Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 16 replies
  • Subscribers 1 subscriber
  • Views 31205 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Insufficient privileges

nickm

Hi,

I'm running Sophos 9 standalone.

I started getting this, irrespective of the user account on this machine:

"You do not have sufficient privileges to run the Sophos Anti-Virus main application.
You are not a member of one of the Sophos groups. In order to be able to launch this application, you must be a member of SophosAdministrator, SophosPowerUser or SophosUser group. Please contact the Administrator."

I've looked at the relevant knowledge base article, but there seems to be nothing obvious I can do to fix this.  I can't assign users to the sophos groups on a standalone, can I?

I'm a bit concerned that this may be associated with an install of Chrome today, which won't run anymore.  Windows security center doesn't think that Sophos is running anymore, but the system tray icon is present, and seems to show update action.

I have downloaded and re-installed Sophos, but with the same result.

Any idea what is going on?  Sorry if I'm doing something daft here!

Nick

:2159


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Well at least that ruled out the obvious lack of group membership.  I would still recommend trying out the next steps:

    1.

    How much memory is the savservice.exe process consuming on the machine? 

    To check, run: taskmgr.exe - "Processes" tab - find SavService.exe - memory column.

    It should be in the order of ~60 to ~90 MB.  If it is significantly less, i.e. in the range of 10 MB, it would suggest the failure to load a significant portion of the components, certianly the virus data.

    2.

    You may wish to rule out a virus inhibiting the ability for Sophos to run by running a command line scan of the machine, ideally this would be run from files taken from a known clean machine but you'll probably be safe running sav32cli from the local machine, to do so. launch a command prompt as administrator, navigate to "C:\Program Files\Sophos\Sophos Anti-Virus" or the relevant directory and run SAV32CLI.  It would be interesting to see, a) if this works, proving that the virus data is in good order and b) there doesn't appear to be any obvious piece of malware on the machine stopping SAV from functioning.

    3.

    Failing all this, I would suggest:

    1. Stop the SAVService (from using the service control manager SCM. Start->Run and type "services.msc"

    2. Get a copy of ProcessMonitor from http://live.sysinternals.com/Procmon.exe

    3. Start Process Monitor running.

    4. Start the SAVService using the SCM.

    5, After SAVService seems to have started stop Process Monitor from capturing

    6. Search for "Access Denied" this is usually a good place to start.

    7. Fix any permission problems on either the registry or files that are incorrect.  Ideally using a reference system to compare ACLs.

    8. Start SAVService.

    9. Start the GUI of SAV, hopefully all is in order.

    I'd be interested if none of the above get us any closer to the problem.

    Thanks

    JAK

    :2231
Reply
  • 0

    Hi,

    Well at least that ruled out the obvious lack of group membership.  I would still recommend trying out the next steps:

    1.

    How much memory is the savservice.exe process consuming on the machine? 

    To check, run: taskmgr.exe - "Processes" tab - find SavService.exe - memory column.

    It should be in the order of ~60 to ~90 MB.  If it is significantly less, i.e. in the range of 10 MB, it would suggest the failure to load a significant portion of the components, certianly the virus data.

    2.

    You may wish to rule out a virus inhibiting the ability for Sophos to run by running a command line scan of the machine, ideally this would be run from files taken from a known clean machine but you'll probably be safe running sav32cli from the local machine, to do so. launch a command prompt as administrator, navigate to "C:\Program Files\Sophos\Sophos Anti-Virus" or the relevant directory and run SAV32CLI.  It would be interesting to see, a) if this works, proving that the virus data is in good order and b) there doesn't appear to be any obvious piece of malware on the machine stopping SAV from functioning.

    3.

    Failing all this, I would suggest:

    1. Stop the SAVService (from using the service control manager SCM. Start->Run and type "services.msc"

    2. Get a copy of ProcessMonitor from http://live.sysinternals.com/Procmon.exe

    3. Start Process Monitor running.

    4. Start the SAVService using the SCM.

    5, After SAVService seems to have started stop Process Monitor from capturing

    6. Search for "Access Denied" this is usually a good place to start.

    7. Fix any permission problems on either the registry or files that are incorrect.  Ideally using a reference system to compare ACLs.

    8. Start SAVService.

    9. Start the GUI of SAV, hopefully all is in order.

    I'd be interested if none of the above get us any closer to the problem.

    Thanks

    JAK

    :2231
Children
No Data