Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 7191 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Automatic Update

J1

Hi,

I have noticed since Friday that Sophos antivirus automatic update has failed.  I've tried again on Sat and today and still the same.  Has sophos got an issue with their central server?

:3451


This thread was automatically locked due to age.
Parents
  • 0

    There is no issue with the central server as there are multiple servers all around the world.

    Please contact support if you would like help resolving updating issues or try the follow steps. (apologies for no images)


    When you try to run an update and the updates fail and display a cross on the shield.

    There are two phases to an update; the download phase and the installation phase.

    The download phase will check what products the machine has (SAVXP,SAU,SCF,PM) and attempt to connect to Sophos. Then, per product it will check to see if there is anything new and attempt to download the updates for each component. There are two areas in which this can fail; connecting to Sophos for updates or failing to download the files once connected to Sophos.

    For reference the log file is read from bottom to top. The log can be split up into the downloading phase and the installation phase. You’’’’ll note the line; “Downloading phase completed” showing the transition between the two phases. This article is only dealing with issues in the downloading phase.


    Connecting to Sophos

    1. Open Sophos Endpoint Security and Control
    2. Click on Configure Updating and check the address is “Sophos”
    3. Ensure that the username is correct and re-input the password for the em or sbe username (N.B that the username and password are case sensitive and will generally be lower case)
    4. If you use a proxy click on proxy details and check your proxy is correctly set.
    5. Click on Ok to exit the Configure Updating window.
    6. You can check your credentials here: http://es-web-2.sophos.com/update/IDE/auth-test.tx t
    7. Next open up a web browser and browse to site http://es-web-2.sophos.com
    8. If you are unable to get to this location and are not using a proxy please check your DNS settings.
    9. If you are using a proxy or gateway firewall and unable to get to this location please check your proxy/firewall logs.
    10. Check if you have a firewall installed and active on the workstation as these can stop Autoupdate from connecting to the internet.

    Wireshark

    You can use Wireshark to capture what the http error code is if there is a connection issue to the Sophos site. Wireshark can be obtained from www.wireshark.org and can monitor all network traffic going through the selected network card.

    200 OK

    202 Accepted

    301 Moved Permanently

    302 Found

    305 Use Proxy (since HTTP/1.1)

    400 Bad Request

    401 Unauthorized

    403 Forbidden

    404 Not Found

    405 Method Not Allowed

    406 Not Acceptable

    407 Proxy Authentication Required

    408 Request Timeout

    500 Internal Server Error

    501 Not Implemented

    502 Bad Gateway

    503 Service Unavailable

    504 Gateway Timeout

    Downloading the files

    When the files fail to download you will see something like the following;

    This particular log shows only the SAVXP component failing to download. The Autoupdate process is to download the files from Sophos, then store then in the Autoupdate\data\warehousefolder. If this fails, then AutoUpdate could have either failed to download a file correctly (proxy,firewall or ISP interference) or it could have failed to save the file(s) to its’’’’ local cache.

    Often the caches files are locked by the Microsoft Indexing Service. This is commonly seen when running Internet Explorer 8 or Micosoft Desktop Search 3.1. Please see the article below about this issue. http://www.sophos.com/support/knowledgebase/article/59494.html

    Please navigate to C:\Program Files\Sophos\AutoUpdate\Config\ and open the file TopLevelCatalogue.dat in Notepad.It should contain the following depending on your version of Sophos Anti-Virus:

    • For SAV v9 the file should contain: sdds.esc9
    • For SAV v7 the file should contain: sdds.es76

    If there is anything other than this please alter and save and close the file, if unsure which version then place sdds.esc9 and you will installing v9 if you are not already currently on it.


    If the contents of the file are fine then please clear the contents of the following local cache directories:

    Windows XP or earlier

    • C:\Program Files\Sophos\AutoUpdate\Cache\
    • C:\Program Files\Sophos\Autoupdate\data\warehouse\


    Windows Vista or Windows 7:

    • C:\ProgramData\Sophos\Autoupdate\Cache\
    • C:\ProgramData\Sophos\Autoupdate\data\warehouse

    If none of these suggestions work then please contacting Sophos support.

    :3523
Reply
  • 0

    There is no issue with the central server as there are multiple servers all around the world.

    Please contact support if you would like help resolving updating issues or try the follow steps. (apologies for no images)


    When you try to run an update and the updates fail and display a cross on the shield.

    There are two phases to an update; the download phase and the installation phase.

    The download phase will check what products the machine has (SAVXP,SAU,SCF,PM) and attempt to connect to Sophos. Then, per product it will check to see if there is anything new and attempt to download the updates for each component. There are two areas in which this can fail; connecting to Sophos for updates or failing to download the files once connected to Sophos.

    For reference the log file is read from bottom to top. The log can be split up into the downloading phase and the installation phase. You’’’’ll note the line; “Downloading phase completed” showing the transition between the two phases. This article is only dealing with issues in the downloading phase.


    Connecting to Sophos

    1. Open Sophos Endpoint Security and Control
    2. Click on Configure Updating and check the address is “Sophos”
    3. Ensure that the username is correct and re-input the password for the em or sbe username (N.B that the username and password are case sensitive and will generally be lower case)
    4. If you use a proxy click on proxy details and check your proxy is correctly set.
    5. Click on Ok to exit the Configure Updating window.
    6. You can check your credentials here: http://es-web-2.sophos.com/update/IDE/auth-test.tx t
    7. Next open up a web browser and browse to site http://es-web-2.sophos.com
    8. If you are unable to get to this location and are not using a proxy please check your DNS settings.
    9. If you are using a proxy or gateway firewall and unable to get to this location please check your proxy/firewall logs.
    10. Check if you have a firewall installed and active on the workstation as these can stop Autoupdate from connecting to the internet.

    Wireshark

    You can use Wireshark to capture what the http error code is if there is a connection issue to the Sophos site. Wireshark can be obtained from www.wireshark.org and can monitor all network traffic going through the selected network card.

    200 OK

    202 Accepted

    301 Moved Permanently

    302 Found

    305 Use Proxy (since HTTP/1.1)

    400 Bad Request

    401 Unauthorized

    403 Forbidden

    404 Not Found

    405 Method Not Allowed

    406 Not Acceptable

    407 Proxy Authentication Required

    408 Request Timeout

    500 Internal Server Error

    501 Not Implemented

    502 Bad Gateway

    503 Service Unavailable

    504 Gateway Timeout

    Downloading the files

    When the files fail to download you will see something like the following;

    This particular log shows only the SAVXP component failing to download. The Autoupdate process is to download the files from Sophos, then store then in the Autoupdate\data\warehousefolder. If this fails, then AutoUpdate could have either failed to download a file correctly (proxy,firewall or ISP interference) or it could have failed to save the file(s) to its’’’’ local cache.

    Often the caches files are locked by the Microsoft Indexing Service. This is commonly seen when running Internet Explorer 8 or Micosoft Desktop Search 3.1. Please see the article below about this issue. http://www.sophos.com/support/knowledgebase/article/59494.html

    Please navigate to C:\Program Files\Sophos\AutoUpdate\Config\ and open the file TopLevelCatalogue.dat in Notepad.It should contain the following depending on your version of Sophos Anti-Virus:

    • For SAV v9 the file should contain: sdds.esc9
    • For SAV v7 the file should contain: sdds.es76

    If there is anything other than this please alter and save and close the file, if unsure which version then place sdds.esc9 and you will installing v9 if you are not already currently on it.


    If the contents of the file are fine then please clear the contents of the following local cache directories:

    Windows XP or earlier

    • C:\Program Files\Sophos\AutoUpdate\Cache\
    • C:\Program Files\Sophos\Autoupdate\data\warehouse\


    Windows Vista or Windows 7:

    • C:\ProgramData\Sophos\Autoupdate\Cache\
    • C:\ProgramData\Sophos\Autoupdate\data\warehouse

    If none of these suggestions work then please contacting Sophos support.

    :3523
Children
No Data