Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 1 subscriber
  • Views 3084 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Automatic upgrade to v10??

Jezza

We are using Sophos Enterprise Console 4.7.0.13 and v9.5 for the endpoints.

On Friday just after 7pm, the entire group of endpoints in the v9.5 bucket were upgraded to 10.06 VDL4.79G.  Every one of them now has a warning as they all need to be rebooted.

We don't keep v10 updates on our Enterprise Console.  I'm trying to sort out what would trigger them all to update seemingly of their own accord? 

Ideas?

Thanks

:27593


This thread was automatically locked due to age.
  • 0

    We had the same problem. Imagine my surprise when I came in monday morning and found out a few thousand machines were automatically updated and all require a reboot. We're still cleaning up...

    Never read anything about this update on the Sophos Facebook page (or I missed it), nothing on the RSS feeds, and also don't remember seeing anything on the website. Also didn't receive any notification per email.

    Only found out about the same link after I came to the forums to see what was going on.

    :27843
  • 0

    Unbelievable.  I called Sophos support  and they said it was straightforward "just change the updates to 9.5 Extended Maintenance and it will automatically revert back".  That didn't work at all.

    We made a call to leave them (400 servers) on v10 in the end but this has made us now look seriously at an anti-virus company which forces you to go to a new version, has the ability to force you to a new version (back door???), and never communicates the automatic upgrade to you (who does that?).

    It's like waking up one morning and your Windows XP machine is upgraded to Windows 7.

    At any rate, we've rebooted about 20 or so servers without issue so here's hoping the others follow suit.

    :27855
  • 0

    I also had logged support calls with them, because since the forced switch our server had stopped pulling updates (this was on friday 27th July 18:34). The whole night and weekend our clients were upgrading. By monday morning when I came in, I was surprised to see thousands upon thousands of SCOM alerts and then the new shield icon for Sophos.

    Funny enough, the suggestions from support didn't fix the server. In the end, I rebooted it and then it worked. Go figure...

    By the time I found out we could revert the setting, it was way too late. There is no way that after thousands of workstations and servers were upgraded to v10.0 that I would downgrade them again to v9.5 and have to reboot again. We still can't do this until the next maintenance window.

    I meanwhile also found out about this special Distribution List, where supposedly these update and release information emails are sent to clients. I'm trying to get on that list for almost two years, and I see this still hasn't happened. I logged at least one support call over a year ago, where I was told I was on that list. From our account manager at Microsoft we receive these emails with at least 3 years in advance. Granted, I don't expect the same thing from every company, but a heads-up would be nice. These things should be opt-ins, and not opt-outs.

    I found out in these forums that someone else had the same issue, he was advised to contact their Sophos Sales manager. We don't have one, as we didn't buy the product directly from Sophos. Our licence manager now gave me another name, whom I tried to contact. Let's see if we were finally added to this famous list.

    Needless to say, after the second time this now happend to us with Sophos, I will suggest to my management that we let the maintenance contract expire and then go for another Anti-Virus solution, if not sooner. In our environment, it is completely unacceptable that an outside party can flick a switch and force something like this upon us.

    :27857
  • 0

    I think it's important to know that you don't need to reboot straight away following the upgrade.

    Regards,

    Jak

    :27859
  • 0

    We know that, I found that part in the KB Article on the Sophos site. Nevertheless, I'm having a hard time trying to explain that to our SysAdmins, as for every single machine in the console they see a reboot required message.

    :27861
  • 0

    Interesting that you stopped getting updates.  The same thing happened to us.  The reason was that the new v10 updates matched a signature on our IPS.  We had to create exceptions for that and all was well. 

    I'm also building a new Enterprise Console server and want to move the endpoints across.  Again, no easy task.  As per the doco, the new EC server will want to reprotect the endpoint.  In order to prevent this, Sophos suggested that we run a vbscript on each endpoint.  Don't think I'm going that way.  I'll probably just get the server team to hold off on the reboots, create the database and setup from scratch on my new EC server as opposed to migration.

    :27863
  • 0

    Hello Jezza,

    the new EC server will want to reprotect the endpoint

    not necessarily - if you export/import the Certification Manager keys before installing the new SEC and configure RMS in the CID accordingly you can just "move" the clients by changing the updating policies. I do it all the time and never reprotect the clients.

    Christian

    :27869
  • 0

    Thanks for the feedback Christian.  As we still need to reboot the servers, we've decided to hold off on that and build this new server so that we start from a clean slate.  That way we'll reboot only once which will complete the installation and move them under the new EC.

    :27947