---

From your description, it sounds like a checksum issue in the update location. Try running another Update Now on the Sophos Update Manager to see if it will fix the files in the update location.

---

PacCrest wrote:

Sorry if I missed it some place in the thread but once you get the Sophos Fup fixed how are we to get the quarantined files released back to the appropriate applications directory? 

---

Hi,

The advisory KB has information that will help you with this. Please take a look there first if you haven't already.

http://www.sophos.com/en-us/support/knowledgebase/118311.aspx

---

dspigelman wrote:

Azurus - Your batch file worked GREAT for all the machines running Windows XP. But on Windows 7 machines, it fails with ALMon.exe causing "error loading external resources (0x8007007e)" Any thoughts?

---

Did you check the staging server to make sure ALMon.exe exists where it should and isn't quarantined itself? It sounds like it could be a missing .dll dependency somewhere. I would make sure to copy a good working directory to the staging server as well. Did you also make sure On-access is configured with the correct exceptions or temporarily turned off?  I would also check all permissions and paths. If it works on XP but not on Win7, I would think it's a path or permission issue, since it works for me on both XP and Win 7 machines, both 32-bit and 64-bit.

---

Jeff1527 wrote:

This is really starting to blooooooooooooooooooooooow...

Not one response via email since I replied to my open case from yesterday this morning at 8am.

Waited on hold for 60 mins before getting disconnected.

Have 2 support numbers and both give a busy.

Maybe Sophos could route their phones to Trend-Micro's call center... :smileytongue:

---

Hi Jeff, can you send me the case number for that email case you replied to please?

I have a couple of questions about the Advisory 118311

2. Windows Exclusions
C:\Documents and Settings\All Users\Application Data\Sophos\
C:\Program Files\Sophos\
C:\Program Files (x86)\Sophos\
C:\ProgramData\Sophos\
Exclude Remote Files

Why should we exclude remote files? Isn't a "remote file" any file on a UNC path? Would that block scanning of anything that's not a drive letter - such as DFS shares accessed through the UNC??

3. Enable Live Protection within the 'Sophos Live Protection' option

Why? I haven't had this enabled before, why do I need to do it now?

Since this is the first time I have even looked at Sophos, where can I find a quick tutorial on using the Sophos Enterprise Console and saving the entire network from destroying itself....Google doesn't seem to have a link to it.....

Seriously, I have looked at the 118311 article, but don't know how to even begin......for example, I don't even know how to: Check the Anti-virus & Hips policy assigned to the Sophos Update Manager server.......

Is there a tutorial on the setup and configuration of Sophos Enterprise that I might be able to get through quickly...

Sorry for the newbie questions, but it sucks being a newbie and the only one here to answer the phone (the freakin' LED burned out on my first line...LOL)

Sorry if this has been posted before:

I have written a batch file that:

1.  Stops the Sophos Anti-Virus service

2.  Deletes quarantine.xml

3.  Starts the Sophos Anti-Virus service

The problem I am having is that my Sophos Enterprise Console does not update to reflect that a particular host no longer has Virus/Spyware detected.  It does update when I manually open Sophos Endpoint Security and Control and clear the file from Quarantine manager.

Thanks in advance.