Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 3861 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Scheduled scan breaks for unknown reasons, Sophos logging failed

strubbel

Hi,

we are in the process of moving scheduled scans to night hours.

Last night we had quite some machines which did not log the end of the scan as usual in the Scanjob.txt file:

Jobname: Nachts

Content of file Nachts.txt:

20120531 194237    Scan 'Nachts' gestartet.

Content of file SAV_20120531.txt :

20120531 194237    Scan 'Nachts' gestartet.
20120531 194950    Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20120531 195103    Die Erkennungsdatenversion 4.78G (Detection Engine 3.31.20) wird verwendet. Diese Version kann 3664173 Objekte erkennen.
20120531 195103    Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20120531 195116    Die Erkennungsdatenversion 4.78G (Detection Engine 3.31.20) wird verwendet. Diese Version kann 3664173 Objekte erkennen.

and so on

When I go to such a machine I see that the scheduled scan does not run anymore, but why is the end of the scan not in the logs? This log entry does trigger the shutdown process of the machine here, and usually it works as expected.

:25441


This thread was automatically locked due to age.
Parents
  • 0

    stop Sophos Autoupdate Service before the scan starts and restart it after the scan has finished..

    That's ridiculous - especially for a scheduled scan.

    Now it might not be as bad (or broken) as it seems. It looks like restarting the Sophos Anti-Virus service "reliably" kills the scan. While On-Access scanning is restarted on an IDE update this does not include the service. Obviously the service is restarted for version (release) updates - whether this might also happen "between" version updates I can't say. 

    Might be that you observed it when the clients upgraded from 10.0.4 to 10.0.5. Support shouldn't be so tight-lipped - they should know (or be able to find out) under which circumstances the service is restarted and how often (i.e. only at version updates or more frequent)  this occurs.

    As a workaround - I assume you have a "scanning window". You might consider setting a schedule for the update manager so that no software updates are downloaded during this time.

    Christian 

    :25545
Reply
  • 0

    stop Sophos Autoupdate Service before the scan starts and restart it after the scan has finished..

    That's ridiculous - especially for a scheduled scan.

    Now it might not be as bad (or broken) as it seems. It looks like restarting the Sophos Anti-Virus service "reliably" kills the scan. While On-Access scanning is restarted on an IDE update this does not include the service. Obviously the service is restarted for version (release) updates - whether this might also happen "between" version updates I can't say. 

    Might be that you observed it when the clients upgraded from 10.0.4 to 10.0.5. Support shouldn't be so tight-lipped - they should know (or be able to find out) under which circumstances the service is restarted and how often (i.e. only at version updates or more frequent)  this occurs.

    As a workaround - I assume you have a "scanning window". You might consider setting a schedule for the update manager so that no software updates are downloaded during this time.

    Christian 

    :25545
Children
No Data