This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Endpoint not updating & services not running

Hi Sophos

I have a laptop that I was going to encrypt using Sophos Central, but noticed that in Sophos Central that it was reporting several errors with services not running.

Checking the services on the device showed that Device Control Service and Sophos Anti-Virus was not running.

Did a quick google and saw from Sophos EHS KB Article was to disable the Sophos Autoupdate service then rename the cache files then delete the .xml file from the autoupdate folder.

I then started the service again then went to update the Sophos endpoint. But the endpoint now does not update, it says update failed.

 

Tried changing the proxy in internet settings to see if it would come back up but left it several minutes and no changes.

I have logs have the errors if needs be.

I hope you can help, because as the client that uses this machine will be needing the laptop by next week wednesday to work from home. 



This thread was automatically locked due to age.
  • I spoke to my colleague who looks after the firewalls and they said that they added the URL from the error logs into the Sophos Web Appliance, although Sophos was already showing as a trusted site.

     

    I have tried to update endpoint again but still fails. I have tried to reboot the laptop too same msg.

    I have navigated to SSL Certificate, the address it gave me was https://dzr-mcs-amzn-eu-west-1-9af7.upe.p.hmr.sophos.com/sophos/management/ep

    Opened the link and Sophos Web appliance came up with a msg saying blocked request unable to verify certificate, which from reading the article provided is as its suppose to happen.

    Downloaded the certificate valid from 2017 to 2027. 

    I have tried to update the endpoint again still failing.

  • Hi Samuel,

     

    If this issue still exists after certificate updates and there is no windows updates pending, better to open a ticket with support for further investigation. Please create a new ticket, upload the logs and refer this community Link so that an available engineer can assist you further.

    SAJ
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
  • Given:
    2019-11-29T14:49:03.711Z [16056] [v6.0.457.0] INFO  Setup path C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\setup.dll.
    2019-11-29T14:49:03.711Z [16056] [v6.0.457.0] INFO  Trying to load setup.dll of product E17FE03B-0501-4aaa-BC69-0129D965F311 10.8.3.441.
    2019-11-29T14:49:03.721Z [16056] [v6.0.457.0] INFO  Setup DLL loaded C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\setup.dll.
    2019-11-29T14:49:03.721Z [16056] [v6.0.457.0] INFO  Trying interface IProductSetup2 of product E17FE03B-0501-4aaa-BC69-0129D965F311 10.8.3.441.
    2019-11-29T14:49:03.725Z [16056] [v6.0.457.0] WARN  IProductSetup2 threw exception Could not create instance.
    2019-11-29T14:49:03.725Z [16056] [v6.0.457.0] INFO  Creating CProductConfig interface.
    2019-11-29T14:49:03.725Z [16056] [v6.0.457.0] INFO  Trying interface IProductSetup of product E17FE03B-0501-4aaa-BC69-0129D965F311 10.8.3.441.
    2019-11-29T14:49:03.725Z [16056] [v6.0.457.0] INFO  Successfully established interface IProductSetup.
    2019-11-29T14:49:39.203Z [16056] [v6.0.457.0] INFO  Reboot state: 0
    2019-11-29T14:49:39.203Z [16056] [v6.0.457.0] WARN  Failed to install product E17FE03B-0501-4aaa-BC69-0129D965F311 10.8.3.441.

    is appears that SophosUpdate.exe is loading the setup DLL of SAV to help it install the SAV component.

    As AutoUpdate runs as SYSTEM, do you not have SAV install logs under \windows\temp\ at this time?

    If so, can you attach them?

    Regards,
    Jak