Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 12239 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"You do not have sufficient privileges"

MDP

"You do not have sufficient privileges to run the Sophos Endpoint Security and Control main application"

Windows Security tray icon shows a white X on a red background stating that I currently have no antivirus loaded.

I can't access my Sophos Control panel, as it gives me the error in the subject line.  I can right-click on the tray icon and "Update Now" but cannot load the main program.

Taskmanager shows that SavService.exe is running, taking 120.192Megs of memory.

I checked the usergroups specified in the error message with the following command

"

>net localgroup

---------------------------------------------
*Administrators
*boinc_admins
*boinc_projects
*boinc_users
*Guests
*HelpServicesGroup
*SophosAdministrator
*SophosOnAccess
*SophosPowerUser
*SophosUser
*Users
The command completed successfully."

I was already in the group SophosAdministrator, but manually added myself to the other 3 Sophos groups (and have since rebooted my PC).

I am running WinXP home 32 bit, SP3.  Fully patched via windowsupdate.  Also running Ad-Aware (fully updated)

Before my sophos problem

Recently, I added about 3 programs to my PC.  A couple of days ago I had a BSOD-type error, which resulted in a reboot of my system.  I believe Sophos loaded properly after that point.  However, I elected to see which program had crashed my computer, which lead me to using the Windows (or Microsoft?) LiveCare through-the-web scanner.  Unfamiliar with the interface, I must have told it to make all recommended changes to my system - I do not know if this resulted in the removal of any Sophos-critical files.  In any case, at this time I also ran windowsupdate (which I ran about a week to 10 days prior), which had about 20 high priority updates available for me to download.  I installed these.  Upon the next reboot of the system sophos isn't working

Since my problem began

I added my username to other Sophos groups

I've downloaded and have run VundoFix (I had read that Vundo can knock out Sophos) - no infections found.

I ran the sav32cli from the sophos directory command line (no problems with executing that, but I'm not sure it scanned all files on all harddrives or anything, but it did scan 8 boot sectors.  It found no infections)

Possible resolutions?

The LiveCare antivirus program said that it created a system restore point.  Should I just roll back to that?

Do you need to see a dump from HijackThis?

Should I see if I have the installer for Sophos and reinstall that again?  Any idea what the installer exe is typically named?  I put this on my system a few years ago and have several hundred gigs of stuff:P

:3370


This thread was automatically locked due to age.
Parents
  • 0

    Hello MDP,

    thanks for not posting the HijackThis log ... and thumbs up for doing your own research before posting here. Are you administering Sophos at your site or are you "just" a user (in which case your Sophos administrator should also be able to help you). Anyway - posts like this deserve a detailed answer.

    savservice.exe should run as NT AUTHORITY\LocalService.

    Permissions for the the mentioned HKU subkeys should be inherited from HKU\.DEFAULT and be Full Control for SYSTEM and AdministratorsRead for Users and Power Users and Special (Full Control, subkeys only) for CREATOR OWNER. Same permissions for HKU\S-1-5-18, the HKLM\Software tree has additional permissions for Power Users.

    C:\WINDOWS\system32\config\systemprofile should have non-inherited Full Control permissions for SYSTEM and Administrators.

    If the settings are not as above try to correct them. If your changes don't stick then I guess "something"'s trying to protect you from "something else". You could monitor one of the affected keys. I think it's also possible that some program intercepts the calls. Can't say though if one of the programs you mentioned would cause these symptoms.

    Christian

    :3373
Reply
  • 0

    Hello MDP,

    thanks for not posting the HijackThis log ... and thumbs up for doing your own research before posting here. Are you administering Sophos at your site or are you "just" a user (in which case your Sophos administrator should also be able to help you). Anyway - posts like this deserve a detailed answer.

    savservice.exe should run as NT AUTHORITY\LocalService.

    Permissions for the the mentioned HKU subkeys should be inherited from HKU\.DEFAULT and be Full Control for SYSTEM and AdministratorsRead for Users and Power Users and Special (Full Control, subkeys only) for CREATOR OWNER. Same permissions for HKU\S-1-5-18, the HKLM\Software tree has additional permissions for Power Users.

    C:\WINDOWS\system32\config\systemprofile should have non-inherited Full Control permissions for SYSTEM and Administrators.

    If the settings are not as above try to correct them. If your changes don't stick then I guess "something"'s trying to protect you from "something else". You could monitor one of the affected keys. I think it's also possible that some program intercepts the calls. Can't say though if one of the programs you mentioned would cause these symptoms.

    Christian

    :3373
Children
No Data