This is what I did:
Change all policies to only deny access on virus detection.
Change all policies to disable OnAccess Scanning
Then
Method for Icon still in systray:
1. Ensure OnAccess Scanning is disabled, if not, disable manually.
2. Use the "Update Now" button - assuming you have downloaded the fixed defs to your update server.
3. Open Sophos and verify that the virus IDE count is 281 or greater under the View Product Info after you expand the Software portion (why they don't list this on the home screen I don't know).
Method for no Sophos Icon:
Note you can try to reinstall AFTER disabling OnAccess Scanning. HOWEVER, half of mine got errors during the install 25010 erros I think. So instead,
1. Ensure OnAccess Scanning is disabled, if not, disable manually.
2. I copied 5 files from the CID\S00x\SAVFPXP\SAVSCFXP\SAU\Program files\Sophos\AutoUpdate\ directory that seemed to be getting deleted. They are ALsvc.exe, ALUpdate.exe, AUAdapter.dll, Cidsync.dll and inetconn.dll. I copied these files back to c:\Program FIles\Sophos\Autoupdate.
3. I then restarted the Sophos AutoUpdate Service
4. Next, I reinstalled sophos. You might be able to just reboot, but I was dealing with the 80 + Windows servers that were affected and wanted to be sure I had the ALMon systray icon back before I rebooted.
5. Then run the 'Update Now'
I have not yet reenabled OnAccess scanning since we were hit so close to 5pm. I'm going to wait until 9 or 10 am until I'm sure that I have allowed all unaffected pcs to update to the fixed defs before reenabling.
This thread was automatically locked due to age.
