Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 2179 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"Problem IDE is present" from script, but it seems to be fixed?

AxL

Hello, we had the seting that seems to have been the most problematic ("delete"), but I think recovery is near.  I have (I believe/hope) followed the steps correctly...

live protection is enabled

exclusions entered

now set to deny rather than delete

waited 10-15 mins

saw that javab-jd.ide was present, generated a list of affected endpoints

repaired update managers (repair option did not work, had to dload the installer), and ran 'update now'

now the part I get unsure about is here;

javab-jd.ide is still there, with a timestamp of 9/19/2012 5:20pm.  I downloaded FixUpdate.vbs and ran it on two affected endpoints, which has the worrisome lines at the beginning;

Problem IDE is present.

IDE that fixes issue is NOT present.

Update did not receive newer IDEs.

BUT, everything fro mthere appears to go smoothly, it stops the SAV, deletes Quarantine.xml, and so on, and the end result is a nice shiny Sophos shield in the systray looking quite normal.

I'm concerned about the 3 lines above though and if there's a problem with Update Managers not...updating?  I don't know, I just don't want to go around running this if it really isn't fixing the problem. 

Thanks in advance.

:32765


This thread was automatically locked due to age.
  • 0

    Hello AxL, it looks like you ran the script in an analysis mode, what parameters did you use?

    Could you confirm if you are updating from a CID, if so, are you aware if SUM has been fixed already before re-running this script? I suspect it may be that your CID has not been updated which would be why the:

    Problem IDE is present.

    IDE that fixes issue is NOT present.

    Update did not receive newer IDEs.

    Statements are there if the rest of the actions have been successful. Please do the following:

    HtH

    :32779
  • 0

    I just ran it with what the kb article suggested;

    cscript //nologo FixUpdate.vbs /fixIssues:true

    The beginning if the script did say "no CID specified, using the detected CID location", and the one it listed there was the right one.  I had already done the SUM repair/install steps in kb 118329 as well, but I did those again just now, then did "Update Now" on each SUM in the Enterprise Console just to make sure, but I still get the same output on that script.  Here's a complete one if that helps;

    H:\>cscript //nologo FixUpdate.vbs /fixIssues:true
    Version 4.4
    Fix issues enabled.
    No CID specified as a command line argument, using the detected CID location: \\WEBSERVER\SophosUpdate\CIDs\S000\SAVSCFXP\
    Problem IDE is present.
    IDE that fixes issue is NOT present.
    Update did not receive newer IDEs.
    Stopping SAV service
    Deleting Quarantine.xml file
    Deleted quarantine file C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\Config\Quarantine.xml
    Write IDE that fixes the issue
    SAU files missing from the program files directory
    Writing false positive detections list to .\2012-9-24_13-26-11_001-FalsePosAll.txt
    Writing false positive moved list to .\2012-9-24_13-26-11_002-FalsePosMoved.txt
    Writing false positive moved to restore list to .\2012-9-24_13-26-11_003-ToRestoreMoved.txt
    Writing false positive deleted list to .\2012-9-24_13-26-11_004-FalsePosDeleted.txt
    Writing false positive deleted to restore list to .\2012-9-24_13-26-11_005-ToRestoreDeleted.txt
    No other files need to be moved back
    SAU files still missing after restoring moved files
    SAV files missing from the program files or common application data directories
    RMS files missing from the program files directory
    Restoring missing SAU files from the local cache
    Repairing SAU using 'Sophos AutoUpdate.msi'
    Starting SAV service
    Triggering update of product

    Its just strange, everything looks and acts like it is fixed...I even did a fresh install on a PC from that exact CID location with no problems.  I've done 6 PCs now and they all show up as normal and up-to-date in the Enterprise dashboard, even.  There's just that one niggling thing above about the "problem ide is present".

    :32811
  • 0

    What OS are you using? try clearing the contents of your Warehouse and Working folders in 2k3:

    "C:\Documents and Settings\All Users\Application Data\Sophos\Update Manager\Working"

    "C:\Documents and Settings\All Users\Application Data\Sophos\Update Manager\Update Manager\Warehouse"

    in 2k8 it should be:

    "C:\ProgramData\Sophos\Update Manager\Working"

    "C:\ProgramData\Sophos\Update Manager\Update Manager\Warehouse"

    once this is done run an update now and then check to confirm that the Javab-JD.ide is present in the CID, once done the tool should resolve itself. Appologies for the delay in getting back to you on this.

    :32823
  • 0

    Hi there, no problem on the response time, I'm sure y'all are swamped.  I gotta sign off for the day after this msg anyways, back to it tomorrow.

    No change, unfortunately.

    We have one SUM on 2003, a few others on 2008.  I tried this out on the 2003 one, it cleared all the contents of those two directories except for "Decoded-Sub1" under "Working" (an "in use or protected" error msg).  I even tried stopping the Sophos Update Manager in Windows Servies, but still no delete success.  So back in the Console, "Update Now", then out to another affected PC and the same script results.

    As far as I can tell, the right javab-jd.ide file is there in the CID and the script is pointing to that CID, but there's still some odd disconnect somewhere.  Like I said, the PCs seem to really be fixed after doing this, even other installers that got hit are working again, e.g. Adobe Reader and Java.

    Anyways, thanks for the help so far, I'll check back in tomorrow A.M. :)

    :32839
  • 0

    Yeah I’’’’m calling it a night as well, been a rather long day, will try catch up with you tomorrow, sorry we couldn’’’’t get you sorted earlier.

    :32845