Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 44 replies
  • Subscribers 1 subscriber
  • Views 145767 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SHH/Updater-B Fiasco Recovery Steps

chavez243

Just thought a thread for just the recovery steps would be helpful as I'm sure this is a big mess for many of my IT brethren who will be burning the midnight oil on the cleanup.

Perhaps a Sophos engineer could chime in on:

- what to do about "Software Delivery failed" in Update Manager

- what to do about ALsvc.exe and ALUpdate.exe being detected / quarantined

- other steps?

:30335


This thread was automatically locked due to age.
Parents
  • 0

    For what its worth this is my script i deployed with GPO

    Net Stop "SAVService"
    net stop "Sophos AutoUpdate Service"
    net stop "Sophos Agent"
    net stop "SAVAdminService"
    net stop "Sophos Device Control Service"
    net stop "Sophos Message Router"
    net stop "Sophos Web Control Service"

    If Exist "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\agen-xuv.ide" (Del "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\agen-xuv.ide"&Echo File Deleted)

    If Exist "C:\Program Files\Sophos\Sophos Anti-Virus\agen-xuv.ide" (Del "C:\Program Files\Sophos\Sophos Anti-Virus\agen-xuv.ide"&Echo File Deleted)


    xcopy "\\server\SophosUpdate\CIDs\S000\SAVSCFXP\SAU\program files\Sophos\AutoUpdate\*.*" "c:\SophosFix\AUFiles\"


    If Exist "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\savmain.exe" (Copy "c:\SophosFix\AUFiles\*.*" "C:\Program Files (x86)\Sophos\AutoUpdate"&Echo File Deleted)

    If Exist "C:\Program Files\Sophos\Sophos Anti-Virus\savmain.exe" (Copy "c:\SophosFix\AUFiles\*.*" "C:\Program Files\Sophos\AutoUpdate"&Echo File Deleted)

    Del "C:\ProgramData\Application Data\Sophos\Sophos Anti-Virus\config\Quarantine.xml"
    Del "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\config\Quarantine.xml"

    net start "Sophos AutoUpdate Service"
    Net Start SAVService
    net start "Sophos Agent"
    net start "SAVAdminService"
    net start "Sophos Device Control Service"
    net start "Sophos Message Router"
    net start "Sophos Web Control Service"

    :31583
Reply
  • 0

    For what its worth this is my script i deployed with GPO

    Net Stop "SAVService"
    net stop "Sophos AutoUpdate Service"
    net stop "Sophos Agent"
    net stop "SAVAdminService"
    net stop "Sophos Device Control Service"
    net stop "Sophos Message Router"
    net stop "Sophos Web Control Service"

    If Exist "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\agen-xuv.ide" (Del "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\agen-xuv.ide"&Echo File Deleted)

    If Exist "C:\Program Files\Sophos\Sophos Anti-Virus\agen-xuv.ide" (Del "C:\Program Files\Sophos\Sophos Anti-Virus\agen-xuv.ide"&Echo File Deleted)


    xcopy "\\server\SophosUpdate\CIDs\S000\SAVSCFXP\SAU\program files\Sophos\AutoUpdate\*.*" "c:\SophosFix\AUFiles\"


    If Exist "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\savmain.exe" (Copy "c:\SophosFix\AUFiles\*.*" "C:\Program Files (x86)\Sophos\AutoUpdate"&Echo File Deleted)

    If Exist "C:\Program Files\Sophos\Sophos Anti-Virus\savmain.exe" (Copy "c:\SophosFix\AUFiles\*.*" "C:\Program Files\Sophos\AutoUpdate"&Echo File Deleted)

    Del "C:\ProgramData\Application Data\Sophos\Sophos Anti-Virus\config\Quarantine.xml"
    Del "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\config\Quarantine.xml"

    net start "Sophos AutoUpdate Service"
    Net Start SAVService
    net start "Sophos Agent"
    net start "SAVAdminService"
    net start "Sophos Device Control Service"
    net start "Sophos Message Router"
    net start "Sophos Web Control Service"

    :31583
Children
No Data