Both of my systems have a failure with on demand updating,
From the log Auto Update appears to be working, but not maybe on start up.
One system shows the failure to update in the Sophos icon, but, the other doesn't!
I've checked settings and cannot find anything amiss.
Hello ArtKeetra,
failure to update in the Sophos icon
the red cross overlay is not necessarily shown after one failure, it allows for occasional "hiccups" within a certain interval.
on demand updating
Is it actually manual updating (which constantly fails) or are you talking about the automatic (and scheduled) updates failing after boot? Anyway, it's very likely not the settings but as there are many possible reasons it'd be necessary to inspect the detailed updating (ALUpdate) logs.
Christian
Time: 20/07/2014 18:29:28
Message: AutoUpdate finished
Module: ALUpdate
Process ID: 5548
Thread ID: 5780
Time: 20/07/2014 18:29:26
Message: Installation of Sophos AutoUpdate skipped
Module: ALUpdate
Process ID: 5548
Thread ID: 5780
Time: 20/07/2014 18:29:26
Message: Downloading phase completed
Module: ALUpdate
Process ID: 5548
Thread ID: 5780
Time: 20/07/2014 18:29:25
Message: Product cache update from primary server successfully finished
Module: SDDSUpdate
Process ID: 5548
Thread ID: 5780
Time: 20/07/2014 18:29:25
Message: Downloading product Sophos AutoUpdate from server Sophos
Module: SDDSUpdate
Process ID: 5548
Thread ID: 5780
Time: 20/07/2014 18:29:24
Message: ERROR: Download of SAVXP failed from server Sophos
Module: SDDSUpdate
Process ID: 5548
Thread ID: 5780
Time: 20/07/2014 18:29:23
Message: Downloading product SAVXP from server Sophos
Module: SDDSUpdate
Process ID: 5548
Thread ID: 5780
Time: 20/07/2014 18:29:17
Message: *************** Sophos AutoUpdate started ***************
Module: ALUpdate
Process ID: 5548
Thread ID: 5780
Christian.
From the log you'll see that Auto/scheduled update is also affected.
This is the latest log addition of several showing the same info.
From the on demand updating the problem is given in the dialogue box as 'cannot contact server'
Regards,
Art.
Hello Art,
sorry for not replying earlier. The log shows that this is an unmanaged installation with Sophos as Primary and only source, and while there doesn't seem to be a problem with downloading the AutoUpdate component the SAVXP download fails. The normal (ALC) log isn't very detailed, please post (as mentioned) a snippet of the detailed log (ALUpdateyyyymmddThhmmss.nnnnnnn.log in %ProgramData%\Sophos\AutoUpdate\Logs\), it should give a more or less specific reason for the failure.
Christian
Christian.
You'll have to forgive my limited skill in this respect. I've searched for the 'file' to no avail.
I have, however, found this SAV log but it won't attach as a doc.
But, it gives no indication, that I can see, of any problem.
Art
****************** Sophos Anti-Virus Log - 22/07/2014 14:05:34 **************
20140717 161543 Using detection data version 4.98G (detection engine 3.50.1). This version can detect 6461849 items.
20140717 161544 User (NT AUTHORITY\LOCAL SERVICE) has started on-access scanning for this machine.
20140717 161553 Using detection data version 4.98G (detection engine 3.50.1). This version can detect 6461849 items.
20140717 222915 Using detection data version 4.98G (detection engine 3.50.1). This version can detect 6461849 items.
20140717 222916 User (NT AUTHORITY\LOCAL SERVICE) has started on-access scanning for this machine.
20140718 163629 Using detection data version 4.98G (detection engine 3.50.1). This version can detect 6461849 items.
20140718 163630 User (NT AUTHORITY\LOCAL SERVICE) has started on-access scanning for this machine.
20140720 074814 Using detection data version 4.98G (detection engine 3.50.1). This version can detect 6461849 items.
20140720 074815 User (NT AUTHORITY\LOCAL SERVICE) has started on-access scanning for this machine.
20140720 185042 File "C:\Users\Jilly\AppData\Local\Temp\uEdPMG9l.exe.part" belongs to adware or PUA 'LeakTest' (of type Hacking tool).
20140720 185042 On-access scanner has denied access to location "C:\Users\Jilly\AppData\Local\Temp\uEdPMG9l.exe.part" for user Jilly-PC\Jilly
20140720 185044 File "C:\Users\Jilly\AppData\Local\Temp\uEdPMG9l.exe.part" belongs to adware or PUA 'LeakTest' (of type Hacking tool).
20140720 185044 On-access scanner has denied access to location "C:\Users\Jilly\AppData\Local\Temp\uEdPMG9l.exe.part" for user Jilly-PC\Jilly
20140720 185058 File "C:\Users\Jilly\AppData\Local\Temp\uEdPMG9l.exe.part" belongs to adware or PUA 'LeakTest' (of type Hacking tool).
20140720 185058 On-access scanner has denied access to location "C:\Users\Jilly\AppData\Local\Temp\uEdPMG9l.exe.part" for user Jilly-PC\Jilly
20140720 185131 File "C:\Users\Jilly\AppData\Local\Temp\Sjgw15EC.exe.part" belongs to adware or PUA 'LeakTest' (of type Hacking tool).
20140720 185131 On-access scanner has denied access to location "C:\Users\Jilly\AppData\Local\Temp\Sjgw15EC.exe.part" for user Jilly-PC\Jilly
20140720 185132 File "C:\Users\Jilly\AppData\Local\Temp\Sjgw15EC.exe.part" belongs to adware or PUA 'LeakTest' (of type Hacking tool).
20140720 185134 File "C:\Users\Jilly\AppData\Local\Temp\Sjgw15EC.exe.part" belongs to adware or PUA 'LeakTest' (of type Hacking tool).
20140720 185134 On-access scanner has denied access to location "C:\Users\Jilly\AppData\Local\Temp\Sjgw15EC.exe.part" for user Jilly-PC\Jilly
20140720 185144 File "C:\Users\Jilly\AppData\Local\Temp\Sjgw15EC.exe.part" belongs to adware or PUA 'LeakTest' (of type Hacking tool).
20140720 185144 On-access scanner has denied access to location "C:\Users\Jilly\AppData\Local\Temp\Sjgw15EC.exe.part" for user Jilly-PC\Jilly
20140720 185147 File "C:\Users\Jilly\AppData\Local\Temp\uEdPMG9l.exe.part" belongs to adware or PUA 'LeakTest' (of type Hacking tool).
20140720 185147 On-access scanner has denied access to location "C:\Users\Jilly\AppData\Local\Temp\uEdPMG9l.exe.part" for user Jilly-PC\Jilly
20140720 185229 File "C:\Users\Jilly\AppData\Local\Temp\Sjgw15EC.exe.part" belongs to adware or PUA 'LeakTest' (of type Hacking tool).
20140720 185237 File "C:\Users\Jilly\AppData\Local\Temp\uEdPMG9l.exe.part" belongs to adware or PUA 'LeakTest' (of type Hacking tool).
20140720 185244 File "C:\Users\Jilly\AppData\Local\Temp\Sjgw15EC.exe.part" has been cleaned up.
20140720 185250 File "C:\Users\Jilly\AppData\Local\Temp\uEdPMG9l.exe.part" has been cleaned up.
20140720 185250 Adware or PUA 'LeakTest' has been removed.
20140721 075627 Using detection data version 4.98G (detection engine 3.50.1). This version can detect 6461849 items.
20140721 075627 User (NT AUTHORITY\LOCAL SERVICE) has started on-access scanning for this machine.
20140721 200300 Using detection data version 4.98G (detection engine 3.50.1). This version can detect 6461849 items.
20140721 200301 User (NT AUTHORITY\LOCAL SERVICE) has started on-access scanning for this machine.
20140721 211021 Using detection data version 4.98G (detection engine 3.50.1). This version can detect 6461849 items.
20140721 211022 User (NT AUTHORITY\LOCAL SERVICE) has started on-access scanning for this machine.
20140722 071302 Using detection data version 4.98G (detection engine 3.50.1). This version can detect 6461849 items.
20140722 071303 User (NT AUTHORITY\LOCAL SERVICE) has started on-access scanning for this machine.
(37 items)
I don't use IE, but I think we're getting somewhere:
Trace(2014-Jul-18 18:05:17): ALUpdate started: -Bootstrap -NoGUI -RootPath "C:\Program Files\Sophos\AutoUpdate"
Trace(2014-Jul-18 18:05:17): Product subscription is disabled: iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} action value is:0
Trace(2014-Jul-18 18:05:17): Product iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} has not been added.
Trace(2014-Jul-18 18:05:17): Product subscription is disabled: iProductData.{D752FAB9-5883-4b36-8740-61565B6BAD29} action value is:0
Trace(2014-Jul-18 18:05:17): Product iProductData.{D752FAB9-5883-4b36-8740-61565B6BAD29} has not been added.
Trace(2014-Jul-18 18:05:17): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} has been added.
Trace(2014-Jul-18 18:05:17): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} is available from Sophos.
Trace(2014-Jul-18 18:05:17): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} is not the Spam Rules package.
Trace(2014-Jul-18 18:05:17): Product subscription is disabled: iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} action value is:0
Trace(2014-Jul-18 18:05:17): Product iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} has not been added.
Trace(2014-Jul-18 18:05:17): Product iProductData.{3B758ED7-87C1-4e89-BDE1-F49DFF1249F6} has not been added.
Trace(2014-Jul-18 18:05:17): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} has been added.
Trace(2014-Jul-18 18:05:17): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is available from Sophos.
Trace(2014-Jul-18 18:05:17): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is the Spam Rules package.
Trace(2014-Jul-18 18:05:17): Computer is a not possible cluster
Trace(2014-Jul-18 18:05:17): PureMessageDetector::AreSpamRulesRequired - Could not open registry on Software\Sophos\MMEx\Config\Global
Trace(2014-Jul-18 18:05:17): ConfigurationImpl, considering PMSR 2.6: PureMessage not installed, PMSR package will not be updated without a subscription
Trace(2014-Jul-18 18:05:17): Considering subscribed products.
Trace(2014-Jul-18 18:05:17): Considering product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8}
Trace(2014-Jul-18 18:05:17): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} is not already subscribed.
Trace(2014-Jul-18 18:05:17): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} was added to the list.
Trace(2014-Jul-18 18:05:17): Considering product {E17FE03B-0501-4aaa-BC69-0129D965F311}
Trace(2014-Jul-18 18:05:17): Could not read registry entry containing Sophos address - using hardcoded value.
Trace(2014-Jul-18 18:05:17): GenerateCustomerID: complete
Trace(2014-Jul-18 18:05:17): Computer is a not possible cluster
Trace(2014-Jul-18 18:05:17): PureMessageDetector::AreSpamRulesRequired - Could not open registry on Software\Sophos\MMEx\Config\Global
Trace(2014-Jul-18 18:05:17): IPCBase::IPCBase: Initialising shared memory A32951C539924a12B3C8F2FDA5A268E4
Trace(2014-Jul-18 18:05:17): RMSMessageHandler: ALUpdateStart
Trace(2014-Jul-18 18:05:17): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
Trace(2014-Jul-18 18:05:17): ALUpdate(AutoUpdate.Started):
Trace(2014-Jul-18 18:05:17): UpdateCoordinator::UpdateNow: Entering
Trace(2014-Jul-18 18:05:17): PopulateCache: Entering
Trace(2014-Jul-18 18:05:17): Found temp cache folder: C:\Users\KIMCAT~1\AppData\Local\Temp\sophos_{9BF40A4E-23AE-48be-9974-5A1F261DBEE8}
Trace(2014-Jul-18 18:05:17): About to move from C:\Users\KIMCAT~1\AppData\Local\Temp\sophos_{9BF40A4E-23AE-48be-9974-5A1F261DBEE8} to C:\ProgramData\Sophos\AutoUpdate\cache\sau
Trace(2014-Jul-18 18:05:17): Cataloging cache folder
Trace(2014-Jul-18 18:05:17): CatalogMaker::addDirectory C:\ProgramData\Sophos\AutoUpdate\cache\sau
Trace(2014-Jul-18 18:05:17): CalculateChecksum. Processing file C:\ProgramData\Sophos\AutoUpdate\cache\sau\1028.mst
Hello Christian.
Been on hol for two weeks, twas a late break which I couldn't turn down.
On my return an email from the designated college IT bod was asking if I had problems. I explained all and he said so had several others as the licence had changed etc etc. He then went on to say that there was a better AV, as did one of the Sophos partners/resellers.
So I'm now using Eset.
Thank you for your advice.
Art.
I'm sorry, I'm not very adept at any of this, but my computer has not been updating either. When I try to do it manually, it says that Windows cannot find Google Chrome. Does that just mean that my initial set up for the updates was to be through Google Chrome and now something has changed? How do I reset it so that Sophos is connected?
