Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 1 subscriber
  • Views 32483 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Update failed: Installation of SAVXP skipped

Sophos_user23

Hi,

I'm trying out the Sophos Enduser protection, and the Management Server and Endpoint Protection is installed on the same machine. I'm trying to update the client, no luck. 

In the log I can see this: Installation of SAVXP skipped, and no successfull. 

From ALUpdate log I can see this:

Trace(2013-Nov-26 13:33:44): CIDUpdateLocation::SyncProduct - Updating Product: SAVXP
Trace(2013-Nov-26 13:33:44): CIDUpdate(SyncProduct.Start): SAVXP, \\TESTVM-PC\SophosUpdate\CIDs\S000\SAVSCFXP\
Trace(2013-Nov-26 13:33:44): Checksum found in master.upd matches cached cidsync.upd : 22a3b4b9. Skipping download
Trace(2013-Nov-26 13:33:44): CIDUpdate(PrimarySuccess):
Trace(2013-Nov-26 13:33:44): UpdateLocationFacade::SyncProduct: Last Update Mechanism = CID
Trace(2013-Nov-26 13:33:44): CIDUpdateLocation::SyncProduct - Updating Product: Sophos AutoUpdate
Trace(2013-Nov-26 13:33:44): CIDUpdate(SyncProduct.Start): Sophos AutoUpdate, \\TESTVM-PC\SophosUpdate\CIDs\S000\SAVSCFXP\
Trace(2013-Nov-26 13:33:44): Checksum found in master.upd matches cached cidsync.upd : 97afde11. Skipping download
Trace(2013-Nov-26 13:33:44): CIDUpdate(PrimarySuccess):
Trace(2013-Nov-26 13:33:45): ALUpdate(DownloadEnded):
Trace(2013-Nov-26 13:33:45): UpdateCoordinator::UpdateNow: About to Action list of products
Trace(2013-Nov-26 13:33:45): ALUpdate(Action.Skipped): RMSNT
Trace(2013-Nov-26 13:33:45): CIDUpdateLocation::OnNullUpdate...
Trace(2013-Nov-26 13:33:45): CustomFileMap::CustomFileMap. CachePath = C:\ProgramData\Sophos\AutoUpdate\cache
Trace(2013-Nov-26 13:33:45): CustomFileMap::Read: Subfolder = rms productID = {390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92}
Trace(2013-Nov-26 13:33:45): CustomFileMap::Read: File path = C:\ProgramData\Sophos\AutoUpdate\cache\rms.custom
Trace(2013-Nov-26 13:33:45): CustomFileMap::Read: File exists and appears valid.
Trace(2013-Nov-26 13:33:45): CIDUpdateLocation::OnNullUpdate complete.
Trace(2013-Nov-26 13:33:45): ALUpdate(Action.Skipped): SAVXP
Trace(2013-Nov-26 13:33:45): CIDUpdateLocation::OnNullUpdate...
Trace(2013-Nov-26 13:33:45): CustomFileMap::CustomFileMap. CachePath = C:\ProgramData\Sophos\AutoUpdate\cache
Trace(2013-Nov-26 13:33:45): CustomFileMap::Read: Subfolder = savxp productID = {E17FE03B-0501-4aaa-BC69-0129D965F311}
Trace(2013-Nov-26 13:33:45): CustomFileMap::Read: File path = C:\ProgramData\Sophos\AutoUpdate\cache\savxp.custom
Trace(2013-Nov-26 13:33:45): CustomFileMap::Read: File exists and appears valid.
Trace(2013-Nov-26 13:33:45): CIDUpdateLocation::OnNullUpdate complete.
Trace(2013-Nov-26 13:33:45): ALUpdate(Action.Skipped): Sophos AutoUpdate
Trace(2013-Nov-26 13:33:45): CIDUpdateLocation::OnNullUpdate...
Trace(2013-Nov-26 13:33:45): CustomFileMap::CustomFileMap. CachePath = C:\ProgramData\Sophos\AutoUpdate\cache
Trace(2013-Nov-26 13:33:45): CustomFileMap::Read: Subfolder = sau productID = {9BF40A4E-23AE-48be-9974-5A1F261DBEE8}
Trace(2013-Nov-26 13:33:45): CustomFileMap::Read: File path = C:\ProgramData\Sophos\AutoUpdate\cache\sau.custom
Trace(2013-Nov-26 13:33:45): CustomFileMap::Read: File exists and appears valid.
Trace(2013-Nov-26 13:33:45): CIDUpdateLocation::OnNullUpdate complete.
Trace(2013-Nov-26 13:33:46): RMSMessageHandler: ALUpdateEnd
Trace(2013-Nov-26 13:33:46): Sending message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate" />
Trace(2013-Nov-26 13:33:46): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate" />
Trace(2013-Nov-26 13:33:46): IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate" />
Trace(2013-Nov-26 13:33:46): IPCSender::ProcessSend: No messages in queue, starting to wait
Trace(2013-Nov-26 13:33:47): IPCSender::ProcessSend exiting

Please help

:45471


This thread was automatically locked due to age.
  • 0

    Hello Sophos_user23,

    Installation of SAVXP skipped

    when AutoUpdate checks for updates it first compares its local cache to the CID on the server. This is done using checksums recorded in catalogs (master.upd and cidsync.upd) - if they match the cache is up to date and there is nothing new to download, consequently there's no need to update and thus any further actions for this product are skipped.

    Why do you think the update has failed?

    Christian 

    :45507
  • 0

    Because on Sophos Endpoint Security Console, clicking on Help, View product information, Antivirus and HIPS, I can see :

    [Anti-virus and HIPS]
    -[ Software]
    Sophos Anti-Virus 10.3.1
    Release status Full
    On-access status Enabled
    Detection engine 3.48.0
    Detection data 4.95G
    Virus data date 2013.11.13.
    Items detected 5981247
    Detection identities 367
    HIPS rules version 10.2.0
    HIPS configuration version 1.0.5
    Last updated 2013.11.26. 14:21:12

    Thank you

    :45515
  • 0

    Hello Sophos_user23,

    this is a common misconception of this item (or, depending on your POV, a less than optimal display). It has been discussed several times here but for whatever reason the relevant threads are hard to find. The best I could come up with at short notice is AV signatures date 06.08.2012. Essentially Virus data is the consolidated "library" (updated roughly monthly). It is supplemented by the individual IDEs (the Last updated at the bottom is the most recent time one or more IDEs have been downloaded).

    CHristian

    :45517
  • 0

    Oh :)

    I believe Sophos should somehow make it easier to see that client is updated. This "check the download page for number of IDE's and compare it to yours" is not the most user friendly way :)

    Anyway, thank you for the help!

    :45519
  • 0

    Hello Sophos_user23,

    Sophos should somehow make it easier to see that client is updated

    make a suggestion - what do you think would make it easier :smileyhappy:?

    The icon shows the last checked time and will alert you about persistent download problems (it allows for occasional download errors - caused by e.g. network hiccups or a server reboot). It indicates that AutoUpdate is working, that the CID (whether UNC, HTTP or Sophos) can be accessed and that it has consistent data. It will not detect a "stale" CID though. It is assumed that the SUM is monitored by the site's administration - who can also see the status of the endpoints.

    You didn't say whether you are "just" a user or the site's administrator. I understand the concern and appreciate the attention to updating. I don't quite understand the preoccupation with this has it really updated question though. If you are paranoid, which is fine with me,  you shouldn't stop there. What will be your conclusions and actions if the endpoint has not the latest data (do not forget - AutoUpdate claims it is working correctly)? Would you assume it is an as yet undetected flaw in AutoUpdate? How often should you check? And as its final purpose is not updating but protecting - do you make sure that the virus engine works as it's supposed to do? That's a can of worms ... :smileytongue:

    Christian

    :45543
  • 0

    I'm a site administrator testing Sophos product. 

    The problem with "last check time" is that what if the management server did not download the updates itself? In this case from an endpoint perspective everything is fine, although the client is not updated.

    What I really like to see on the client side is something like "Latest threat signatures" with a value similar to 2013_12_03_13_52. where this date corresponds to the date when Sophos built the update. 

    :45639
  • 0

    Hello Sophos_user23,

    what if the management server did not download the updates itself

    if SUM encounters an error you'll get an alert. If SUM is silently failing then the console will warn or alert (by default after 24 and 96 respectively) you that there haven't been any updates. 

    "Latest threat signatures"

    Maybe I don't get your point - you'd still have to compare some data item on the client with a corresponding one on the Sophos site. IMO there's no real advantage over comparing the number of IDEs, is there? Besides - checking the health of the SUM from the client is a roundabout way. You'd also have to account for any latency, both in the content distribution network and due to the update settings (SUM and client). Thus I think SEC is probably the better place to give you this information (right now you can only indirectly assess the number of IDEs present).

    :smileytongue: It's like the disk and network activity LEDs - they don't have any real value but you feel better informed :smileytongue:

    Christian

    :45651
  • 0

    Hi Everyone

    When it show "Installation of Sophos autoupdate skipped" in the alc.log, on the main window, it actually shows updated failed 

    :57600
  • 0

    Hello Sam_Guo,

    Installation of ... skipped

    is not an error but normal when there are no updates for the named component. Thus for one or more of the other components (SAVXP, Firewall, possibly RMSNT, perhaps Patch) either the download or the installation failed. 

    Christian

    :57603