This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No response of installing Sophos Endpoint Security and Control

Hi,

I am one of the network staff in our company, and we already installed Sophos Endpoint Security and Control to some PC of our employees. We had a virus outbreak with W32/Brontok-D and spread through-out the network, unfortunately some of the PC of our Programming dept. was infected because they asked not to put Sophos in there PC.

Then I tried to install sophos to their PC from our server, unfortunately when I run the setup.exe, entered the necessary details such as username and password and click OK. and... NOTHING HAPPENED.

I tried to run the setup.exe again and entered the details, click ok and .. still .. NOTHING HAPPENED. No sign of installation or process in task manager that it is running. I assume that the virus caused that but we tried to install sophos to those PC who already have one to test if it will go through the installation, but still NOTHING HAPPENED.

Hoping for a kind response.

Thank you,

Dice

This thread was automatically locked due to age.

Parents

0 QC over 11 years ago

Hello Dice,
thanks for the log snippet. Indeed this indicates a much bigger problem.
PM,ERROR [...] "\\192.168.2.124\SophosUpdate\CIDs\S000\SAVSCFXP\sau\program files\Sophos\AutoUpdate\fr\fr.exe"
It fails to copy the file fr.exe. Now firstly, this file is not part of the package! The fr subfolder is for language support and only contains translation DLLs and a help file. Strangely enough the file has the same name as the containing folder. Looking at the SAV.txt in your Sophos Block Applications post there is a W32/Brontok-D detection for Shared Folder.exe in \Shared Folder - and the name of another flagged file is Data Other.exe which might as well be derived from a folder name.
Thus I conclude fr.exe is a malicious file and the Access denied is the result of the file being blocked on the server (192.168.2.124). So - please check the AV log on the server.
Mote important - it looks like W32/Brontok has spread itself all over the place and might even be still active. As you are not familiar with Sophos and the forum is not the best place for walking you through the necessary steps to clean up the mess (partly because of the time lag) I urge you to contact Support ASAP!
As for the console - please see the Documentation section on the Support pages and visit the Endpoint Resource Center.
Christian
:46435
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 11 years ago

Hello Dice,
thanks for the log snippet. Indeed this indicates a much bigger problem.
PM,ERROR [...] "\\192.168.2.124\SophosUpdate\CIDs\S000\SAVSCFXP\sau\program files\Sophos\AutoUpdate\fr\fr.exe"
It fails to copy the file fr.exe. Now firstly, this file is not part of the package! The fr subfolder is for language support and only contains translation DLLs and a help file. Strangely enough the file has the same name as the containing folder. Looking at the SAV.txt in your Sophos Block Applications post there is a W32/Brontok-D detection for Shared Folder.exe in \Shared Folder - and the name of another flagged file is Data Other.exe which might as well be derived from a folder name.
Thus I conclude fr.exe is a malicious file and the Access denied is the result of the file being blocked on the server (192.168.2.124). So - please check the AV log on the server.
Mote important - it looks like W32/Brontok has spread itself all over the place and might even be still active. As you are not familiar with Sophos and the forum is not the best place for walking you through the necessary steps to clean up the mess (partly because of the time lag) I urge you to contact Support ASAP!
As for the console - please see the Documentation section on the Support pages and visit the Endpoint Resource Center.
Christian
:46435
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data