Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1407 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

EM console 3.0 monitoring / protect problem

NLNAV

Hello,

We are deploying XP clients in our network. When viewing EM console 3.0 the client gives an error after protecting it. The error is:

Attempt to access the on-access driver by unprivileged user (NT AUTHORITY\SYSTEM) was denied.

Cant find any errors in the log file from the client:

Trace(2010-Jul-08 12:00:00): ALUpdate started: -ScheduledUpdate  -NoGUI -RootPath "C:\Program Files\Sophos\AutoUpdate"
Trace(2010-Jul-08 12:00:00): Product iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} has been added.
Trace(2010-Jul-08 12:00:00): Product iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} is not  available from Sophos.
Trace(2010-Jul-08 12:00:00): Product iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} is not  the Spam Rules package.
Trace(2010-Jul-08 12:00:00): Product iProductData.{D752FAB9-5883-4b36-8740-61565B6BAD29} has not been added.
Trace(2010-Jul-08 12:00:00): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} has been added.
Trace(2010-Jul-08 12:00:00): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} is  available from Sophos.
Trace(2010-Jul-08 12:00:00): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} is not  the Spam Rules package.
Trace(2010-Jul-08 12:00:00): Product subscription is disabled: iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} action value is:0
Trace(2010-Jul-08 12:00:00): Product iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} has not been added.
Trace(2010-Jul-08 12:00:00): Product iProductData.{3B758ED7-87C1-4e89-BDE1-F49DFF1249F6} has not been added.
Trace(2010-Jul-08 12:00:00): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} has been added.
Trace(2010-Jul-08 12:00:00): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is  available from Sophos.
Trace(2010-Jul-08 12:00:00): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is  the Spam Rules package.
Trace(2010-Jul-08 12:00:00): ConfigurationImpl, considering PMSR: PureMessage not installed, PMSR package will not be updated
Trace(2010-Jul-08 12:00:00): Considering subscribed products.
Trace(2010-Jul-08 12:00:00): Considering product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8}
Trace(2010-Jul-08 12:00:00): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} is not already subscribed.
Trace(2010-Jul-08 12:00:00): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} was added to the list.
Trace(2010-Jul-08 12:00:01): IPCBase::IPCBase: Connected to shared memory A32951C539924a12B3C8F2FDA5A268E4
Trace(2010-Jul-08 12:00:01): RMSMessageHandler: ALUpdateStart
Trace(2010-Jul-08 12:00:01): IPCSender::ProcessSend started
Trace(2010-Jul-08 12:00:01): IPCSender::ProcessSend: No messages in queue, starting to wait
Trace(2010-Jul-08 12:00:01): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
Trace(2010-Jul-08 12:00:01): IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
Trace(2010-Jul-08 12:00:01): IPCSender::ProcessSend: No messages in queue, starting to wait
Trace(2010-Jul-08 12:00:01): ALUpdate(AutoUpdate.Started):
Trace(2010-Jul-08 12:00:01): UpdateCoordinator::UpdateNow: Entering
Trace(2010-Jul-08 12:00:01): PopulateCache: Entering
Trace(2010-Jul-08 12:00:01): UpdateCoordinator::UpdateNow: About to Sync list of products
Trace(2010-Jul-08 12:00:01): UpdateLocationFacade::SyncProduct: Last Update Mechanism = CID
Trace(2010-Jul-08 12:00:01): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Started:
Trace(2010-Jul-08 12:00:01): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, creating update location
Trace(2010-Jul-08 12:00:01): Calling package_source_init
Trace(2010-Jul-08 12:00:01): TrySyncProduct, Calling BeginSync
Trace(2010-Jul-08 12:00:01): Logging on network access user
Trace(2010-Jul-08 12:00:01): Attempting to make a connection to remote machine \\Server\InterChk\ESXP\
Trace(2010-Jul-08 12:00:02): Connection to remote machine \\Server\InterChk\ESXP\ successful
Trace(2010-Jul-08 12:00:02): File escdp.dat not found. Return code 0x80040f04
Trace(2010-Jul-08 12:00:02): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Calling SyncProduct with {390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92}
Trace(2010-Jul-08 12:00:02): CIDUpdateLocation::SyncProduct - Updating Product: RMSNT
Trace(2010-Jul-08 12:00:02): CIDUpdate(SyncProduct.Start): RMSNT, \\Server\InterChk\ESXP\
Trace(2010-Jul-08 12:00:02): Checksum found in master.upd matches cached cidsync.upd : 7ac6837b. Skipping download
Trace(2010-Jul-08 12:00:02): CIDUpdate(PrimarySuccess):
Trace(2010-Jul-08 12:00:02): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, SyncProduct returned - 1
Trace(2010-Jul-08 12:00:02): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Ended - 1
Trace(2010-Jul-08 12:00:02): UpdateLocationFacade::SyncProduct: Last Update Mechanism = CID
Trace(2010-Jul-08 12:00:02): CIDUpdateLocation::SyncProduct - Updating Product: SAVXP
Trace(2010-Jul-08 12:00:02): CIDUpdate(SyncProduct.Start): SAVXP, \\Server\InterChk\ESXP\
Trace(2010-Jul-08 12:00:02): Checksum found in master.upd matches cached cidsync.upd : 11a9381e. Skipping download
Trace(2010-Jul-08 12:00:02): CIDUpdate(PrimarySuccess):
Trace(2010-Jul-08 12:00:02): UpdateLocationFacade::SyncProduct: Last Update Mechanism = CID
Trace(2010-Jul-08 12:00:02): CIDUpdateLocation::SyncProduct - Updating Product: Sophos AutoUpdate
Trace(2010-Jul-08 12:00:02): CIDUpdate(SyncProduct.Start): Sophos AutoUpdate, \\Server\InterChk\ESXP\
Trace(2010-Jul-08 12:00:02): Checksum found in master.upd matches cached cidsync.upd : 9ffb6fae. Skipping download
Trace(2010-Jul-08 12:00:02): CIDUpdate(PrimarySuccess):
Trace(2010-Jul-08 12:00:02): ALUpdate(DownloadEnded):
Trace(2010-Jul-08 12:00:02): UpdateCoordinator::UpdateNow: About to Action list of products
Trace(2010-Jul-08 12:00:02): ALUpdate(Action.Skipped): RMSNT
Trace(2010-Jul-08 12:00:02): ALUpdate(Action.Skipped): SAVXP
Trace(2010-Jul-08 12:00:02): ALUpdate(Action.Skipped): Sophos AutoUpdate
Trace(2010-Jul-08 12:00:02): RMSMessageHandler: ALUpdateEnd
Trace(2010-Jul-08 12:00:02): Sending message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate" />
Trace(2010-Jul-08 12:00:02): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate" />
Trace(2010-Jul-08 12:00:02): IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate" />
Trace(2010-Jul-08 12:00:02): IPCSender::ProcessSend: No messages in queue, starting to wait
Trace(2010-Jul-08 12:00:03): IPCSender::ProcessSend exiting
Trace(2010-Jul-08 12:22:11): ALUpdate started: -ScheduledUpdate  -NoGUI -RootPath "C:\Program Files\Sophos\AutoUpdate"
Trace(2010-Jul-08 12:22:11): Product iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} has been added.
Trace(2010-Jul-08 12:22:11): Product iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} is not  available from Sophos.
Trace(2010-Jul-08 12:22:11): Product iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} is not  the Spam Rules package.
Trace(2010-Jul-08 12:22:11): Product iProductData.{D752FAB9-5883-4b36-8740-61565B6BAD29} has not been added.
Trace(2010-Jul-08 12:22:11): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} has been added.
Trace(2010-Jul-08 12:22:11): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} is  available from Sophos.
Trace(2010-Jul-08 12:22:11): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} is not  the Spam Rules package.
Trace(2010-Jul-08 12:22:11): Product subscription is disabled: iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} action value is:0
Trace(2010-Jul-08 12:22:11): Product iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} has not been added.
Trace(2010-Jul-08 12:22:11): Product iProductData.{3B758ED7-87C1-4e89-BDE1-F49DFF1249F6} has not been added.
Trace(2010-Jul-08 12:22:11): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} has been added.
Trace(2010-Jul-08 12:22:11): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is  available from Sophos.
Trace(2010-Jul-08 12:22:11): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is  the Spam Rules package.
Trace(2010-Jul-08 12:22:11): ConfigurationImpl, considering PMSR: PureMessage not installed, PMSR package will not be updated
Trace(2010-Jul-08 12:22:11): Considering subscribed products.
Trace(2010-Jul-08 12:22:11): Considering product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8}
Trace(2010-Jul-08 12:22:11): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} is not already subscribed.
Trace(2010-Jul-08 12:22:11): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} was added to the list.
Trace(2010-Jul-08 12:22:11): IPCBase::IPCBase: Connected to shared memory A32951C539924a12B3C8F2FDA5A268E4
Trace(2010-Jul-08 12:22:11): IPCSender::ProcessSend started
Trace(2010-Jul-08 12:22:11): IPCSender::ProcessSend: No messages in queue, starting to wait
Trace(2010-Jul-08 12:22:11): RMSMessageHandler: ALUpdateStart
Trace(2010-Jul-08 12:22:11): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
Trace(2010-Jul-08 12:22:11): IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
Trace(2010-Jul-08 12:22:11): IPCSender::ProcessSend: No messages in queue, starting to wait
Trace(2010-Jul-08 12:22:11): ALUpdate(AutoUpdate.Started):
Trace(2010-Jul-08 12:22:11): UpdateCoordinator::UpdateNow: Entering
Trace(2010-Jul-08 12:22:11): PopulateCache: Entering
Trace(2010-Jul-08 12:22:11): UpdateCoordinator::UpdateNow: About to Sync list of products
Trace(2010-Jul-08 12:22:11): UpdateLocationFacade::SyncProduct: Last Update Mechanism = CID
Trace(2010-Jul-08 12:22:11): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Started:
Trace(2010-Jul-08 12:22:11): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, creating update location
Trace(2010-Jul-08 12:22:11): Calling package_source_init
Trace(2010-Jul-08 12:22:11): TrySyncProduct, Calling BeginSync
Trace(2010-Jul-08 12:22:11): Logging on network access user
Trace(2010-Jul-08 12:22:11): Attempting to make a connection to remote machine \\Server\InterChk\ESXP\
Trace(2010-Jul-08 12:22:11): Connection to remote machine \\Server\InterChk\ESXP\ successful
Trace(2010-Jul-08 12:22:11): File escdp.dat not found. Return code 0x80040f04
Trace(2010-Jul-08 12:22:11): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Calling SyncProduct with {390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92}
Trace(2010-Jul-08 12:22:11): CIDUpdateLocation::SyncProduct - Updating Product: RMSNT
Trace(2010-Jul-08 12:22:11): CIDUpdate(SyncProduct.Start): RMSNT, \\Server\InterChk\ESXP\
Trace(2010-Jul-08 12:22:11): Checksum found in master.upd matches cached cidsync.upd : 7ac6837b. Skipping download
Trace(2010-Jul-08 12:22:11): CIDUpdate(PrimarySuccess):
Trace(2010-Jul-08 12:22:11): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, SyncProduct returned - 1
Trace(2010-Jul-08 12:22:11): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Ended - 1
Trace(2010-Jul-08 12:22:11): UpdateLocationFacade::SyncProduct: Last Update Mechanism = CID
Trace(2010-Jul-08 12:22:11): CIDUpdateLocation::SyncProduct - Updating Product: SAVXP
Trace(2010-Jul-08 12:22:11): CIDUpdate(SyncProduct.Start): SAVXP, \\Server\InterChk\ESXP\
Trace(2010-Jul-08 12:22:11): Checksum found in master.upd matches cached cidsync.upd : 11a9381e. Skipping download
Trace(2010-Jul-08 12:22:11): CIDUpdate(PrimarySuccess):
Trace(2010-Jul-08 12:22:11): UpdateLocationFacade::SyncProduct: Last Update Mechanism = CID
Trace(2010-Jul-08 12:22:11): CIDUpdateLocation::SyncProduct - Updating Product: Sophos AutoUpdate
Trace(2010-Jul-08 12:22:11): CIDUpdate(SyncProduct.Start): Sophos AutoUpdate, \\Server\InterChk\ESXP\
Trace(2010-Jul-08 12:22:11): Checksum found in master.upd matches cached cidsync.upd : 9ffb6fae. Skipping download
Trace(2010-Jul-08 12:22:12): CIDUpdate(PrimarySuccess):
Trace(2010-Jul-08 12:22:12): ALUpdate(DownloadEnded):
Trace(2010-Jul-08 12:22:12): UpdateCoordinator::UpdateNow: About to Action list of products
Trace(2010-Jul-08 12:22:12): ALUpdate(Action.Skipped): RMSNT
Trace(2010-Jul-08 12:22:12): ALUpdate(Action.Skipped): SAVXP
Trace(2010-Jul-08 12:22:12): ALUpdate(Action.Skipped): Sophos AutoUpdate
Trace(2010-Jul-08 12:22:12): RMSMessageHandler: ALUpdateEnd
Trace(2010-Jul-08 12:22:12): Sending message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate" />
Trace(2010-Jul-08 12:22:12): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate" />
Trace(2010-Jul-08 12:22:12): IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate" />
Trace(2010-Jul-08 12:22:12): IPCSender::ProcessSend: No messages in queue, starting to wait
Trace(2010-Jul-08 12:22:13): IPCSender::ProcessSend exiting

Does anybody has an solution?

Regards,

Peter

:3820


This thread was automatically locked due to age.
Parents
  • 0

    Hi Nlnav,

    It sounds like the local SYSTEM account is (or has recently been) removed from the SophosAdministrator group - possibly via group policy. Please check that it is a member of this group on the local clients, also check there is not a group policy that is removing the SYSTEM accounts permissions.

    Hope that helps.

    :3828
Reply
  • 0

    Hi Nlnav,

    It sounds like the local SYSTEM account is (or has recently been) removed from the SophosAdministrator group - possibly via group policy. Please check that it is a member of this group on the local clients, also check there is not a group policy that is removing the SYSTEM accounts permissions.

    Hope that helps.

    :3828
Children
No Data