Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 15 replies
  • Subscribers 1 subscriber
  • Views 7958 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Autoupdate failed and insufficient rights to do anything with Sophos

kiril982

Hi Sophos team,

I had to register as I have annoying problem with Sophos. The most I got from my IT admin (who is in Denmark while I am on a stay in China) is to uninstall it and instal something else. While that's the last option. I will give a last try to ask you.

I neither have the rights to manipulate with Sophos properly (it says "insufficient right"), nor the autoupdate funtion works. This is all from today when I tried to delete a virus or whatever was it from usb, and I noticed the first one. Once I tried to fix using your (increadibly confusing and overloaded) forums, the auto-update stoped working as well. Its a bit annoying and I got a bit frustrated.

1. I have tried to fix the "sufficient rights" issue by following your posted procedure i.e. updating the SID numbers using the SophosLocalGroups.txt file but it didn't work. I also downloaded some file, and than copied it in the indicated lcoation and run it (which was suppose to automatically updade the SIDS) but it was waste of time in both reading and doing it.

2. I have tried to fix the auto-update issue, i even don't remember what I did, but i stoped the Sophos virus protection and did what was written in your post and activated it again. It didn't work.

Is there any solution except spending hours and trying to understand what SID and DSN settings are or?

Thanks a lot,

Kiril

p.s. for the record, when I start up my pc, the notification appears with "Sophos Endpoing Secirity and Control updater has faild to download", and in the update log the following appears (the other updates seem to work properly- as it says in the log):

Time: 23-07-2012 23:37:14
Message: Could not connect to the server. Check that this computer is connected to the network and that Sophos AutoUpdate is configured to update from the correct location with the correct credentials and proxy details (if required)
Module: CIDUpdate
Process ID: 4808
Thread ID: 4412

Time: 23-07-2012 23:37:13
Message: Downloading product Sophos AutoUpdate from server \\SOFUS\SophosUpdate\CIDs\S000\SAVSCFXP\
Module: CIDUpdate
Process ID: 4808
Thread ID: 4412

Time: 23-07-2012 23:37:11
Message: Could not add a connection to server \\SOFUS\SophosUpdate; user djf\sophos; Windows error 53
Module: CIDUpdate
Process ID: 4808
Thread ID: 4412

Time: 23-07-2012 23:37:09
Message: Could not connect to the server. Check that this computer is connected to the network and that Sophos AutoUpdate is configured to update from the correct location with the correct credentials and proxy details (if required)
Module: CIDUpdate
Process ID: 4808
Thread ID: 4412

Time: 23-07-2012 23:37:08
Message: Downloading product SAVXP from server \\SOFUS\SophosUpdate\CIDs\S000\SAVSCFXP\
Module: CIDUpdate
Process ID: 4808
Thread ID: 4412

Time: 23-07-2012 23:37:06
Message: Could not add a connection to server \\SOFUS\SophosUpdate; user djf\sophos; Windows error 53
Module: CIDUpdate
Process ID: 4808
Thread ID: 4412

Time: 23-07-2012 23:37:04
Message: Could not connect to the server. Check that this computer is connected to the network and that Sophos AutoUpdate is configured to update from the correct location with the correct credentials and proxy details (if required)
Module: CIDUpdate
Process ID: 4808
Thread ID: 4412

Time: 23-07-2012 23:37:03
Message: Downloading product RMSNT from server \\SOFUS\SophosUpdate\CIDs\S000\SAVSCFXP\
Module: CIDUpdate
Process ID: 4808
Thread ID: 4412

Time: 23-07-2012 23:37:01
Message: Could not add a connection to server \\SOFUS\SophosUpdate; user djf\sophos; Windows error 53
Module: CIDUpdate
Process ID: 4808
Thread ID: 4412

Time: 23-07-2012 23:36:38
Message: *************** Sophos AutoUpdate started ***************
Module: ALUpdate
Process ID: 4808
Thread ID: 4412

:27249


This thread was automatically locked due to age.
Parents
  • 0

    Hello kiril982,

    last lookup [...] the date I left Denmark

    this suggests (assuming he is talking about the management system, not the download) that the server is not reachable over VPN - this is either due to the network configuration at your site or in conjunction with yesterday's detection or perhaps both. But this is more guesswork than serious analysis given the lack of details. 

    I assume that SOFUS is also the management server. If you open Start->(All) Programs->Sophos->Sophos ES&C->View Sophos Network Communications Report the known server addresses should be under Parent-addresses (usually in the form IPv4,[IPv6,]FQDN,NetBIOS). If you open a cmd window (when VPN is active) and type ping FQDN - does it resolve the address (i.e. it should say Pinging FQDN [IP] with ...) ? If not then it can't resolve the name. As you said you only noticed recently that AutoUpdate doesn't work it could be that something has changed recently. The AutoUpdate logs probably doesn't go back that far but looking at the files in C:\Program Files\Sophos\Sophos Anti-Virus will tell you the approximate time of the last update - sort by date to determine the timestamp of the "youngest" files. If it's May then AutoUpdate didn't work since you left Denmark. Whatever you find determines the next steps.

    This is just to make sure that the issue isn't related to the detection on USB (BTW - is this your device, did you use it on another computer, or did you get it from somewhere? Also, what has been detected - the Quarantine Manager should tell you the threat's name).

    Christian

    :27275
Reply
  • 0

    Hello kiril982,

    last lookup [...] the date I left Denmark

    this suggests (assuming he is talking about the management system, not the download) that the server is not reachable over VPN - this is either due to the network configuration at your site or in conjunction with yesterday's detection or perhaps both. But this is more guesswork than serious analysis given the lack of details. 

    I assume that SOFUS is also the management server. If you open Start->(All) Programs->Sophos->Sophos ES&C->View Sophos Network Communications Report the known server addresses should be under Parent-addresses (usually in the form IPv4,[IPv6,]FQDN,NetBIOS). If you open a cmd window (when VPN is active) and type ping FQDN - does it resolve the address (i.e. it should say Pinging FQDN [IP] with ...) ? If not then it can't resolve the name. As you said you only noticed recently that AutoUpdate doesn't work it could be that something has changed recently. The AutoUpdate logs probably doesn't go back that far but looking at the files in C:\Program Files\Sophos\Sophos Anti-Virus will tell you the approximate time of the last update - sort by date to determine the timestamp of the "youngest" files. If it's May then AutoUpdate didn't work since you left Denmark. Whatever you find determines the next steps.

    This is just to make sure that the issue isn't related to the detection on USB (BTW - is this your device, did you use it on another computer, or did you get it from somewhere? Also, what has been detected - the Quarantine Manager should tell you the threat's name).

    Christian

    :27275
Children
No Data