Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 9926 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Automatic Update causing problems...please help!

akgv

Yesterday my Sophos Endpoint Security must have done an automatic update because my grey shield turned white with a blue outline and an "S" in the middle. I noticed in my start menu that the Sophos had just been installed, so I guess the old version was taken off my computer? I could no longer use my internet. When I clicked to open the new Sophos, it wouldn't open. I had screens popping up that my computer wasn't protected. I decided to restart my computer since the Sophos was newly installed. The internet still wouldn't work, the Sophos shield disappeared from the task bar, and I was still being told I was unprotected. I did a system restore, trying to get back to the old version of Sophos so that it would work. I have been protected with Microsoft Security Essentials and Sophos Endpoint. After the restore I had Windows Defender (which I've not used) and the still updated Sophos. I ran a scan with Sophos and it says I have 4 undetectable items, but it won't let me see what they are. My internet is working, but Sophos is still showing errors and does not appear in my task bar. How to I fix this problem and get my computer secured again? Thanks!

:28207


This thread was automatically locked due to age.
  • 0

    HI,

    Your computer upgraded from version 9.x to 10.x as part of these changes: community.sophos.com/.../26335.  

    A couple of tests you might like to perform:

    If you open Windows Task Manager (taskmgr.exe) and look in the processes tab, you should see a process called Almon.exe.  This is responsible for the notification tray icon, i.e. the Sophos 'S' you mention.  It is launched as you login to the computer.  This process doesn't provide protection but is used to communicate events that are happening, such as updating, virus detections, etc...to the user.

    Does that process appear?  Could it be that the icon is not displayed due to it being hidden by Wndows?

    To test, protection, you could download the test file "Eicar":  This is designed to trigger an alert in Anti-Virus programs to test they are working.  You can read more about it on the site but the download page is: http://eicar.org/85-0-Download.html.

    If Almon.exe is running this will product a balloon message when you run the test file.  It would still be bloked by Sophos if the tray icon wasn't running, you wouldn't be told why howerver, you would just get a windows message such as file not found/access denied.

    Regards,

    Jak

    :28213
  • 0

    Hi Jak,

    The process Almon.exe does not appear in my windows task manager, but when I ran the eicar test file, sophos detected and quarantined it. It never notified me, though. I had to open sophos and see that it was quarantined. So, am I protected and there's just a problem with getting the icon in my task manager? When I go to custumize my task manager, it has sophos on the list (with the old icon, though), and I've asked it to "show icon and notifications. The icon still does not appear in the task manager. Do you know of a way to fix it so it notifies me? Thanks for the help!

    :28221
  • 0

    HI,

    If you go to:

    "C:\program files\sophos\AutoUpdate\"

    or

    "C:\program files (x86)\sophos\AutoUpdate\"

    Can you run Almon.exe?  Does it then show up in the notification tray?

    it should get launched automatically at logon as it there is an entry now in the registry at:

    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sophos AutoUpdate Monitor"

    or

    "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Sophos AutoUpdate Monitor"

    It used to get run from the "Startup" menu but it was moved to the above location.

    Hope it helps

    Regards,

    Jak

    :28223
  • 0

    I cannot run almon.exe (It actually doesn't exist, but almon.exe.manifest does). Should I reinstall sophos?

    :28225
  • 0

    Is AutoUpdate installed on the computer?

    If you look in "Add or Remove Programs" or "Program and Features" (appwiz.cpl).  Does AutoUpdate show up?

    The current version shipping with 10.0.7 is 2.7.4.317.

    If you are just missing Almon.exe from the program files directory that's a bit odd.  AutoUpdate downloads a copy of itself, into its cache.  The files from that directory would end up in:

    Win7:

    "C:\ProgramData\Sophos\AutoUpdate\Cache\sau\program files\Sophos\AutoUpdate\"

    or on XP:

    "C:\Program files\Sophos\AutoUpdate\Cache\sau\program files\Sophos\AutoUpdate\"

    So if you're just missing that file you could copy it over.  Worth a try.  Depends how much is missing.  Might be worth a reinstall.

    Regards,

    Jak

    :28227
  • 0

    So, the Sophos AutoUpdate is installed, but the version is 2.5.7. It also has the old shield and Sophos Plc as the publisher. For the Sophos Antivirus the version is 10.0.7, it has the new shield and the publisher is Sophos Limited. They have different installation dates.

    Then when I go to check the program file in the C drive, the autoupdate is there but I'm still not receiving any notifications about updates being downloaded. Did the autoupdate just not install correctly? Do you think a reinstall will fix the problem? Thanks!

    :28423
  • 0

    It would be good to know if SAU has the latest version downloaded but if it failed to install the new version.

    The install of AutoUpdate creates the MSI log file:

    "C:\windows\temp\Sophos AutoUpdate install log.txt"

    you could see if that is recent and it failed. Search for:

    Return Value 3

    within the file if it failed to install for the specific place where it failed.

    Otherwise you could try deleting:

    "C:\ProgramData\Sophos\AutoUpdate\data\status\status.xml"

    and calling an update.  This will cause SAU to "forget" what it has downloaded and what it has installed.  You can get more specific editing this file to influence if it downloads/installs a specific packge but deleting status.xml would be something to try.

    Regards,

    Jak

    :28425
  • 0

    I did find "C:\windows\temp\Sophos AutoUpdate install log" with the more recent date. I opened it up (in notepad) and searched for Return Value 3. The document does not contain those words. Did I do this search correctly?

    I deleted the XML document and opened Sophos. When i went to ask it to update, there is no place to ask it for any kind of update. I searched the help instructions which said it would be under "Configure" and then "updating". There is no updating option under my configure menu. I remember in the old sophos it had a "Last updated" date and time right when I opened it. My current sophos does not have that information. Is there anything else I can try? Thank you for all your help!

    :28439
  • 0

    So now my Sophos is showing the updating information when I can finally get it to open. I cannot get it to update, though. These are some of the errors I am receiving when trying to open Sophos and/or update it:

    Sophos Endpoint Security and Control has encountered a problem and needs to close. I try to email the report and it gives me another error. After clicking through the errors, still trying to open Sophos, the following message pops up:

    The feature you are trying to use in on a network resource that is unavailable. Click OK to try again, or enter an alternate path to a folder containing the installation package ‘‘‘‘Sophos AutoUpdate.msi’’’’ in the box below. I click OK and the path says it cannot be found so I searched for the installation package ‘‘‘‘Sophos AutoUpdate.msi’’’’ and it does not exist on my computer.

    Any suggestions?

    :28507
  • 0

    Hello akgv,

    sounds like a pretty messed up install - for whatever reason. The .msi should be in AutoUpdate's cache (for XP in %ProgramFiles%\Sophos\AutoUpdate\Cache\sau, for later OSs in %ProgramData%\Sophos\AutoUpdate\Cache\sau. Is this the path displayed and does this path (i.e. the folder, we know the .msi file isn't there) exist?

    How did you initially install Sophos - a package provided by your site or running setup.exe from a share? 

    Christian 

    :28509