Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 4818 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Anti-Virus Status Reporter on Window 7

Azwan

Hello,

As per subject above does anyone have experience with this services on Windows 7, just curious as per services info "Sophos Anti-Virus Status Reporter " function Provides information to Windows Security Center on whether Sophos Anti-Virus is up to date and whether on-access scanning is enabled.

D oes sophos console unable to obtain endpoint (windows 7 ) antivirus and update status if this service disable?. Thanks

:19477


This thread was automatically locked due to age.
  • 0

    Hi,

    SAV does require this service for other actions other than updating Action/Security Center.  It's not however used to send back status to SEC, the Sophos Agent Service (part of RMS) does this by loading adapter dlls (one per managed component), so in the case of SAV it's SAVAdapter.dll.  This in effect talks to the SAVService to ask for configuration, set configuration etc...

    Regards,

    Jak

    :19487
  • 0

    Hi Jak,

    Does this mean this service "Sophos Anti-Virus Status Reporter " have to be enable?.

    I have test with 1unit  Windows 7 and console still can talk and push update however it might suffer some delay to receive or send status and configuration.

    Reason I have this testing is because 1 of my client apllication having conflict communication if this service "Sophos Anti-Virus Status Reporter " is enable.

    I have stress to client that sophos required this service to enable for communication, just need to verify  and some information from others if this service can be disable.

    :19489
  • 0

    Hello Azwan,

    if the Sophos Anti-Virus Status Reporter is not enabled WSC will warn you about missing A-V protection but that's all - everything else won't be affected.

    Wonder what conflict this could be though - you should probably give Support a call and tell them about the conflicting application (I'm not sure if you can permanently disable the Status Reporter - it might be re-enabled during an update/upgrade).

    Christian

    :19507
  • 0

    Hi,

    Is the conflict with a .NET app running as a non-admin user? Is it that the SAVAdminService.exe process name is 15 characters and it can't enumerate the process name without being an admin user or having sedebug priv?

     

    Do you know the root cause of the conflict, is the above it?

     

    Jak

    :19527
  • 0

    Hi Jak/Christian

    Both of you are correct, currently what i can see is this issue related with .NET as per Jak question regarding .NET and non-admin user, Im not sure what does .NET relate with Sophos Anti-Virus Status Reporter service and SAVAdminService.exe process name is 15 characters .

    :19555
  • 0

    As I recall, the problem I ran into once was the .net application was unable to enumerate process that contain 15 characters if the .net application wasn't running with specific rights (it was running as just a member of users). So quite a fendemantal problem  When it hits a process with 15 characters for some reason requires at a minimum seDebugPriveldges to resolve the process name as it gets it using a different method at this point which requires more rights.

    Could you try granting the user for which the .net application is failing, the following right:
    Security Settings - Local Policies - User Rights Assignment - "Debug programs"

    Does the applicaiton then work?   This could be a possible workaround at least for the shortterm, albeit it a potential security risk as it would alow non admins the ability to attach to processes, view memory I guess.

    I would contact the .net application vendor and see if they can fix up their application in some way, I wouldn't suggest you stop the SAVAdmin service as a workaround unless you have to.

    Jak

    :19601