Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 17 subscribers
  • Views 10471 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos file scanner did not start

Ziyaad Alawie

Good Day

For a few months now there has been an issue with 2 of our servers. The file scanner service has stopped working for some reason. I done some research and tried uninstalling and reinstalling the Sophos agent, it worked for a month but now its not working again. I then logged a case with support who said that a few of the sophos endpoints were unavailable during an update:

SophosUpdate

2021-01-12T11:07:42.531Z [16888:16712] [v6.6.386.0] WARN  Failed to get the automatic proxy configuration. The error code was 12180.
2021-01-12T11:07:42.531Z [16888:22168] [v6.6.386.0] INFO  Trying update location: https://dci.sophosupd.com/v3/a/9e/a9ea8c83a1bb8ace183f86d7cebd499bc40e9d91e21bcdfedc5fd3633a1e28e8.dat with proxy: <direct; no proxy>
2021-01-12T11:07:42.692Z [16888:22168] [v6.6.386.0] INFO  404 from location: https://dci.sophosupd.com with proxy: <direct; no proxy>
2021-01-12T11:07:42.694Z [16888:22168] [v6.6.386.0] INFO  Trying update location: https://dci.sophosupd.com/update/0/fe/0fee16ef4788533e56a45b872e64c64f.dat with proxy: <direct; no proxy>

During this communication with support the services started working again, however this morning this morning it stopped again but this time the case has been closed.

Any advice?



This thread was automatically locked due to age.
  • 0

    Hi

    Can you share with us the case ID that you've created? Also please apply the below steps and let us know if the issue re-occurs.

    Disable tamper protection
    Open Run and type CMD lunch cmd as an Administrator then type sc delete "Sophos File Scanner Services" enter.
    Delete file SAVSync.UPD on C:\Program Files (x86)\Sophos\Sophos Anti-Virus
    Reboot the Machine.
    Initiate update on Sophos UI. and observe the status.

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0

    Hello Ziyaad,

    404 during the update is when a specific file is requested by an endpoint or server during update cycle but it cannot be found. Most often we see this issue when web caching is enabled on your web appliance.  Eg. it's not found, because the machine doesn't go to Sophos Central directly but trying to use web cache. 

    Are you using Sophos XG or UTM appliances by any chance? 

    Does the issue persist if you disable Web Caching?

    On the UTM you can do this by navigating to the UTM > Web Protection > Filtering Options > Misc > Scroll down to Web Caching, uncheck "Force caching for Sophos Endpoint Updates" and apply.

    On the XG you can do this by navigating to XG > Web > General Settings > Web Content Caching > Uncheck "Always cache Sophos Endpoint updates" and apply.

    Regarding File scanner service stopping - there could be many reasons. During the component update, the existing component is getting uninstalled and a new one deployed. If there is an issue, the process is rolled back. In your case, as you have issues with getting some files from Sophos Central, the rollback didn't work all the way properly. We do recommend to look into that 404 updating error \ web caching and check if that will resolve the issue. 

    Once web caching is disabled and if the issue with File scanner service is not resolved, please stop Tamper protection on that machine, stop Sophos AutoUpdate service and rename\delete  C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml - that file contains info about installed components and when it's missing, it will force reinstall all components. Please note that a reboot will be required to re-initialize all defences. 

    If you are still having issues with missing\stopped services at that point then full reinstall using SophosZap tool is recommended, as likely at that point it would be an issue with old registry keys preventing new component to initialize. Here is the article for SophosZap:

    support.sophos.com/.../KB-000038989

    Hope that helps! Please let me know if you have any further questions!

  • 0

    The Sophos File Scanner problem wouldn't be related to the AutoUpdate log assuming it's installed. 

    Is the issue with the Sophos File Scanner Service or the processes it launches?

    The service "Sophos File Scanner Service" is SophosFS.exe and logs to:

    C:\ProgramData\Sophos\Sophos File Scanner\Logs\SophosFS.log

    The child processes log to SophosFileScanner.log in the same directory.

    Can you check/link the logs?

    Thanks.

  • 0 in reply to Sophos User930

    Hey, below is the the logs for the SophosFIleScanner.log.

    a 2020-12-31T15:06:40.678Z [18168:20396] - SED Async Comm Initialized
    a 2020-12-31T15:06:40.682Z [18168:20396] - Launching worker
    a 2020-12-31T15:06:40.691Z [18168:20396] - Worker is running, pid: 21224
    a 2020-12-31T15:06:42.155Z [18168:20428] - Worker[21224:22292] SED Async Comm Established: port 201
    a 2020-12-31T15:06:42.155Z [18168:20428] - Worker[21224:22292] Starting worker
    a 2020-12-31T15:06:42.155Z [18168:20428] - Worker[21224:22292] Engine path:                 C:\Program Files\Sophos\Sophos Standalone Engine\engine1\engine\16071084712845646
    a 2020-12-31T15:06:42.156Z [18168:20428] - Worker[21224:22292] Data path:                   C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16094271815356433
    a 2020-12-31T15:06:42.156Z [18168:20428] - Worker[21224:22292] ML scan path:                C:\Program Files\Sophos\Sophos ML Engine\ML1\scan\16071085933270551
    a 2020-12-31T15:06:42.156Z [18168:20428] - Worker[21224:22292] ML telemetry path:           C:\Program Files\Sophos\Sophos ML Engine\ML1\telemetry\16071085933270551
    a 2020-12-31T15:06:42.156Z [18168:20428] - Worker[21224:22292] Thread count:                12
    a 2020-12-31T15:06:42.156Z [18168:20428] - Worker[21224:22292] AMSI thread count:           1
    a 2020-12-31T15:06:42.156Z [18168:20428] - Worker[21224:22292] AMSI queue size:             512
    a 2020-12-31T15:06:42.157Z [18168:20428] - Worker[21224:22292] AMSI FastRegex enabled:      0
    a 2020-12-31T15:06:42.157Z [18168:20428] - Worker[21224:22292] Use scan dispatcher:         1
    a 2020-12-31T15:06:42.157Z [18168:20428] - Worker[21224:22292] Scan dispatcher config path: C:\ProgramData\Sophos\Sophos File Scanner\Drop\scan_dispatcher_config_16082246528976653.json
    a 2020-12-31T15:06:42.157Z [18168:20428] - Worker[21224:22292] Data classification:         Disabled
    a 2020-12-31T15:06:42.157Z [18168:20428] - Worker[21224:22292] DC conan path:               
    a 2020-12-31T15:06:42.157Z [18168:20428] - Worker[21224:22292] DC CCL paths:                
    a 2020-12-31T15:06:42.578Z [18168:20428] - Worker[21224:22292] SFS version:                          10702d1
    a 2020-12-31T15:06:42.579Z [18168:20428] - Worker[21224:22292] Engine version:                       3.79.0
    a 2020-12-31T15:06:42.579Z [18168:20428] - Worker[21224:22292] Virus data version:                   2020123101
    a 2020-12-31T15:06:42.580Z [18168:20428] - Worker[21224:22292] ML scan data version:                 20200930
    a 2020-12-31T15:06:42.580Z [18168:20428] - Worker[21224:22292] ML telemetry data version:            20200930
    a 2020-12-31T15:06:42.580Z [18168:20428] - Worker[21224:22292] LocalRep data version:                d4dc13a2a6284cf12e60285a0a2ff963666f590f78af6b82c03197df2befa045|2020121601|2020121401
    a 2020-12-31T15:06:42.581Z [18168:20428] - Worker[21224:22292] LocalRep config version:              b1cd6f30f2df907d3ce03e6659d52a1623770ae5cd2cfb7375b62c2518f90dc2
    a 2020-12-31T15:06:42.581Z [18168:20428] - Worker[21224:22292] Detection config version:             d88e7e71354c1cea3c17f822927dc941836a4c5f0664e3e141eef3ca7c047b02
    a 2020-12-31T15:06:42.581Z [18168:20428] - Worker[21224:22292] MlScores config version:              566453d41cf2ae18b27d4794d986f6c6f9fb6c11bd4759b603825b1416bc7b55
    a 2020-12-31T15:06:42.582Z [18168:20428] - Worker[21224:22292] Data classification conan version:    
    a 2020-12-31T15:06:42.589Z [18168:20428] - Worker[21224:22292] ScanDispatcher: version 1.2.3.0
    a 2020-12-31T15:06:43.461Z [18168:20428] - Received VersionInfo message from the worker
    a 2020-12-31T15:06:43.467Z [17316:18132] - Shutdown has been requested
    a 2020-12-31T15:06:43.467Z [17316:7356] - Worker[16148:18016] Received Shutdown message from host
    a 2020-12-31T15:06:43.468Z [17316:7356] - Received ShutdownReceived message from the worker
    a 2020-12-31T15:06:43.538Z [17316:7356] - Received ShutdownComplete message from the worker
    a 2020-12-31T15:06:44.636Z [17316:18132] - Worker has exited, exit code: 0
    a 2021-01-05T08:07:36.568Z [25312:21872] - SED Async Comm Initialized
    a 2021-01-05T08:07:36.572Z [25312:21872] - Launching worker
    a 2021-01-05T08:07:36.584Z [25312:21872] - Worker is running, pid: 23348
    a 2021-01-05T08:07:38.204Z [25312:24032] - Worker[23348:15292] SED Async Comm Established: port 201
    a 2021-01-05T08:07:38.204Z [25312:24032] - Worker[23348:15292] Starting worker
    a 2021-01-05T08:07:38.205Z [25312:24032] - Worker[23348:15292] Engine path:                 C:\Program Files\Sophos\Sophos Standalone Engine\engine1\engine\16071084712845646
    a 2021-01-05T08:07:38.205Z [25312:24032] - Worker[23348:15292] Data path:                   C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16098340362261435
    a 2021-01-05T08:07:38.206Z [25312:24032] - Worker[23348:15292] ML scan path:                C:\Program Files\Sophos\Sophos ML Engine\ML1\scan\16071085933270551
    a 2021-01-05T08:07:38.206Z [25312:24032] - Worker[23348:15292] ML telemetry path:           C:\Program Files\Sophos\Sophos ML Engine\ML1\telemetry\16071085933270551
    a 2021-01-05T08:07:38.206Z [25312:24032] - Worker[23348:15292] Thread count:                12
    a 2021-01-05T08:07:38.206Z [25312:24032] - Worker[23348:15292] AMSI thread count:           1
    a 2021-01-05T08:07:38.206Z [25312:24032] - Worker[23348:15292] AMSI queue size:             512
    a 2021-01-05T08:07:38.207Z [25312:24032] - Worker[23348:15292] AMSI FastRegex enabled:      0
    a 2021-01-05T08:07:38.207Z [25312:24032] - Worker[23348:15292] Use scan dispatcher:         1
    a 2021-01-05T08:07:38.207Z [25312:24032] - Worker[23348:15292] Scan dispatcher config path: C:\ProgramData\Sophos\Sophos File Scanner\Drop\scan_dispatcher_config_16082246528976653.json
    a 2021-01-05T08:07:38.207Z [25312:24032] - Worker[23348:15292] Data classification:         Disabled
    a 2021-01-05T08:07:38.207Z [25312:24032] - Worker[23348:15292] DC conan path:               
    a 2021-01-05T08:07:38.207Z [25312:24032] - Worker[23348:15292] DC CCL paths:                
    a 2021-01-05T08:07:38.621Z [25312:24032] - Worker[23348:15292] SFS version:                          10702d1
    a 2021-01-05T08:07:38.621Z [25312:24032] - Worker[23348:15292] Engine version:                       3.79.0
    a 2021-01-05T08:07:38.622Z [25312:24032] - Worker[23348:15292] Virus data version:                   2021010406
    a 2021-01-05T08:07:38.622Z [25312:24032] - Worker[23348:15292] ML scan data version:                 20200930
    a 2021-01-05T08:07:38.622Z [25312:24032] - Worker[23348:15292] ML telemetry data version:            20200930
    a 2021-01-05T08:07:38.622Z [25312:24032] - Worker[23348:15292] LocalRep data version:                d4dc13a2a6284cf12e60285a0a2ff963666f590f78af6b82c03197df2befa045|2020121601|2020121401
    a 2021-01-05T08:07:38.622Z [25312:24032] - Worker[23348:15292] LocalRep config version:              b1cd6f30f2df907d3ce03e6659d52a1623770ae5cd2cfb7375b62c2518f90dc2
    a 2021-01-05T08:07:38.622Z [25312:24032] - Worker[23348:15292] Detection config version:             1044b78aa1046795aab4d43c1e17e10de2fa60d7c884f7984847c9d7e2f6c227
    a 2021-01-05T08:07:38.623Z [25312:24032] - Worker[23348:15292] MlScores config version:              ddbc0e04e1a8bf65adc26fb72cd39ede64753205923fae6e3dc3cc2a8014bc0e
    a 2021-01-05T08:07:38.623Z [25312:24032] - Worker[23348:15292] Data classification conan version:    
    a 2021-01-05T08:07:38.631Z [25312:24032] - Worker[23348:15292] ScanDispatcher: version 1.2.3.0
    a 2021-01-05T08:07:39.594Z [25312:24032] - Received VersionInfo message from the worker
    a 2021-01-05T08:07:39.603Z [18168:20396] - Shutdown has been requested
    a 2021-01-05T08:07:39.603Z [18168:20428] - Worker[21224:12684] Received Shutdown message from host
    a 2021-01-05T08:07:39.603Z [18168:20428] - Received ShutdownReceived message from the worker
    a 2021-01-05T08:07:39.674Z [18168:20428] - Received ShutdownComplete message from the worker
    a 2021-01-05T08:07:40.787Z [18168:20396] - Worker has exited, exit code: 0
    e 2021-01-07T09:08:00.939Z [23496:25728] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T09:08:00.939Z [23496:25728] - Couldn't initialize server async comms
    e 2021-01-07T09:08:00.940Z [23496:25728] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T09:08:01.975Z [24176:24984] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T09:08:01.975Z [24176:24984] - Couldn't initialize server async comms
    e 2021-01-07T09:08:01.975Z [24176:24984] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T09:08:03.008Z [22200:23732] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T09:08:03.008Z [22200:23732] - Couldn't initialize server async comms
    e 2021-01-07T09:08:03.008Z [22200:23732] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T09:08:05.047Z [21944:26276] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T09:08:05.047Z [21944:26276] - Couldn't initialize server async comms
    e 2021-01-07T09:08:05.047Z [21944:26276] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T09:08:16.102Z [25700:25372] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T09:08:16.102Z [25700:25372] - Couldn't initialize server async comms
    e 2021-01-07T09:08:16.102Z [25700:25372] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T09:09:17.139Z [19980:24580] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T09:09:17.140Z [19980:24580] - Couldn't initialize server async comms
    e 2021-01-07T09:09:17.140Z [19980:24580] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T09:14:18.203Z [24764:25604] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T09:14:18.203Z [24764:25604] - Couldn't initialize server async comms
    e 2021-01-07T09:14:18.203Z [24764:25604] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T09:19:19.277Z [24580:22740] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T09:19:19.277Z [24580:22740] - Couldn't initialize server async comms
    e 2021-01-07T09:19:19.277Z [24580:22740] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T09:24:20.338Z [4348:20300] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T09:24:20.338Z [4348:20300] - Couldn't initialize server async comms
    e 2021-01-07T09:24:20.339Z [4348:20300] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T09:29:21.420Z [15080:20180] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T09:29:21.420Z [15080:20180] - Couldn't initialize server async comms
    e 2021-01-07T09:29:21.421Z [15080:20180] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T09:34:22.484Z [18400:25032] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T09:34:22.484Z [18400:25032] - Couldn't initialize server async comms
    e 2021-01-07T09:34:22.485Z [18400:25032] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T09:39:23.557Z [24520:8044] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T09:39:23.557Z [24520:8044] - Couldn't initialize server async comms
    e 2021-01-07T09:39:23.557Z [24520:8044] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T09:44:24.649Z [21928:18180] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T09:44:24.649Z [21928:18180] - Couldn't initialize server async comms
    e 2021-01-07T09:44:24.650Z [21928:18180] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T09:49:25.706Z [23772:19084] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T09:49:25.706Z [23772:19084] - Couldn't initialize server async comms
    e 2021-01-07T09:49:25.706Z [23772:19084] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T09:54:26.773Z [25004:24436] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T09:54:26.773Z [25004:24436] - Couldn't initialize server async comms
    e 2021-01-07T09:54:26.773Z [25004:24436] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T09:59:27.832Z [19352:25432] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T09:59:27.832Z [19352:25432] - Couldn't initialize server async comms
    e 2021-01-07T09:59:27.832Z [19352:25432] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T10:04:28.897Z [20188:25256] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T10:04:28.897Z [20188:25256] - Couldn't initialize server async comms
    e 2021-01-07T10:04:28.897Z [20188:25256] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T10:09:29.981Z [8904:24328] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T10:09:29.981Z [8904:24328] - Couldn't initialize server async comms
    e 2021-01-07T10:09:29.981Z [8904:24328] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T10:14:31.045Z [24808:26460] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T10:14:31.046Z [24808:26460] - Couldn't initialize server async comms
    e 2021-01-07T10:14:31.046Z [24808:26460] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T10:19:32.116Z [24556:24436] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T10:19:32.117Z [24556:24436] - Couldn't initialize server async comms
    e 2021-01-07T10:19:32.117Z [24556:24436] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T10:24:33.185Z [25812:25744] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T10:24:33.185Z [25812:25744] - Couldn't initialize server async comms
    e 2021-01-07T10:24:33.186Z [25812:25744] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T10:29:34.236Z [7332:22872] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T10:29:34.236Z [7332:22872] - Couldn't initialize server async comms
    e 2021-01-07T10:29:34.236Z [7332:22872] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T10:34:35.292Z [23856:11860] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T10:34:35.293Z [23856:11860] - Couldn't initialize server async comms
    e 2021-01-07T10:34:35.293Z [23856:11860] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T10:39:36.366Z [21844:15076] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T10:39:36.366Z [21844:15076] - Couldn't initialize server async comms
    e 2021-01-07T10:39:36.366Z [21844:15076] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T10:44:37.439Z [17480:25156] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T10:44:37.439Z [17480:25156] - Couldn't initialize server async comms
    e 2021-01-07T10:44:37.439Z [17480:25156] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T10:49:38.515Z [20064:20332] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T10:49:38.515Z [20064:20332] - Couldn't initialize server async comms
    e 2021-01-07T10:49:38.515Z [20064:20332] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T10:54:39.580Z [23704:25728] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T10:54:39.580Z [23704:25728] - Couldn't initialize server async comms
    e 2021-01-07T10:54:39.580Z [23704:25728] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T10:59:40.645Z [17464:19352] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T10:59:40.645Z [17464:19352] - Couldn't initialize server async comms
    e 2021-01-07T10:59:40.645Z [17464:19352] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T11:04:41.712Z [22120:23532] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T11:04:41.713Z [22120:23532] - Couldn't initialize server async comms
    e 2021-01-07T11:04:41.713Z [22120:23532] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T11:09:42.774Z [24160:3884] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T11:09:42.774Z [24160:3884] - Couldn't initialize server async comms
    e 2021-01-07T11:09:42.775Z [24160:3884] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T11:14:43.955Z [24656:25132] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T11:14:43.955Z [24656:25132] - Couldn't initialize server async comms
    e 2021-01-07T11:14:43.955Z [24656:25132] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T11:19:45.027Z [25892:22600] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T11:19:45.027Z [25892:22600] - Couldn't initialize server async comms
    e 2021-01-07T11:19:45.027Z [25892:22600] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T11:24:46.105Z [7980:25108] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T11:24:46.105Z [7980:25108] - Couldn't initialize server async comms
    e 2021-01-07T11:24:46.105Z [7980:25108] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T11:29:47.171Z [21924:22120] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T11:29:47.171Z [21924:22120] - Couldn't initialize server async comms
    e 2021-01-07T11:29:47.171Z [21924:22120] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T11:34:48.246Z [24216:24764] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T11:34:48.246Z [24216:24764] - Couldn't initialize server async comms
    e 2021-01-07T11:34:48.247Z [24216:24764] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T11:39:49.308Z [22608:20984] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T11:39:49.308Z [22608:20984] - Couldn't initialize server async comms
    e 2021-01-07T11:39:49.308Z [22608:20984] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T11:44:50.363Z [26232:25132] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T11:44:50.363Z [26232:25132] - Couldn't initialize server async comms
    e 2021-01-07T11:44:50.364Z [26232:25132] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T11:49:51.430Z [23308:21844] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T11:49:51.431Z [23308:21844] - Couldn't initialize server async comms
    e 2021-01-07T11:49:51.431Z [23308:21844] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T11:54:52.499Z [11572:17364] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T11:54:52.499Z [11572:17364] - Couldn't initialize server async comms
    e 2021-01-07T11:54:52.499Z [11572:17364] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T11:59:53.563Z [24680:16972] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T11:59:53.563Z [24680:16972] - Couldn't initialize server async comms
    e 2021-01-07T11:59:53.563Z [24680:16972] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T12:04:54.611Z [17984:22120] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T12:04:54.611Z [17984:22120] - Couldn't initialize server async comms
    e 2021-01-07T12:04:54.611Z [17984:22120] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T12:09:55.686Z [25012:23732] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T12:09:55.686Z [25012:23732] - Couldn't initialize server async comms
    e 2021-01-07T12:09:55.686Z [25012:23732] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T12:14:56.755Z [26268:25452] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T12:14:56.755Z [26268:25452] - Couldn't initialize server async comms
    e 2021-01-07T12:14:56.755Z [26268:25452] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T12:19:57.834Z [26036:25224] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T12:19:57.834Z [26036:25224] - Couldn't initialize server async comms
    e 2021-01-07T12:19:57.834Z [26036:25224] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T12:24:58.905Z [26416:25648] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T12:24:58.905Z [26416:25648] - Couldn't initialize server async comms
    e 2021-01-07T12:24:58.906Z [26416:25648] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T12:29:59.964Z [26412:24640] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T12:29:59.964Z [26412:24640] - Couldn't initialize server async comms
    e 2021-01-07T12:29:59.964Z [26412:24640] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T12:35:01.036Z [26132:25700] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T12:35:01.037Z [26132:25700] - Couldn't initialize server async comms
    e 2021-01-07T12:35:01.037Z [26132:25700] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T12:40:02.110Z [16116:24168] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T12:40:02.110Z [16116:24168] - Couldn't initialize server async comms
    e 2021-01-07T12:40:02.111Z [16116:24168] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T12:45:03.181Z [23692:17452] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T12:45:03.181Z [23692:17452] - Couldn't initialize server async comms
    e 2021-01-07T12:45:03.181Z [23692:17452] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T12:50:04.239Z [24216:21580] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T12:50:04.239Z [24216:21580] - Couldn't initialize server async comms
    e 2021-01-07T12:50:04.239Z [24216:21580] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T12:55:05.308Z [26140:4348] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T12:55:05.308Z [26140:4348] - Couldn't initialize server async comms
    e 2021-01-07T12:55:05.308Z [26140:4348] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T13:00:06.379Z [23564:15516] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T13:00:06.379Z [23564:15516] - Couldn't initialize server async comms
    e 2021-01-07T13:00:06.380Z [23564:15516] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T13:05:07.456Z [21508:24948] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T13:05:07.457Z [21508:24948] - Couldn't initialize server async comms
    e 2021-01-07T13:05:07.457Z [21508:24948] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T13:10:08.524Z [15516:22724] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T13:10:08.524Z [15516:22724] - Couldn't initialize server async comms
    e 2021-01-07T13:10:08.524Z [15516:22724] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T13:15:09.585Z [8772:24964] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T13:15:09.585Z [8772:24964] - Couldn't initialize server async comms
    e 2021-01-07T13:15:09.585Z [8772:24964] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T13:20:10.663Z [18448:22696] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T13:20:10.663Z [18448:22696] - Couldn't initialize server async comms
    e 2021-01-07T13:20:10.663Z [18448:22696] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T13:25:11.734Z [25316:25544] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T13:25:11.734Z [25316:25544] - Couldn't initialize server async comms
    e 2021-01-07T13:25:11.734Z [25316:25544] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T13:30:12.810Z [25504:21460] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T13:30:12.810Z [25504:21460] - Couldn't initialize server async comms
    e 2021-01-07T13:30:12.810Z [25504:21460] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T13:35:13.877Z [20572:24192] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T13:35:13.877Z [20572:24192] - Couldn't initialize server async comms
    e 2021-01-07T13:35:13.877Z [20572:24192] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T13:40:14.949Z [20184:15740] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T13:40:14.949Z [20184:15740] - Couldn't initialize server async comms
    e 2021-01-07T13:40:14.949Z [20184:15740] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T13:45:16.028Z [20032:23824] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T13:45:16.028Z [20032:23824] - Couldn't initialize server async comms
    e 2021-01-07T13:45:16.028Z [20032:23824] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T13:50:17.096Z [7696:23148] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T13:50:17.096Z [7696:23148] - Couldn't initialize server async comms
    e 2021-01-07T13:50:17.096Z [7696:23148] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T13:55:18.157Z [18780:18784] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T13:55:18.158Z [18780:18784] - Couldn't initialize server async comms
    e 2021-01-07T13:55:18.158Z [18780:18784] - Error: IpcServerSed Failed to Initialize.
    e 2021-01-07T14:00:19.228Z [23788:25444] - SgInitializeAsyncCommsEx failed
    e 2021-01-07T14:00:19.228Z [23788:25444] - Couldn't initialize server async comms
    e 2021-01-07T14:00:19.228Z [23788:25444] - Error: IpcServerSed Failed to Initialize

  • 0 in reply to Ziyaad Alawie

    Thank you for the logs! We had a few cases with similar errors and they got fixed after a reboot or reinstall. When was the last reboot done? 

    Are you using controlled updates by any chance? 

  • 0 in reply to Ziyaad Alawie

    This is SFS trying to connect to the SophosED.sys driver.

    If you look in Process Explorer at the System process, under modules I assume you see sophosed.sys as listed and it appears ("Sophos Endpoint Defense") when you run in an admin prompt "fltmc,exe"?

    If so, back in Process Explorer, if you enable the lower pain and switch it to display handles of the System process, do you see handles such as:

    FilterConnectionPort \SophosEndpointDefenseAbortScanCommPort
    FilterConnectionPort \SophosEndpointDefenseAsyncCommPort
    FilterConnectionPort \SophosEndpointDefenseSavAbortScanCommPort
    FilterConnectionPort \SophosEndpointDefenseSavScanCommPort
    FilterConnectionPort \SophosEndpointDefenseScanCommPort
    FilterConnectionPort \SophosEndpointDefenseScanEvalCommPort
    FilterConnectionPort \SophosEndpointDefenseSyncCommPort

    I would also, check in the C:\programdata\Sophos\Endpoint Defense\logs\sed.log file, when the SFS process tries to connect, does it error?

Unfiltered HTML