Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 7597 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SAVAdminService and SavService being removed and re-installed

Quoque

I have a strange problem with a P.C. on the network it is constantly removing and reinstalling SavAdmin and SavService, I get EVEREST reports (of software changes) every 30 minutes like this :

* Service removed: SAVAdminService,Sophos Anti-Virus status reporter,SAVAdminService.exe,9.5.4.9570
* Service removed: SAVService,Sophos Anti-Virus,SavService.exe,9.5.0.9530

* New service installed: SAVAdminService,Sophos Anti-Virus status reporter,SAVAdminService.exe,9.5.4.9570
* New service installed: SAVService,Sophos Anti-Virus,SavService.exe,9.5.0.9530

then another :

* Service removed: SAVAdminService,Sophos Anti-Virus status reporter,SAVAdminService.exe,9.5.4.9570
* Service removed: SAVService,Sophos Anti-Virus,SavService.exe,9.5.0.9530

* New service installed: SAVAdminService,Sophos Anti-Virus status reporter,SAVAdminService.exe,9.5.4.9570
* New service installed: SAVService,Sophos Anti-Virus,SavService.exe,9.5.0.9530

Any ideas what is causing this, Sophos endpoint is configured to update the clients every 30 minutes but no other P.C.s are doing this.

:24697


This thread was automatically locked due to age.
Parents
  • 0

    Ok, I suppose that as AutoUpdate (SAU) isn't or shouldn't be downloading new updates every 30 minutes, it might be worth looking at the AutoUpdate trace logs, to see if it's kicking off an update of SAV at every update regardless.

    Are you able to make the last one of these:

    C:\ProgramData\Sophos\AutoUpdate\Logs \ALUpdate[timestamp].log

    available which spans a couple of updates?  Maybe use Pastebin for example.

    The start of an update can be seen with the line containing:

    ALUpdate started:

    If SAU is going to install SAV, you should see the line:

    SetupAction::Execute: Creating thread to install product SAVXP

    If no update is required you would see:

    ALUpdate(Action.Skipped): SAVXP

    So do you always see the line to install?  If so, it suggests the problem is more with why SAU is initiating an install at each scheduled update check.  Is it pulling down files?  

    Regards,

    Jak 

    :24871
Reply
  • 0

    Ok, I suppose that as AutoUpdate (SAU) isn't or shouldn't be downloading new updates every 30 minutes, it might be worth looking at the AutoUpdate trace logs, to see if it's kicking off an update of SAV at every update regardless.

    Are you able to make the last one of these:

    C:\ProgramData\Sophos\AutoUpdate\Logs \ALUpdate[timestamp].log

    available which spans a couple of updates?  Maybe use Pastebin for example.

    The start of an update can be seen with the line containing:

    ALUpdate started:

    If SAU is going to install SAV, you should see the line:

    SetupAction::Execute: Creating thread to install product SAVXP

    If no update is required you would see:

    ALUpdate(Action.Skipped): SAVXP

    So do you always see the line to install?  If so, it suggests the problem is more with why SAU is initiating an install at each scheduled update check.  Is it pulling down files?  

    Regards,

    Jak 

    :24871
Children
No Data