No response of installing Sophos Endpoint Security and Control

Hello Dice,

to install sophos to their PC from our server [...] when I run the setup.exe

I'm not sure I understand correctly what you mean by from our server. First I thought you tried Protect Computers from the console but as you mention setup.exe I assume you connected to the share and ran setup from there, correct?

If run interactively, setup.exe should write to Sophos ES setup.log in the user's (i.e. your) %TEMP% directory - does this file exist?

Christian

Hi QC,

I assume you connected to the share and ran setup from there, correct?

Yes. the setup.exe installer is in our server and from the PC of our programmer, I accessed it through share folder.

If run interactively, setup.exe should write to Sophos ES setup.log in the user's (i.e. your) %TEMP% directory - does this file exist?

I have sophos in my laptop and the setup.log exist in my temp folder. I tried to look for the setup.log in our programmers PC but it doesn't exist.

[Edit] This is my Sophos ES setup.log "1/9/2014,6:12:31 PM,ERROR,An unexpected error occurred, no translation available: utils::copy_file: "\\192.168.2.124\SophosUpdate\CIDs\S000\SAVSCFXP\sau\program files\Sophos\AutoUpdate\fr\fr.exe", "C:\Users\ZACCEL~1\AppData\Local\Temp\sophosa\program files\Sophos\AutoUpdate\fr\fr.exe": Access is denied.,"

I tried to install it again but it still doesn't go through installation. Honestly, we don't have enough knowledge about the sophos console, only some of its basic features. It will be appreciated if you could give us some link that we can review about its features.

Thanks,

Dice

Hello Dice,

thanks for the log snippet. Indeed this indicates a much bigger problem.

PM,ERROR [...] "\\192.168.2.124\SophosUpdate\CIDs\S000\SAVSCFXP\sau\program files\Sophos\AutoUpdate\fr\fr.exe"

It fails to copy the file fr.exe. Now firstly, this file is not part of the package! The fr subfolder is for language support and only contains translation DLLs and a help file. Strangely enough the file has the same name as the containing folder. Looking at the SAV.txt in your Sophos Block Applications post there is a W32/Brontok-D detection for Shared Folder.exe in \Shared Folder - and the name of another flagged file is Data Other.exe which might as well be derived from a folder name.

Thus I conclude fr.exe is a malicious file and the Access denied is the result of the file being blocked on the server (192.168.2.124).  So - please check the AV log on the server.

Mote important - it looks like W32/Brontok has spread itself all over the place and might even be still active. As you are not familiar with Sophos and the forum is not the best place for walking you through the necessary steps to clean up the mess (partly because of the time lag) I urge you to contact Support ASAP! 

As for the console - please see the Documentation section on the Support pages and visit the Endpoint Resource Center.

Christian

Hi QC,

As we checked and observe some of the folders in our server where our sophos av is installed, It seems that it really is infected and the virus created an .exe file which hinders the sophos installation to execute and continue installing. We already contacted our support and they replaced the infected installation folder with a new one and created a package of installer for us to use. Thank you for your response, I have learned something new and useful.

Best Regards,

Dice

-: Topic Closed :-