This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Endpoint not updating & services not running

Hi Sophos

I have a laptop that I was going to encrypt using Sophos Central, but noticed that in Sophos Central that it was reporting several errors with services not running.

Checking the services on the device showed that Device Control Service and Sophos Anti-Virus was not running.

Did a quick google and saw from Sophos EHS KB Article was to disable the Sophos Autoupdate service then rename the cache files then delete the .xml file from the autoupdate folder.

I then started the service again then went to update the Sophos endpoint. But the endpoint now does not update, it says update failed.


Tried changing the proxy in internet settings to see if it would come back up but left it several minutes and no changes.

I have logs have the errors if needs be.

I hope you can help, because as the client that uses this machine will be needing the laptop by next week wednesday to work from home. 

This thread was automatically locked due to age.
Parents Reply Children
  • Here are the other files from the autoupdate folder, i was only able to upload the txt files any other format would not work. I did try archiving them but it would keep coming up with a error 6443.susvc.log3362.SophosUpdate.log4617.alc.log

  • Hi Samuel,


    Here is the error, please check your Firewall the Sophos Domains are whitelisted from the Firewall and allowed via proxy if you are using a Proxy server. 


    2019-11-27T11:09:34.8668259Z INFO : Opening connection to
    2019-11-27T11:09:34.8678213Z INFO : Sending request for connection confirmation through potential proxy
    2019-11-27T11:09:34.8678213Z INFO : Request content size: 0
    2019-11-27T11:09:35.0014633Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
    2019-11-27T11:09:35.0323796Z INFO : Subject certificate failed validation against root CA: SophosCA1
    2019-11-27T11:09:35.0333789Z INFO : Subject certificate failed validation against root CA: SophosCA2
    2019-11-27T11:09:35.0353990Z INFO : Subject certificate failed validation against root CA: Sophos SHA256 MCS Root CA3
    2019-11-27T11:09:35.0363694Z INFO : Subject certificate failed validation against root CA: Sophos SHA256 MCS Root CA4
    2019-11-27T11:09:35.0374079Z ERROR : Failed to validate server cert; terminating HTTP connection.
    2019-11-27T11:09:35.0383652Z ERROR : WinHttpSendRequest failed with certificate check failure and error 12017
    2019-11-27T11:09:35.0394040Z INFO : Failed to connect using proxy '' with error: WinHttpSendRequest failed: certificate check failure


    If that is not the case then please find the Sophos certificate using the Knowledge base article here and see if that is valid and up to date.

    Make sure Windows updates on the device are up to date.


    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
  • I spoke to my colleague who looks after the firewalls and they said that they added the URL from the error logs into the Sophos Web Appliance, although Sophos was already showing as a trusted site.


    I have tried to update endpoint again but still fails. I have tried to reboot the laptop too same msg.

    I have navigated to SSL Certificate, the address it gave me was

    Opened the link and Sophos Web appliance came up with a msg saying blocked request unable to verify certificate, which from reading the article provided is as its suppose to happen.

    Downloaded the certificate valid from 2017 to 2027. 

    I have tried to update the endpoint again still failing.

  • Hi Samuel,


    If this issue still exists after certificate updates and there is no windows updates pending, better to open a ticket with support for further investigation. Please create a new ticket, upload the logs and refer this community Link so that an available engineer can assist you further.

    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
  • Given:
    2019-11-29T14:49:03.711Z [16056] [v6.0.457.0] INFO  Setup path C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\setup.dll.
    2019-11-29T14:49:03.711Z [16056] [v6.0.457.0] INFO  Trying to load setup.dll of product E17FE03B-0501-4aaa-BC69-0129D965F311
    2019-11-29T14:49:03.721Z [16056] [v6.0.457.0] INFO  Setup DLL loaded C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\setup.dll.
    2019-11-29T14:49:03.721Z [16056] [v6.0.457.0] INFO  Trying interface IProductSetup2 of product E17FE03B-0501-4aaa-BC69-0129D965F311
    2019-11-29T14:49:03.725Z [16056] [v6.0.457.0] WARN  IProductSetup2 threw exception Could not create instance.
    2019-11-29T14:49:03.725Z [16056] [v6.0.457.0] INFO  Creating CProductConfig interface.
    2019-11-29T14:49:03.725Z [16056] [v6.0.457.0] INFO  Trying interface IProductSetup of product E17FE03B-0501-4aaa-BC69-0129D965F311
    2019-11-29T14:49:03.725Z [16056] [v6.0.457.0] INFO  Successfully established interface IProductSetup.
    2019-11-29T14:49:39.203Z [16056] [v6.0.457.0] INFO  Reboot state: 0
    2019-11-29T14:49:39.203Z [16056] [v6.0.457.0] WARN  Failed to install product E17FE03B-0501-4aaa-BC69-0129D965F311

    is appears that SophosUpdate.exe is loading the setup DLL of SAV to help it install the SAV component.

    As AutoUpdate runs as SYSTEM, do you not have SAV install logs under \windows\temp\ at this time?

    If so, can you attach them?