Restart needed for updates to take effect - Not clearing

Hello,

For one of these computers, on each update check, the ALC log (SAV client, "View updating log") of AutoUpdate still shows a restart is required?

Everything else past that is just moving along the message to the management server, i.e. messages in the RMS agent log:

I believe at the end of the update AutoUpdate creates the key:

HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\AutoUpdate\UpdateStatus\VolatileFlags

and sets the RebootRequired name value under this key to either 0 | 1.

The key: "VolatileFlags" is created as a volatile key, i.e.. it is only held in memory, the idea being that these types of keys are always lost on a restart and therefore a pretty reliable way to know if a computer has been restarted.  One way to check if a key is volatile, is to try and create a sub key under them,  If it's volatile it will error.

So, if you restated and the key has gone, alupdate.exe, on it's next check should attempt to read the key, fail and the next update status should send back a 0 state.

Have you tried creating a regular key:

HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\AutoUpdate\UpdateStatus\VolatileFlags

Create a DWORD under it called RebootRequired and set it to 0.

Then force an update.  What message is sent up, if it's 0, this should clear the alert in the console.  You can then delete the VolatileFlags key.

It might be woth running Process Monitor (http://live.sysinternals.com/Procmon.exe) filtered on the process name alupdate.exe and on registry keys, looking for access to the key  HKLM\SOFTWARE\Wow6432Node\Sophos\AutoUpdate\UpdateStatus\VolatileFlags\RebootRequired 

Can you see it read the 1 or 0, etc..

Hope it helps.

Regards,

Jak

Hello,

For one of these computers, on each update check, the ALC log (SAV client, "View updating log") of AutoUpdate still shows a restart is required?

Everything else past that is just moving along the message to the management server, i.e. messages in the RMS agent log:

I believe at the end of the update AutoUpdate creates the key:

HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\AutoUpdate\UpdateStatus\VolatileFlags

and sets the RebootRequired name value under this key to either 0 | 1.

The key: "VolatileFlags" is created as a volatile key, i.e.. it is only held in memory, the idea being that these types of keys are always lost on a restart and therefore a pretty reliable way to know if a computer has been restarted.  One way to check if a key is volatile, is to try and create a sub key under them,  If it's volatile it will error.

So, if you restated and the key has gone, alupdate.exe, on it's next check should attempt to read the key, fail and the next update status should send back a 0 state.

Have you tried creating a regular key:

HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\AutoUpdate\UpdateStatus\VolatileFlags

Create a DWORD under it called RebootRequired and set it to 0.

Then force an update.  What message is sent up, if it's 0, this should clear the alert in the console.  You can then delete the VolatileFlags key.

It might be woth running Process Monitor (http://live.sysinternals.com/Procmon.exe) filtered on the process name alupdate.exe and on registry keys, looking for access to the key  HKLM\SOFTWARE\Wow6432Node\Sophos\AutoUpdate\UpdateStatus\VolatileFlags\RebootRequired 

Can you see it read the 1 or 0, etc..

Hope it helps.

Regards,

Jak