How do you force a Sophos AV client to update ?

Hi Phil

From the console you can 'right click' the clients you want to update and select 'update now' this should force trhe client to seek an update. Cheers Simon

Hello Phil,

as Simon said, Update Computers Now instructs the clients to update.

Not surprisingly the primary location is tried first and only if it can't be contacted the secondary is tried. So - are you clients actually unable to update (i.e. both primary and secondary fail)? How did you find out that they are unable to get updates from the secondary?

Christian

Phil,

I may be asking a silly question, but are you’’’’re clients compliant with your updating policy. If they are not compliant they may not know where to update from! Cheers Simon

Policy compliance: Same as policy

When I right click Update ... nothing changes.

When I look at the Computer details -- that's where I see it saying it's last status as being failed to download SAVXP from the secondary server which is a http address. Primary server is a smb share.

Under certain circumstances this message might not be cleared from the console.

So let's first check whether this indicates a serious problem. The client is very likely up to date if:

• Tab Update Details column Up to date says Yes
• Tab Anti-Virus Details (column Up to date is the same as in Update Details) column IDEs shows the correct number
• Computer Details window (double click) field Last message received from computer contains a recent timestamp and under Outstanding alerts and errors (scroll down) Sophos AutoUpdate status the date/time is "well in the past" 

If you find that your clients are up to date two questions remain:

1. Why did updating fail for both the primary and the secondary server?
2. How to get rid of the messages?

Reaching the server may occasionally fail for various reasons. Whether this is a problem (and indicates you have a problem with your network and/or server) depends on the frequency of events and number of clients affected. Again in the Computer Details window scroll down to History. You might find entries with code 00000000 and description Updated successfully one update interval after the download error (code 0000006b usually).

One way to get rid of the message is to deliberately cause an "update failed/succeeded" cycle. Assign a policy with invalid addresses or invalid credentials (wait for compliance), force an update, assign the correct policy and force another update. We have almost 3000 clients and about 50 with these download errors. As some of the are correct (client has been shut down before the next cycle ran) and the number does not increase (some messages are cleared over time, some new pop up) it's not worth the effort. Another option is to clear them from the database using sqlcmd.  

Please keep us informed.

Christian

We ended up pushing new installations of Sophos out to the machines via psexec -- since Sophos's console can't deploy to multiple domains and that seems to have done the job. Not the best solution, but it worked.

---

Phil-UQ wrote:

We ended up pushing new installations of Sophos out to the machines via psexec -- since Sophos's console can't deploy to multiple domains and that seems to have done the job. Not the best solution, but it worked.

---

I just noticed this same problem last week (the Console can't deploy to domains that don't have a trust relationship with the domain the Console is a member of).

Can you share your psexec batch file with the community?

Hi Lestat,

It's really quite simple, it just maps the network drive using a special highly unprivileged user we set up for the purpose, and then runs the setup file directly from the network share.

So, you run the batch file that installs sophos (lets call it InstallSophos.bat) from psexec like so:

psexec \\COMPUTERNAME.DOMAIN.NAME -u DOMAIN\user -p password -c InstallSophos.bat

(where DOMAIN\user is a username with admin privileges on the target COMPUTERNAME)

The contents of InstallSophos.bat look something like this:

net use \\SOPHOSSERVER.DOMAIN.NAME\SophosUpdate /user:SOPHOSSERVER\updateuser password

\\SOPHOSSERVER.DOMAIN.NAME\SophosUpdate\CIDs\S000\SAVSCFXP\setup.exe -i -mng yes -user SOPHOSSERVER\updateuser -pwd password

(where SOPHOSSERVER\updateuser is a user on the domain that the sophos server is on with privileges enough to read the update share)

We're assuming a basic sophos 9 install/update share here - you just need to change the paths on the two network shares above to match the actual location of your install files if you're using sophos 7. And yes, we've tested a basically similar batch file with just the paths changed for doing sophos 7 installs and it worked as well.

As always, YMMV, but it's worked pretty well for us.

As an aside, if you're looking at doing blanket scans and updates (rather than a targeted install on a specific machine), you may want to check to see if Sophos is already installed first. Our test for Sophos 9 already installed looks like:

IF EXIST "C:\Program Files\Sophos\Sophos Anti-Virus\SAVControl.dll" GOTO DONE

IF EXIST "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVControl.dll" GOTO DONE

@REM <insert above InstallSophos.bat code here>

: DONE

You'll need to check for something specific to 7 to test against if you're using that version, of course.

Regards,

Jon (for Phil, who I work with!)