Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 1 subscriber
  • Views 2464 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Put you hand up here Sophos and say SORRY!

MawfTech

Sophos, you done wrong!
 
You've clearely screwed up here Sophos and should put you hands up now, post something clear on you home page (not buried in small text below the scroll line or off on some other page) and apologise for last night's debacle - fancy not testing the IDE before release. I wonder how many millions of PC's out there are now not going to update for several days because of this. Just cost me a couple of hours resolving our connected endpoints, all the home users still to do though so that's probably a couple of days of wasted time.
 
Matt

:31173


This thread was automatically locked due to age.
Parents
  • 0

    Yup - I agree with Matt that something more visible should have been done. A nakedsecurity post is definitely not all that could and should be done. I'd have expected a Technical Alert - don't tell me it was impossible.

    To be fair, correction has been fast and interestingly the impact varied (Live Protection has probably mitigated the effect).

    It did not take too long to make the clients working again as fortunately our policies generally are set to Deny access only and in the segment where we use Delete it hit Alsvc.exe first (for whatever reason), attempted to delete it and failed (for once I'm glad for that).

    The master SUMs recovered automatically, for one child I excluded the \Sophos directories after that it updated. Then used the same exclusions for the other endpoints (never thought I'd really use the Export/Import feature - but there you have it).

    In case some AutoUpdate executables have been deleted (which depending on what is missing shows different symptoms from no visible result to various errors) I've found that

    • stopping SavService (thus disabling scanning)
    • copying the missing files to the AutoUpdate program directory
    • triggering an update (click Almon.exe if the Sophos icon is not present)

    resolves the problem (of course SavService should be started afterwards).

    If you have many (or off-site) clients this could be scripted and packaged

    Christian

    :31203
Reply
  • 0

    Yup - I agree with Matt that something more visible should have been done. A nakedsecurity post is definitely not all that could and should be done. I'd have expected a Technical Alert - don't tell me it was impossible.

    To be fair, correction has been fast and interestingly the impact varied (Live Protection has probably mitigated the effect).

    It did not take too long to make the clients working again as fortunately our policies generally are set to Deny access only and in the segment where we use Delete it hit Alsvc.exe first (for whatever reason), attempted to delete it and failed (for once I'm glad for that).

    The master SUMs recovered automatically, for one child I excluded the \Sophos directories after that it updated. Then used the same exclusions for the other endpoints (never thought I'd really use the Export/Import feature - but there you have it).

    In case some AutoUpdate executables have been deleted (which depending on what is missing shows different symptoms from no visible result to various errors) I've found that

    • stopping SavService (thus disabling scanning)
    • copying the missing files to the AutoUpdate program directory
    • triggering an update (click Almon.exe if the Sophos icon is not present)

    resolves the problem (of course SavService should be started afterwards).

    If you have many (or off-site) clients this could be scripted and packaged

    Christian

    :31203
Children
No Data