Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 3971 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Clients out-of-date but updates succeeding

Darren_IFI

Hi everyone,

It seems we have a company-wide problem since this morning. We run Sophos ESC 9.0, on a mix of XP and 7 client machines - we do not use the management console, these are all standalone installations contacting Sophos directly for updates.

As of this morning, Windows is flagging the software as out-of-date. The client itself is quite happy - no indication of update problems. Further investigation of update logs shows only the "items skipped" entries - in other words, normal termination of the update check where no new updates are found.

Product Info from the client:

SAV: 9.0.6

Detection: 3.15.0

Detection Data: 4.61G

Virus Data Date: 03/01/2011 (? No virus data update since early Jan?)

HIPS rules: 3.2.0

HIPS config: 1.0.4

Last Updated: 05/01/2011

Sophos AutoUpdate: 2.5.4

Last Checked for Updates: 07/02/2011 14:10:34

Update Status: Success

Any help or advice on this issue would be very much appreciated.

PS - offtopic observation - all buttons on this forum have "invisible" text in Firefox. I cannot see the "new topic", "reply" etc. button text - just empty borders, until I drag a selection over them.

Thanks everyone,

Darren.

:8871


This thread was automatically locked due to age.
  • 0

    Same issue here.  I'm going to call support.

    Billy

    :8875
  • 0

    I called support this morning, and the very helpful chap was able to figure out the problem. It seems that a file called "status.xml" isn't being properly updated - even when auto-updates succeed. We removed this file, ran an update manually, and now Windows is happy again.

    As mentioned, this happened on lots of machines - a mix of Windows 7 and XP clients. The file can be found in:

    C:\ProgramData\Sophos\AutoUpdate\data\status (Windows 7 and probably Vista)

    C:\Program Files\Sophos\AutoUpdate\data\status (Windows XP)

    Deleting the status.xml file in this folder and running an update manually, will remove the out-of-date warning.

    I'm guessing the problem isn't too widespread based on a lack of replies to this topic, but this may help some people out there - and reduce load on the Sophos support guys :) The support experience was a good one though, which is always nice. Kudos to Sophos UK support for being on the ball and knowing their stuff.

    :8901
  • 0

    I also called support yesterday on this.  I didn't get a resolution, so I told the support tech I would apply the 9.5 update to see if that resolved the issue.

    That did fix it, so maybe the 9.5 update process took care of that problem file.

    Thanks for reporting back with your solution!

    :8913
  • 0

    This is an interesting problem to hear and one I've seen a few times personally.

    Something I've been a little concerned about when using standalone clients is that the actual main updates that occur at least once a month on managed clients don't seem to happen on standalone clients when specifically updating direct from the Sophos databank only and I've mentioned this many times to support. It seems that the Sophos databank only does a major update every 90 days or so but does the minor (IDE) updates regularly. Problem with this approach and most especially with Vista and 7 clients is that the windows safety centre starts moaning at Sophos being out of date when it's around 60 days old (sometimes as early as 45 days). It does this by watching for a particular file date/time stamp and I believe that the file is still vdl.dat. This file is in each major update but obviously not in the minors so can hang around way beyond 60 days before being replaced. Nothing's actually wrong, just the system not informing windows it's updating routinely. It's interesting to hear the TS answer that's posted here, removing the XML file fixes the problem. Yes it does because it causes the AU to download the entire package again and hence update the vdl.dat file but problem will simply happen again in 45 to 60 days so it's not a solution.

    Sophos, please note this and do something, problem's been around a good couple of years now and it's about time you tackled this! It ONLY happens when CLIENTS ONLY update direct from the Sophos databanks.

    Matt

    :9063
  • 0

    >Thanks a lot

    Thanks Sandy.

    My workround for this problem is to run a private webCID of our own and now the primary update site for our standalones is our webCID with Sophos DB the secondary - now my clients all maintain perfect harmony (well almost :smileywink: ) with the managed clients.

    Matt

    :9099
  • 0

    Darren_IFI,

    Great fix, worked for me and it was crucial that I find a fix.  Systems that had that problem were denied Cisco VPN access until AV was up to date.

    The systems affected update directly from Sophos.  MawfTech, it's been over 2 years now since the Sophos corrected the problem. Is this a fluke or is there a concern it may still need fixing?

    :39887
  • 0

    Yep, nothing changed. Sophos still don't update their databank frequently enough to cause a major update only doing this every 60 to 90 days... It doesn't mean you're not up to date however, it just means that the windows detection kicks in because it's only looking at one specific file that isn't routinely 'touched' in the minor updates. Not really sure why they don't make the updater modify (touch) the vdl.dat during a minor update to correct this issue.

    Still better to run your own WebCID and update from that if you can and then only rely on the Sophos databank as a secondary site. Really simple to do and you don't need a great big fat pipe to run it off too - a fixed IP typical business rated ADSL is fine.

    Matt

    :39889