Most likely Post WINDOWS Monthly Patch Installation, Sophos status is broken.
We started the Windows updates rollout this week and already have multiple devices with this issues now.
Ex- This device was all okay once the update was installed and rebooted Sophos events shows this error.
Anyone else with this problem?
Hi skyisbluescreen
Would you please suggest what is the exact error it is showing under the events?
Shweta
Hello there,
I have updated the Event log in the post. All the machines show the below error :
Everything was normal in these devices Sophos was working fine perfectly. However there was 1903 installed they rebooted and boom Sophos AV service goes missing and other ones too.
Hoping someone from the community can help me through.
------------------------------------------------------------------
I have tried Support:Here is what happens
SDU Logs shared for impacted PC's
Request us back to re install
We Do, and Still same problem.
We Report back, they connect and run a PS SCRIPT or BATCH to remove Sophos, Still issue persists after re install
Request to Re Install the OS
-------------------------------------
Have you tried removing the older version of Anti-virus present using the Sophos ZAP tool? Kindly PM me the case number that you have already registered, so that I can review a few logs.
When AutoUpdate updates, it always checks the OS of the computer to see if it's changed, you see this in
C:\ProgramData\Sophos\AutoUpdate\Logs\SophosUpdate.log:
2020-06-07T22:37:11.405Z [15968:18684] [v6.4.292.0] INFO =========================2020-06-07T22:37:11.405Z [15968:18684] [v6.4.292.0] INFO SophosUpdate is starting.2020-06-07T22:37:11.405Z [15968:18684] [v6.4.292.0] INFO AutoUpdate version : 6.4.292.02020-06-07T22:37:11.405Z [15968:18684] [v6.4.292.0] INFO SophosUpdate version : 6.4.292.02020-06-07T22:37:11.405Z [15968:18684] [v6.4.292.0] INFO Build : 20200429173443-7acb03303197f5c0731d6b9c4afc467d5c7ff02e2020-06-07T22:37:11.405Z [15968:18684] [v6.4.292.0] INFO =========================2020-06-07T22:37:11.405Z [15968:18684] [v6.4.292.0] INFO Platform ID: WIN_10_X64 2004 19041.2642020-06-07T22:37:11.405Z [15968:18684] [v6.4.292.0] INFO Platform upgraded: 0
The values come from:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\AutoUpdate
Platform and PlatformRelease string values.
In the case where the current OS and these differ, then AutoUpdate runs the setup plugins of each of the components.
So under \windows\temp you will see the install logs for each component. Can you attach the logs of the failed components to this post?
Regards,Jak
Hello Shweta,
Thank you for your response, Will write to you in more details once we have the results on ZAP Tool.
Looking at the Events and logs it looks like the Monthly patches have caused this problem.
P.S-Updated the POST title to make it more relevant.
Thanks Jak, Deeper investigations has indicated the Windows monthly security patches has caused this and not the Build 1909.
We are trying to get a list of devices broken and verify for the timing of events if they match.Also a list of KB's installed that would need to verified which one could possibly cause this problem.
P.S- I have edited the title of the POST as its Windows Update issue and not the build issue.