Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 3529 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC shows alert on Updates Dashboard after Shh Updater B

GC3David

Hello forum land, 

Our SEC shows an alert on the updates section of the dashboard. When I look at our update managers there are no alerts or errors and we have ben updated today with a matching configuration. All of our endpoints show they are up to date on the SEC but windows action center sees them as being out of date. This started with the Shh updater issue a couple weeks ago. Just wanted to see if anyone else is having a similar issue. 

Thanks 

:33591


This thread was automatically locked due to age.
  • 0

    HI,

    So just to check, if you look in the distribution locations that are being mainted by the SUMs:

    E.g.

    C:\ProgramData\Sophos\Update Manager\Update Manager\CIDs\S000\SAVSCFXP\

    or

    \\server\SophosUpdate\CIDs\S000\SAVSCFXP\

    master.upd is recent?  This is the last file to be updated following an update to the location.

    The last message time against each of the SUMs, in the endpoint view is recent as are the times shown in the SUM list view?

    What verison of SAV do you have 10.0.8, or a mixture?  SAV 10.0.8 (4.81G) as of now has 366 ide files.

    Regards,

    Jak

    :33593
  • 0

    Jak, 

    The master.udp file is the most recent version. Both the update manager and enpoints show they have been updated within the last hour. I'm not sure how to check my current anti-virus version. How would I go about doing that?

    Thanks. 

    :33597
  • 0

    HI,

    Well there are a few places:  

    At the SEC side, here are a few ways to know what versions:

    1. View - "Bootstrap Locations" will give you a list of distribution locations and the versions within.
    2. Open up the subscription ("Update managers" view), e.g. Recommended, highlight the product and click "Details".
    3. \\127.0.0.1\SophosUpdate\CIDs\S000\SAVSCFXP\savxp\svf.xml
    4. In the "Endpoints" view click on the "Anti-Virus Details" tab

    At the client:

    1. Add/Remote Programs | Programs and Features and find Sophos Anti-Virus
    2. C:\ProgramData\Sophos\Sophos Anti-Virus\Config\Factory.xml (Search for the text productVersion)
    3. Open the interface, i.e. double click the shield to launch SAVMain.exe - "View product information", then expand "Software" under "Anti-virus and HIPS".

    Regards,

    Jak

    :33599
  • 0

    Thanks for that info, on our endpoints we have 9.5.6.

    The Bootstrap has bersion 9.5.6.479.1.

    The Update Manager is 9.5.6 VDL 4.79G

    svf.xml shows 9.5.6 VDL4.79G

    :33603
  • 0

    Any reason that you're not running the latest 10 version?

    The whole "Up-to-dateness" in Action Center/Windows security center is a bit odd. 

    If you don't/can't switch your main subscription to 10 but you wish to try 10 on a couple of clients:

    1. Create a new subscription: In the "Update managers" view, call it SAV10 for example

    2. within that subscription select the "10.0 Recommended" version which at the moment is 10.0.8.

    3. Within the config of one of the Update Managers, in the subscriptions tab you can move this new subscription "SAV10" to the right hand side.

    When SUM updates, you'll then have SAV 10 in your distribution share:  You will see a new Sxxx number for this subscription.  View-Bootrap locations will show you exactly.

    4. To test on a single client, you can

    4.1 create a new SEC group, e.g "10Test".

    4.2 create a new updating policy, within the updating policy, under the subscription tab choose the new "SAV10" subscription.

    4.3 link the new updating policy to the test group

    5. Move a test machine to the test group, i.e. "10Test".

    6. Within 20 seconds it should get the polices,

    7. Call update now on it from SEC to speed things up and after a few minutes (depending on network connection) the client should show up as being SAV 10.  It will ask for a reboot but doesn't need to be performed straight away.

    I assume that machine will not have a problem.

    Regards,

    Jak

    :33607
  • 0

    Hello GC3David,

    what does the dashboard say under Updates?

    Christian

    :33621
  • 0

    The whole "Up-to-dateness" in Action Center/Windows security center is a bit odd

    Hm, we are now on 4.81 and 4.79 is over two months old - isn't an alert by WAC/WSC expected?

    Christian

    :33623
  • 0

    QC, 

    Under updates it says Friday, October 05, 2012 8:13AM. 

    I'm not sure but we had an error in the endpoint event logs about the sophos message router not able to find the update server by IP. I changed the mrinit.conf file according to this article Changing 'parent router' IP address - SophosTalk community and this might be when the problems started. I have since copied the old file back into the directory but no change. Anyone think this might be the issue?

    :33687
  • 0

    HI,

    I think it's more likey to be the last option "My installation is up to date" here:

    http://www.sophos.com/en-us/support/knowledgebase/58307.aspx

    Regards,

    Jak

    :33697
  • 0

    Jak, 

    Thanks for the link. It look slike our Anti-virus version is not the most recent. Under the Sophos update manager details on the SEC in the History section the last entry is from 9/27 stating Software update failed code 80040401.

    :33701