Sophos Central customers have reported issues preventing successful installation, live terminal and device list access issues in the EU-CENTRAL-1 region For more info refer to KBA-000041338 for the latest updates.
Sophos Central customers have reported issues preventing successful installation, live terminal and device list access issues in the EU-CENTRAL-1 region For more info refer to KBA-000041338 for the latest updates.
Hi,
we noticed high CPU load on some servers with IX with XDR.
Today a Domain Controller, single core machine was busy for hours starting with the installation of Sophos Live Query update. After the update itself there were process running with high cpu load like SophosOsqueryExtension.exe or SophosLiveQueryService.exe.
First attempt was at 12:20, second at 14:20
SophosOsquery.log:
2021-10-15T00:51:36.257Z ---Process terminated--- I1015 02:53:33.000435 14144 interface.cpp:110] Registering extension (SophosExtension, 10046, version=3.2.1.206, sdk=4.4.0) I1015 02:53:33.016062 11380 interface.cpp:110] Registering extension (sophosmdrextension, 25143, version=2.1.0.65, sdk=) W1015 02:53:33.548032 2232 init.cpp:597] Error reading config: Missing config plugin 2021-10-15T10:21:30.252Z ---Process terminated--- 2021-10-15T10:26:14.727Z ---Process terminated--- I1015 14:19:11.046438 6368 interface.cpp:110] Registering extension (SophosServiceExtension, 15616, version=3.2.1.206, sdk=4.4.0) I1015 14:19:12.178261 6452 interface.cpp:110] Registering extension (sophosmdrextension, 25168, version=2.1.0.65, sdk=) I1015 14:19:12.215044 13120 interface.cpp:110] Registering extension (SophosExtension, 14931, version=3.2.1.206, sdk=4.4.0) I1015 14:19:36.588044 9996 interfaces.cpp:102] Failed to retrieve network statistics for interface 1 I1015 14:19:36.744299 9996 interfaces.cpp:130] Failed to retrieve physical state for interface 1 I1015 14:19:36.775547 9996 interfaces.cpp:157] Failed to retrieve DHCP and DNS information for interface 1 I1015 14:19:36.791172 9996 interfaces.cpp:102] Failed to retrieve network statistics for interface 13 I1015 14:19:38.275583 7508 scheduler.cpp:112] Executing scheduled query pack_live_query_3_sophos_ips_windows I1015 14:20:04.570500 7508 interfaces.cpp:102] Failed to retrieve network statistics for interface 1 I1015 14:20:04.803503 7508 interfaces.cpp:130] Failed to retrieve physical state for interface 1 I1015 14:20:04.850378 7508 interfaces.cpp:157] Failed to retrieve DHCP and DNS information for interface 1 I1015 14:20:04.866004 7508 interfaces.cpp:102] Failed to retrieve network statistics for interface 13 I1015 14:20:06.350426 7508 scheduler.cpp:127] Query pack_live_query_3_sophos_ips_windows finished after: 28080 milliseconds I1015 14:20:06.350426 7508 query.cpp:117] New Epoch 1633830848 for scheduled query pack_live_query_3_sophos_ips_windows I1015 14:20:06.694180 7508 scheduler.cpp:112] Executing scheduled query open_sockets I1015 14:20:06.787930 7508 processes.cpp:366] Failed to lookup path information for process 4 I1015 14:20:06.787930 7508 processes.cpp:338] Failed to get PEB UPP for 4 with 0 I1015 14:20:06.787930 7508 processes.cpp:380] Failed to get cwd for 4 with 0 I1015 14:20:06.787930 7508 processes.cpp:272] Failed to get PEB UPP for 4 with 0 I1015 14:20:06.787930 7508 processes.cpp:338] Failed to get PEB UPP for 312 with 5 I1015 14:20:06.787930 7508 processes.cpp:380] Failed to get cwd for 312 with 5 I1015 14:20:06.787930 7508 processes.cpp:338] Failed to get PEB UPP for 408 with 5 I1015 14:20:06.787930 7508 processes.cpp:380] Failed to get cwd for 408 with 5 I1015 14:20:06.787930 7508 processes.cpp:338] Failed to get PEB UPP for 496 with 5 I1015 14:20:06.787930 7508 processes.cpp:380] Failed to get cwd for 496 with 5 I1015 14:20:06.803558 7508 processes.cpp:338] Failed to get PEB UPP for 592 with 5 I1015 14:20:06.803558 7508 processes.cpp:380] Failed to get cwd for 592 with 5 I1015 14:20:07.084818 7508 scheduler.cpp:127] Query open_sockets finished after: 382 milliseconds I1015 14:20:07.084818 7508 query.cpp:117] New Epoch 1633830848 for scheduled query open_sockets I1015 14:20:08.681063 7508 scheduler.cpp:112] Executing scheduled query pack_live_query_3_running_processes_windows_sophos I1015 14:30:48.251125 4480 extensions.cpp:348] Extension UUID 14931 has gone away I1015 15:16:03.905375 7508 scheduler.cpp:127] Query pack_live_query_3_running_processes_windows_sophos finished after: 3355209 milliseconds I1015 15:16:04.230396 7508 query.cpp:117] New Epoch 1633830848 for scheduled query pack_live_query_3_running_processes_windows_sophos E1015 15:16:07.290649 7508 shutdown.cpp:69] Error logging the results of query: pack_live_query_3_running_processes_windows_sophos: Extension socket not available: \\.\pipe\sophoslivequery_MgwNX22Pmq.sock.15616 2021-10-15T13:16:08.153Z ---Process terminated--- I1015 15:16:42.916321 7680 interface.cpp:110] Registering extension (SophosServiceExtension, 19468, version=3.2.1.206, sdk=4.4.0) I1015 15:16:43.383359 1220 interface.cpp:110] Registering extension (sophosmdrextension, 25492, version=2.1.0.65, sdk=) I1015 15:16:43.422360 6800 interface.cpp:110] Registering extension (SophosExtension, 2377, version=3.2.1.206, sdk=4.4.0) I1015 15:16:47.160462 14144 interfaces.cpp:102] Failed to retrieve network statistics for interface 1 I1015 15:16:47.258472 14144 interfaces.cpp:130] Failed to retrieve physical state for interface 1 I1015 15:16:47.272472 14144 interfaces.cpp:157] Failed to retrieve DHCP and DNS information for interface 1 I1015 15:16:47.287473 14144 interfaces.cpp:102] Failed to retrieve network statistics for interface 13 I1015 15:16:51.540437 13580 scheduler.cpp:112] Executing scheduled query pack_live_query_3_running_processes_windows_sophos I1015 15:26:44.964210 13580 scheduler.cpp:127] Query pack_live_query_3_running_processes_windows_sophos finished after: 593423 milliseconds I1015 15:26:45.026214 13580 query.cpp:122] Scheduled query has been updated: pack_live_query_3_running_processes_windows_sophos I1015 15:27:07.499006 13580 scheduler.cpp:112] Executing scheduled query open_sockets I1015 15:27:07.537006 13580 processes.cpp:366] Failed to lookup path information for process 4 I1015 15:27:07.549505 13580 processes.cpp:338] Failed to get PEB UPP for 4 with 0 I1015 15:27:07.549505 13580 processes.cpp:380] Failed to get cwd for 4 with 0 I1015 15:27:07.549505 13580 processes.cpp:272] Failed to get PEB UPP for 4 with 0 I1015 15:27:07.550496 13580 processes.cpp:338] Failed to get PEB UPP for 312 with 5 I1015 15:27:07.550496 13580 processes.cpp:380] Failed to get cwd for 312 with 5 I1015 15:27:07.550496 13580 processes.cpp:338] Failed to get PEB UPP for 408 with 5 I1015 15:27:07.550496 13580 processes.cpp:380] Failed to get cwd for 408 with 5 I1015 15:27:07.551496 13580 processes.cpp:338] Failed to get PEB UPP for 496 with 5 I1015 15:27:07.551496 13580 processes.cpp:380] Failed to get cwd for 496 with 5 I1015 15:27:07.552496 13580 processes.cpp:338] Failed to get PEB UPP for 592 with 5 I1015 15:27:07.552496 13580 processes.cpp:380] Failed to get cwd for 592 with 5 I1015 15:27:07.570498 13580 processes.cpp:338] Failed to get PEB UPP for 9320 with 5 I1015 15:27:07.570498 13580 processes.cpp:380] Failed to get cwd for 9320 with 5 I1015 15:27:07.655519 13580 scheduler.cpp:127] Query open_sockets finished after: 144 milliseconds I1015 15:27:07.676522 13580 query.cpp:122] Scheduled query has been updated: open_sockets I1015 15:27:11.500754 13580 scheduler.cpp:112] Executing scheduled query pack_live_query_3_changed_files_windows_sophos I1015 15:28:02.400807 13580 scheduler.cpp:127] Query pack_live_query_3_changed_files_windows_sophos finished after: 50900 milliseconds I1015 15:28:02.438808 13580 query.cpp:117] New Epoch 1633830848 for scheduled query pack_live_query_3_changed_files_windows_sophos I1015 15:28:02.723834 13580 scheduler.cpp:112] Executing scheduled query pack_live_query_3_running_processes_windows_sophos I1015 15:28:12.626657 13580 scheduler.cpp:127] Query pack_live_query_3_running_processes_windows_sophos finished after: 9903 milliseconds I1015 15:28:13.748749 13580 scheduler.cpp:112] Executing scheduled query pack_live_query_3_ioc_windows_registry_malware_sdbot I1015 15:29:41.266014 13580 scheduler.cpp:127] Query pack_live_query_3_ioc_windows_registry_malware_sdbot finished after: 87517 milliseconds I1015 15:29:41.304018 13580 query.cpp:117] New Epoch 1633830848 for scheduled query pack_live_query_3_ioc_windows_registry_malware_sdbot I1015 15:29:45.385383 13580 scheduler.cpp:112] Executing scheduled query pack_live_query_3_sophos_urls_windows I1015 15:29:45.462385 13580 scheduler.cpp:127] Query pack_live_query_3_sophos_urls_windows finished after: 77 milliseconds I1015 15:29:45.482385 13580 query.cpp:117] New Epoch 1633830848 for scheduled query pack_live_query_3_sophos_urls_windows I1015 15:29:53.899271 13580 scheduler.cpp:112] Executing scheduled query open_sockets I1015 15:29:53.963279 13580 processes.cpp:366] Failed to lookup path information for process 4 I1015 15:29:53.963279 13580 processes.cpp:338] Failed to get PEB UPP for 4 with 0 I1015 15:29:53.963279 13580 processes.cpp:380] Failed to get cwd for 4 with 0 I1015 15:29:53.964278 13580 processes.cpp:272] Failed to get PEB UPP for 4 with 0 I1015 15:29:53.964278 13580 processes.cpp:338] Failed to get PEB UPP for 312 with 5 I1015 15:29:53.964278 13580 processes.cpp:380] Failed to get cwd for 312 with 5 I1015 15:29:53.965279 13580 processes.cpp:338] Failed to get PEB UPP for 408 with 5 I1015 15:29:53.965279 13580 processes.cpp:380] Failed to get cwd for 408 with 5 I1015 15:29:53.966279 13580 processes.cpp:338] Failed to get PEB UPP for 496 with 5 I1015 15:29:53.966279 13580 processes.cpp:380] Failed to get cwd for 496 with 5 I1015 15:29:53.967278 13580 processes.cpp:338] Failed to get PEB UPP for 592 with 5 I1015 15:29:53.967278 13580 processes.cpp:380] Failed to get cwd for 592 with 5 I1015 15:29:53.985280 13580 processes.cpp:338] Failed to get PEB UPP for 9320 with 5 I1015 15:29:53.985280 13580 processes.cpp:380] Failed to get cwd for 9320 with 5 I1015 15:29:54.085289 13580 scheduler.cpp:127] Query open_sockets finished after: 186 milliseconds I1015 15:29:59.907388 13580 scheduler.cpp:112] Executing scheduled query pack_live_query_3_running_processes_windows_sophos I1015 15:30:00.038398 13580 scheduler.cpp:127] Query pack_live_query_3_running_processes_windows_sophos finished after: 130 milliseconds I1015 15:30:07.186324 13580 scheduler.cpp:112] Executing scheduled query vulnerability_outlook_flags I1015 15:30:07.228338 13580 scheduler.cpp:127] Query vulnerability_outlook_flags finished after: 41 milliseconds I1015 15:30:07.247329 13580 query.cpp:117] New Epoch 1633830848 for scheduled query vulnerability_outlook_flags I1015 15:30:26.661562 13580 scheduler.cpp:112] Executing scheduled query pack_live_query_3_running_processes_windows_sophos I1015 15:30:31.972985 13580 scheduler.cpp:127] Query pack_live_query_3_running_processes_windows_sophos finished after: 5311 milliseconds I1015 15:30:32.662581 13580 scheduler.cpp:112] Executing scheduled query open_sockets I1015 15:30:32.684434 13580 processes.cpp:366] Failed to lookup path information for process 4 I1015 15:30:32.685434 13580 processes.cpp:338] Failed to get PEB UPP for 4 with 0 I1015 15:30:32.685434 13580 processes.cpp:380] Failed to get cwd for 4 with 0 I1015 15:30:32.685434 13580 processes.cpp:272] Failed to get PEB UPP for 4 with 0 I1015 15:30:32.685434 13580 processes.cpp:338] Failed to get PEB UPP for 312 with 5 I1015 15:30:32.685434 13580 processes.cpp:380] Failed to get cwd for 312 with 5 I1015 15:30:32.686435 13580 processes.cpp:338] Failed to get PEB UPP for 408 with 5 I1015 15:30:32.686435 13580 processes.cpp:380] Failed to get cwd for 408 with 5 I1015 15:30:32.687435 13580 processes.cpp:338] Failed to get PEB UPP for 496 with 5 I1015 15:30:32.687435 13580 processes.cpp:380] Failed to get cwd for 496 with 5 I1015 15:30:32.688436 13580 processes.cpp:338] Failed to get PEB UPP for 592 with 5 I1015 15:30:32.688436 13580 processes.cpp:380] Failed to get cwd for 592 with 5 I1015 15:30:32.706436 13580 processes.cpp:338] Failed to get PEB UPP for 9320 with 5 I1015 15:30:32.706436 13580 processes.cpp:380] Failed to get cwd for 9320 with 5 I1015 15:30:32.794450 13580 scheduler.cpp:127] Query open_sockets finished after: 131 milliseconds I1015 15:30:32.871450 13580 scheduler.cpp:112] Executing scheduled query pack_live_query_3_changed_files_windows_sophos I1015 15:30:33.593509 13580 scheduler.cpp:127] Query pack_live_query_3_changed_files_windows_sophos finished after: 721 milliseconds I1015 15:30:33.610509 13580 query.cpp:122] Scheduled query has been updated: pack_live_query_3_changed_files_windows_sophos I1015 15:30:48.503453 13580 scheduler.cpp:112] Executing scheduled query pack_live_query_3_ioc_windows_registry_malware_sdbot I1015 15:30:48.676465 13580 scheduler.cpp:127] Query pack_live_query_3_ioc_windows_registry_malware_sdbot finished after: 173 milliseconds I1015 15:30:48.694463 13580 query.cpp:122] Scheduled query has been updated: pack_live_query_3_ioc_windows_registry_malware_sdbot I1015 15:30:49.504091 13580 scheduler.cpp:112] Executing scheduled query pack_live_query_3_running_processes_windows_sophos I1015 15:30:49.661098 13580 scheduler.cpp:127] Query pack_live_query_3_running_processes_windows_sophos finished after: 157 milliseconds I1015 15:30:59.633533 13580 scheduler.cpp:112] Executing scheduled query pack_live_query_2_windows_event_invalid_logon I1015 15:31:02.960021 13580 scheduler.cpp:127] Query pack_live_query_2_windows_event_invalid_logon finished after: 3326 milliseconds I1015 15:31:02.980026 13580 query.cpp:117] New Epoch 1633830848 for scheduled query pack_live_query_2_windows_event_invalid_logon I1015 15:31:03.024029 13580 scheduler.cpp:112] Executing scheduled query pack_live_query_3_sophos_urls_windows I1015 15:31:03.092046 13580 scheduler.cpp:127] Query pack_live_query_3_sophos_urls_windows finished after: 67 milliseconds I1015 15:31:03.109035 13580 query.cpp:122] Scheduled query has been updated: pack_live_query_3_sophos_urls_windows I1015 15:31:08.638104 13580 scheduler.cpp:112] Executing scheduled query open_sockets I1015 15:31:08.672093 13580 processes.cpp:366] Failed to lookup path information for process 4 I1015 15:31:08.672093 13580 processes.cpp:338] Failed to get PEB UPP for 4 with 0 I1015 15:31:08.672093 13580 processes.cpp:380] Failed to get cwd for 4 with 0 I1015 15:31:08.673094 13580 processes.cpp:272] Failed to get PEB UPP for 4 with 0 I1015 15:31:08.673094 13580 processes.cpp:338] Failed to get PEB UPP for 312 with 5 I1015 15:31:08.673094 13580 processes.cpp:380] Failed to get cwd for 312 with 5 I1015 15:31:08.674095 13580 processes.cpp:338] Failed to get PEB UPP for 408 with 5 I1015 15:31:08.674095 13580 processes.cpp:380] Failed to get cwd for 408 with 5 I1015 15:31:08.675094 13580 processes.cpp:338] Failed to get PEB UPP for 496 with 5 I1015 15:31:08.675094 13580 processes.cpp:380] Failed to get cwd for 496 with 5 I1015 15:31:08.676095 13580 processes.cpp:338] Failed to get PEB UPP for 592 with 5 I1015 15:31:08.676095 13580 processes.cpp:380] Failed to get cwd for 592 with 5 I1015 15:31:08.720098 13580 processes.cpp:338] Failed to get PEB UPP for 9320 with 5 I1015 15:31:08.720098 13580 processes.cpp:380] Failed to get cwd for 9320 with 5 I1015 15:31:08.797103 13580 scheduler.cpp:127] Query open_sockets finished after: 159 milliseconds I1015 15:31:11.639194 13580 scheduler.cpp:112] Executing scheduled query pack_live_query_3_running_processes_windows_sophos I1015 15:31:11.765194 13580 scheduler.cpp:127] Query pack_live_query_3_running_processes_windows_sophos finished after: 126 milliseconds I1015 15:31:32.978471 13580 scheduler.cpp:112] Executing scheduled query pack_live_query_3_running_processes_windows_sophos I1015 15:31:33.077338 13580 scheduler.cpp:127] Query pack_live_query_3_running_processes_windows_sophos finished after: 99 milliseconds I1015 15:31:38.130842 13580 scheduler.cpp:112] Executing scheduled query pack_live_query_3_changed_files_windows_sophos I1015 15:31:38.327854 13580 scheduler.cpp:127] Query pack_live_query_3_changed_files_windows_sophos finished after: 197 milliseconds I1015 15:31:42.596835 13580 scheduler.cpp:112] Executing scheduled query open_sockets I1015 15:31:42.623836 13580 processes.cpp:366] Failed to lookup path information for process 4 I1015 15:31:42.623836 13580 processes.cpp:338] Failed to get PEB UPP for 4 with 0 I1015 15:31:42.623836 13580 processes.cpp:380] Failed to get cwd for 4 with 0 I1015 15:31:42.624835 13580 processes.cpp:272] Failed to get PEB UPP for 4 with 0 I1015 15:31:42.624835 13580 processes.cpp:338] Failed to get PEB UPP for 312 with 5 I1015 15:31:42.624835 13580 processes.cpp:380] Failed to get cwd for 312 with 5 I1015 15:31:42.625835 13580 processes.cpp:338] Failed to get PEB UPP for 408 with 5 I1015 15:31:42.625835 13580 processes.cpp:380] Failed to get cwd for 408 with 5 I1015 15:31:42.626834 13580 processes.cpp:338] Failed to get PEB UPP for 496 with 5 I1015 15:31:42.626834 13580 processes.cpp:380] Failed to get cwd for 496 with 5 I1015 15:31:42.627835 13580 processes.cpp:338] Failed to get PEB UPP for 592 with 5 I1015 15:31:42.627835 13580 processes.cpp:380] Failed to get cwd for 592 with 5 I1015 15:31:42.645836 13580 processes.cpp:338] Failed to get PEB UPP for 9320 with 5 I1015 15:31:42.645836 13580 processes.cpp:380] Failed to get cwd for 9320 with 5 I1015 15:31:42.723842 13580 scheduler.cpp:127] Query open_sockets finished after: 127 milliseconds I1015 15:31:49.600262 13580 scheduler.cpp:112] Executing scheduled query pack_live_query_3_ioc_windows_registry_malware_sdbot I1015 15:31:49.706159 13580 scheduler.cpp:127] Query pack_live_query_3_ioc_windows_registry_malware_sdbot finished after: 106 milliseconds I1015 15:31:54.627900 13580 scheduler.cpp:112] Executing scheduled query pack_live_query_3_running_processes_windows_sophos I1015 15:31:54.746912 13580 scheduler.cpp:127] Query pack_live_query_3_running_processes_windows_sophos finished after: 119 milliseconds I1015 15:32:06.907352 13580 scheduler.cpp:112] Executing scheduled query pack_live_query_3_sophos_urls_windows I1015 15:32:06.965337 13580 scheduler.cpp:127] Query pack_live_query_3_sophos_urls_windows finished after: 57 milliseconds I1015 15:32:15.924393 13580 scheduler.cpp:112] Executing scheduled query open_sockets I1015 15:32:15.959398 13580 processes.cpp:366] Failed to lookup path information for process 4 I1015 15:32:15.959398 13580 processes.cpp:338] Failed to get PEB UPP for 4 with 0 I1015 15:32:15.959398 13580 processes.cpp:380] Failed to get cwd for 4 with 0 I1015 15:32:15.959398 13580 processes.cpp:272] Failed to get PEB UPP for 4 with 0 I1015 15:32:15.960397 13580 processes.cpp:338] Failed to get PEB UPP for 312 with 5 I1015 15:32:15.960397 13580 processes.cpp:380] Failed to get cwd for 312 with 5 I1015 15:32:15.960397 13580 processes.cpp:338] Failed to get PEB UPP for 408 with 5 I1015 15:32:15.961398 13580 processes.cpp:380] Failed to get cwd for 408 with 5 I1015 15:32:15.961398 13580 processes.cpp:338] Failed to get PEB UPP for 496 with 5 I1015 15:32:15.961398 13580 processes.cpp:380] Failed to get cwd for 496 with 5 I1015 15:32:15.962399 13580 processes.cpp:338] Failed to get PEB UPP for 592 with 5 I1015 15:32:15.962399 13580 processes.cpp:380] Failed to get cwd for 592 with 5 I1015 15:32:15.985399 13580 processes.cpp:338] Failed to get PEB UPP for 9320 with 5 I1015 15:32:15.985399 13580 processes.cpp:380] Failed to get cwd for 9320 with 5 I1015 15:32:16.062404 13580 scheduler.cpp:127] Query open_sockets finished after: 136 milliseconds I1015 15:32:16.155414 13580 scheduler.cpp:112] Executing scheduled query pack_live_query_3_running_processes_windows_sophos I1015 15:32:16.259423 13580 scheduler.cpp:127] Query pack_live_query_3_running_processes_windows_sophos finished after: 104 milliseconds I1015 15:32:37.138183 13580 scheduler.cpp:112] Executing scheduled query pack_live_query_3_running_processes_windows_sophos I1015 15:32:37.243194 13580 scheduler.cpp:127] Query pack_live_query_3_running_processes_windows_sophos finished after: 104 milliseconds I1015 15:32:41.519100 13580 scheduler.cpp:112] Executing scheduled query pack_live_query_3_changed_files_windows_sophos I1015 15:32:41.650107 13580 scheduler.cpp:127] Query pack_live_query_3_changed_files_windows_sophos finished after: 131 milliseconds I1015 15:32:49.562906 13580 scheduler.cpp:112] Executing scheduled query open_sockets I1015 15:32:49.640911 13580 processes.cpp:366] Failed to lookup path information for process 4 I1015 15:32:49.641913 13580 processes.cpp:338] Failed to get PEB UPP for 4 with 0 I1015 15:32:49.641913 13580 processes.cpp:380] Failed to get cwd for 4 with 0 I1015 15:32:49.641913 13580 processes.cpp:272] Failed to get PEB UPP for 4 with 0 I1015 15:32:49.642913 13580 processes.cpp:338] Failed to get PEB UPP for 312 with 5 I1015 15:32:49.642913 13580 processes.cpp:380] Failed to get cwd for 312 with 5 I1015 15:32:49.642913 13580 processes.cpp:338] Failed to get PEB UPP for 408 with 5 I1015 15:32:49.642913 13580 processes.cpp:380] Failed to get cwd for 408 with 5 I1015 15:32:49.643913 13580 processes.cpp:338] Failed to get PEB UPP for 496 with 5 I1015 15:32:49.643913 13580 processes.cpp:380] Failed to get cwd for 496 with 5 I1015 15:32:49.644914 13580 processes.cpp:338] Failed to get PEB UPP for 592 with 5 I1015 15:32:49.644914 13580 processes.cpp:380] Failed to get cwd for 592 with 5 I1015 15:32:49.665916 13580 processes.cpp:338] Failed to get PEB UPP for 9320 with 5 I1015 15:32:49.665916 13580 processes.cpp:380] Failed to get cwd for 9320 with 5 I1015 15:32:49.752938 13580 scheduler.cpp:127] Query open_sockets finished after: 189 milliseconds I1015 15:32:49.859931 13580 scheduler.cpp:112] Executing scheduled query pack_live_query_3_ioc_windows_registry_malware_sdbot I1015 15:32:49.988782 13580 scheduler.cpp:127] Query pack_live_query_3_ioc_windows_registry_malware_sdbot finished after: 129 milliseconds I1015 15:32:58.594552 13580 scheduler.cpp:112] Executing scheduled query pack_live_query_3_running_processes_windows_sophos I1015 15:32:58.736557 13580 scheduler.cpp:127] Query pack_live_query_3_running_processes_windows_sophos finished after: 142 milliseconds I1015 15:33:13.927160 13580 scheduler.cpp:112] Executing scheduled query vulnerability_uac_disabled I1015 15:33:13.986164 13580 scheduler.cpp:127] Query vulnerability_uac_disabled finished after: 58 milliseconds I1015 15:33:14.003151 13580 query.cpp:117] New Epoch 1633830848 for scheduled query vulnerability_uac_disabled I1015 15:33:14.057227 13580 scheduler.cpp:112] Executing scheduled query pack_live_query_3_access_productivity_documents I1015 15:33:14.111227 13580 scheduler.cpp:127] Query pack_live_query_3_access_productivity_documents finished after: 54 milliseconds I1015 15:33:14.145223 13580 query.cpp:117] New Epoch 1633830848 for scheduled query pack_live_query_3_access_productivity_documents I1015 15:33:14.186236 13580 scheduler.cpp:112] Executing scheduled query pack_live_query_3_sophos_urls_windows I1015 15:33:14.239235 13580 scheduler.cpp:127] Query pack_live_query_3_sophos_urls_windows finished after: 52 milliseconds I1015 15:33:20.945286 13580 scheduler.cpp:112] Executing scheduled query pack_live_query_3_running_processes_windows_sophos I1015 15:33:21.066295 13580 scheduler.cpp:127] Query pack_live_query_3_running_processes_windows_sophos finished after: 121 milliseconds I1015 15:33:23.959287 13580 scheduler.cpp:112] Executing scheduled query open_sockets I1015 15:33:23.994927 13580 processes.cpp:366] Failed to lookup path information for process 4 I1015 15:33:23.994927 13580 processes.cpp:338] Failed to get PEB UPP for 4 with 0 I1015 15:33:23.994927 13580 processes.cpp:380] Failed to get cwd for 4 with 0 I1015 15:33:23.994927 13580 processes.cpp:272] Failed to get PEB UPP for 4 with 0 I1015 15:33:23.995929 13580 processes.cpp:338] Failed to get PEB UPP for 312 with 5 I1015 15:33:23.995929 13580 processes.cpp:380] Failed to get cwd for 312 with 5 I1015 15:33:23.995929 13580 processes.cpp:338] Failed to get PEB UPP for 408 with 5 I1015 15:33:23.995929 13580 processes.cpp:380] Failed to get cwd for 408 with 5 I1015 15:33:23.996928 13580 processes.cpp:338] Failed to get PEB UPP for 496 with 5 I1015 15:33:23.997928 13580 processes.cpp:380] Failed to get cwd for 496 with 5 I1015 15:33:23.997928 13580 processes.cpp:338] Failed to get PEB UPP for 592 with 5 I1015 15:33:23.998929 13580 processes.cpp:380] Failed to get cwd for 592 with 5 I1015 15:33:24.025931 13580 processes.cpp:338] Failed to get PEB UPP for 9320 with 5 I1015 15:33:24.026932 13580 processes.cpp:380] Failed to get cwd for 9320 with 5 I1015 15:33:24.102937 13580 scheduler.cpp:127] Query open_sockets finished after: 142 milliseconds I1015 15:33:41.514442 13580 scheduler.cpp:112] Executing scheduled query pack_live_query_3_sophos_ips_windows W1015 15:34:05.386528 10412 watcher.cpp:360] osqueryd worker (11176) stopping: Memory limits exceeded: 320888832 2021-10-15T13:34:06.229Z ---Process terminated--- I1015 15:34:37.869619 10608 interface.cpp:110] Registering extension (SophosServiceExtension, 20220, version=3.2.1.206, sdk=4.4.0) I1015 15:34:38.249662 13572 interface.cpp:110] Registering extension (sophosmdrextension, 29150, version=2.1.0.65, sdk=) I1015 15:34:38.292652 6888 interface.cpp:110] Registering extension (SophosExtension, 747, version=3.2.1.206, sdk=4.4.0) W1015 15:34:38.819293 9396 config.cpp:325] Scheduled query may have failed: pack_live_query_3_sophos_ips_windows I1015 15:34:41.820823 9396 interfaces.cpp:102] Failed to retrieve network statistics for interface 1 I1015 15:34:41.921833 9396 interfaces.cpp:130] Failed to retrieve physical state for interface 1 I1015 15:34:41.936833 9396 interfaces.cpp:157] Failed to retrieve DHCP and DNS information for interface 1 I1015 15:34:41.948835 9396 interfaces.cpp:102] Failed to retrieve network statistics for interface 13 I1015 15:34:42.193853 4328 scheduler.cpp:112] Executing scheduled query pack_live_query_3_running_processes_windows_sophos I1015 15:34:42.309865 4328 scheduler.cpp:127] Query pack_live_query_3_running_processes_windows_sophos finished after: 115 milliseconds I1015 15:34:57.459303 4328 scheduler.cpp:112] Executing scheduled query pack_live_query_3_ioc_windows_registry_malware_sdbot I1015 15:34:57.524300 4328 scheduler.cpp:127] Query pack_live_query_3_ioc_windows_registry_malware_sdbot finished after: 65 milliseconds I1015 15:35:03.463533 4328 scheduler.cpp:112] Executing scheduled query open_sockets I1015 15:35:03.489531 4328 processes.cpp:366] Failed to lookup path information for process 4 I1015 15:35:03.489531 4328 processes.cpp:338] Failed to get PEB UPP for 4 with 0 I1015 15:35:03.489531 4328 processes.cpp:380] Failed to get cwd for 4 with 0 I1015 15:35:03.489531 4328 processes.cpp:272] Failed to get PEB UPP for 4 with 0 I1015 15:35:03.489531 4328 processes.cpp:338] Failed to get PEB UPP for 312 with 5 I1015 15:35:03.490531 4328 processes.cpp:380] Failed to get cwd for 312 with 5 I1015 15:35:03.490531 4328 processes.cpp:338] Failed to get PEB UPP for 408 with 5 I1015 15:35:03.490531 4328 processes.cpp:380] Failed to get cwd for 408 with 5 I1015 15:35:03.491530 4328 processes.cpp:338] Failed to get PEB UPP for 496 with 5 I1015 15:35:03.491530 4328 processes.cpp:380] Failed to get cwd for 496 with 5 I1015 15:35:03.492530 4328 processes.cpp:338] Failed to get PEB UPP for 592 with 5 I1015 15:35:03.492530 4328 processes.cpp:380] Failed to get cwd for 592 with 5 I1015 15:35:03.514533 4328 processes.cpp:338] Failed to get PEB UPP for 9320 with 5 I1015 15:35:03.514533 4328 processes.cpp:380] Failed to get cwd for 9320 with 5 I1015 15:35:03.711695 4328 scheduler.cpp:127] Query open_sockets finished after: 247 milliseconds I1015 15:35:03.889335 4328 scheduler.cpp:112] Executing scheduled query pack_live_query_3_running_processes_windows_sophos I1015 15:35:09.391791 4328 scheduler.cpp:127] Query pack_live_query_3_running_processes_windows_sophos finished after: 5502 milliseconds I1015 15:35:09.579808 4328 scheduler.cpp:112] Executing scheduled query pack_live_query_2_vulnerability_netlogon_cve_trust_account I1015 15:35:22.640890 4328 scheduler.cpp:127] Query pack_live_query_2_vulnerability_netlogon_cve_trust_account finished after: 13061 milliseconds I1015 15:35:22.646893 4328 query.cpp:117] New Epoch 1633830848 for scheduled query pack_live_query_2_vulnerability_netlogon_cve_trust_account I1015 15:35:24.467813 4328 scheduler.cpp:112] Executing scheduled query pack_live_query_3_running_processes_windows_sophos I1015 15:35:24.622823 4328 scheduler.cpp:127] Query pack_live_query_3_running_processes_windows_sophos finished after: 154 milliseconds I1015 15:35:34.471964 4328 scheduler.cpp:112] Executing scheduled query pack_live_query_3_changed_files_windows_sophos I1015 15:35:34.769412 4328 scheduler.cpp:127] Query pack_live_query_3_changed_files_windows_sophos finished after: 297 milliseconds I1015 15:35:36.473307 4328 scheduler.cpp:112] Executing scheduled query open_sockets I1015 15:35:36.508946 4328 processes.cpp:366] Failed to lookup path information for process 4 I1015 15:35:36.508946 4328 processes.cpp:338] Failed to get PEB UPP for 4 with 0 I1015 15:35:36.508946 4328 processes.cpp:380] Failed to get cwd for 4 with 0 I1015 15:35:36.509946 4328 processes.cpp:272] Failed to get PEB UPP for 4 with 0 I1015 15:35:36.509946 4328 processes.cpp:338] Failed to get PEB UPP for 312 with 5 I1015 15:35:36.509946 4328 processes.cpp:380] Failed to get cwd for 312 with 5 I1015 15:35:36.519950 4328 processes.cpp:338] Failed to get PEB UPP for 408 with 5 I1015 15:35:36.519950 4328 processes.cpp:380] Failed to get cwd for 408 with 5 I1015 15:35:36.520948 4328 processes.cpp:338] Failed to get PEB UPP for 496 with 5 I1015 15:35:36.520948 4328 processes.cpp:380] Failed to get cwd for 496 with 5 I1015 15:35:36.521948 4328 processes.cpp:338] Failed to get PEB UPP for 592 with 5 I1015 15:35:36.521948 4328 processes.cpp:380] Failed to get cwd for 592 with 5 I1015 15:35:36.541949 4328 processes.cpp:338] Failed to get PEB UPP for 9320 with 5 I1015 15:35:36.542949 4328 processes.cpp:380] Failed to get cwd for 9320 with 5 I1015 15:35:36.616955 4328 scheduler.cpp:127] Query open_sockets finished after: 143 milliseconds I1015 15:35:45.520727 4328 scheduler.cpp:112] Executing scheduled query pack_live_query_3_running_processes_windows_sophos I1015 15:35:45.641727 4328 scheduler.cpp:127] Query pack_live_query_3_running_processes_windows_sophos finished after: 120 milliseconds I1015 15:35:45.643730 4328 scheduler.cpp:112] Executing scheduled query pack_live_query_3_sophos_urls_windows I1015 15:35:45.698732 4328 scheduler.cpp:127] Query pack_live_query_3_sophos_urls_windows finished after: 55 milliseconds I1015 15:35:56.528054 4328 scheduler.cpp:112] Executing scheduled query pack_live_query_3_ioc_windows_registry_malware_sdbot I1015 15:35:56.716069 4328 scheduler.cpp:127] Query pack_live_query_3_ioc_windows_registry_malware_sdbot finished after: 187 milliseconds I1015 15:36:06.534229 4328 scheduler.cpp:112] Executing scheduled query pack_live_query_3_running_processes_windows_sophos I1015 15:36:06.665230 4328 scheduler.cpp:127] Query pack_live_query_3_running_processes_windows_sophos finished after: 131 milliseconds I1015 15:36:09.536199 4328 scheduler.cpp:112] Executing scheduled query open_sockets I1015 15:36:09.607374 4328 processes.cpp:366] Failed to lookup path information for process 4 I1015 15:36:09.607374 4328 processes.cpp:338] Failed to get PEB UPP for 4 with 0 I1015 15:36:09.607374 4328 processes.cpp:380] Failed to get cwd for 4 with 0 I1015 15:36:09.607374 4328 processes.cpp:272] Failed to get PEB UPP for 4 with 0 I1015 15:36:09.608373 4328 processes.cpp:338] Failed to get PEB UPP for 312 with 5 I1015 15:36:09.608373 4328 processes.cpp:380] Failed to get cwd for 312 with 5 I1015 15:36:09.609381 4328 processes.cpp:338] Failed to get PEB UPP for 408 with 5 I1015 15:36:09.609381 4328 processes.cpp:380] Failed to get cwd for 408 with 5 I1015 15:36:09.609381 4328 processes.cpp:338] Failed to get PEB UPP for 496 with 5 I1015 15:36:09.610373 4328 processes.cpp:380] Failed to get cwd for 496 with 5 I1015 15:36:09.610373 4328 processes.cpp:338] Failed to get PEB UPP for 592 with 5 I1015 15:36:09.610373 4328 processes.cpp:380] Failed to get cwd for 592 with 5 I1015 15:36:09.629376 4328 processes.cpp:338] Failed to get PEB UPP for 9320 with 5 I1015 15:36:09.629376 4328 processes.cpp:380] Failed to get cwd for 9320 with 5 ... ... ... I1015 16:12:59.483340 11652 scheduler.cpp:127] Query open_sockets finished after: 174 milliseconds I1015 16:13:17.896802 11652 scheduler.cpp:112] Executing scheduled query pack_live_query_3_running_processes_windows_sophos I1015 16:13:18.740574 11652 scheduler.cpp:127] Query pack_live_query_3_running_processes_windows_sophos finished after: 842 milliseconds I1015 16:13:31.990222 11652 scheduler.cpp:112] Executing scheduled query pack_live_query_3_ioc_windows_registry_malware_sdbot I1015 16:13:32.037086 11652 scheduler.cpp:127] Query pack_live_query_3_ioc_windows_registry_malware_sdbot finished after: 52 milliseconds I1015 16:13:32.995754 11652 scheduler.cpp:112] Executing scheduled query open_sockets I1015 16:13:33.027009 11652 processes.cpp:366] Failed to lookup path information for process 4 I1015 16:13:33.027009 11652 processes.cpp:338] Failed to get PEB UPP for 4 with 0 I1015 16:13:33.027009 11652 processes.cpp:380] Failed to get cwd for 4 with 0 I1015 16:13:33.027009 11652 processes.cpp:272] Failed to get PEB UPP for 4 with 0 I1015 16:13:33.027009 11652 processes.cpp:338] Failed to get PEB UPP for 312 with 5 I1015 16:13:33.027009 11652 processes.cpp:380] Failed to get cwd for 312 with 5 I1015 16:13:33.027009 11652 processes.cpp:338] Failed to get PEB UPP for 408 with 5 I1015 16:13:33.027009 11652 processes.cpp:380] Failed to get cwd for 408 with 5 I1015 16:13:33.027009 11652 processes.cpp:338] Failed to get PEB UPP for 496 with 5 I1015 16:13:33.027009 11652 processes.cpp:380] Failed to get cwd for 496 with 5 I1015 16:13:33.027009 11652 processes.cpp:338] Failed to get PEB UPP for 592 with 5 I1015 16:13:33.027009 11652 processes.cpp:380] Failed to get cwd for 592 with 5 I1015 16:13:33.042625 11652 processes.cpp:338] Failed to get PEB UPP for 7688 with 5 I1015 16:13:33.042625 11652 processes.cpp:380] Failed to get cwd for 7688 with 5 I1015 16:13:33.605140 11652 scheduler.cpp:127] Query open_sockets finished after: 620 milliseconds I1015 16:13:39.036528 11652 scheduler.cpp:112] Executing scheduled query pack_live_query_3_running_processes_windows_sophos I1015 16:13:39.161532 11652 scheduler.cpp:127] Query pack_live_query_3_running_processes_windows_sophos finished after: 135 milliseconds I1015 16:13:42.051241 11652 scheduler.cpp:112] Executing scheduled query pack_live_query_3_sophos_urls_windows I1015 16:13:42.160625 11652 scheduler.cpp:127] Query pack_live_query_3_sophos_urls_windows finished after: 110 milliseconds I1015 16:13:56.489948 11652 scheduler.cpp:112] Executing scheduled query pack_live_query_3_changed_files_windows_sophos I1015 16:14:16.323998 11652 scheduler.cpp:127] Query pack_live_query_3_changed_files_windows_sophos finished after: 19467 milliseconds I1015 16:14:16.323998 11652 scheduler.cpp:112] Executing scheduled query pack_live_query_3_running_processes_windows_sophos I1015 16:14:17.152148 11652 scheduler.cpp:127] Query pack_live_query_3_running_processes_windows_sophos finished after: 827 milliseconds I1015 16:14:17.152148 11652 scheduler.cpp:112] Executing scheduled query open_sockets I1015 16:14:17.199028 11652 processes.cpp:366] Failed to lookup path information for process 4 I1015 16:14:17.199028 11652 processes.cpp:338] Failed to get PEB UPP for 4 with 0 I1015 16:14:17.199028 11652 processes.cpp:380] Failed to get cwd for 4 with 0 I1015 16:14:17.199028 11652 processes.cpp:272] Failed to get PEB UPP for 4 with 0 I1015 16:14:17.199028 11652 processes.cpp:338] Failed to get PEB UPP for 312 with 5 I1015 16:14:17.199028 11652 processes.cpp:380] Failed to get cwd for 312 with 5 I1015 16:14:17.199028 11652 processes.cpp:338] Failed to get PEB UPP for 408 with 5 I1015 16:14:17.199028 11652 processes.cpp:380] Failed to get cwd for 408 with 5 I1015 16:14:17.199028 11652 processes.cpp:338] Failed to get PEB UPP for 496 with 5 I1015 16:14:17.199028 11652 processes.cpp:380] Failed to get cwd for 496 with 5 I1015 16:14:17.199028 11652 processes.cpp:338] Failed to get PEB UPP for 592 with 5 I1015 16:14:17.199028 11652 processes.cpp:380] Failed to get cwd for 592 with 5 I1015 16:14:17.214648 11652 processes.cpp:338] Failed to get PEB UPP for 7688 with 5 I1015 16:14:17.214648 11652 processes.cpp:380] Failed to get cwd for 7688 with 5 I1015 16:14:17.292774 11652 scheduler.cpp:127] Query open_sockets finished after: 136 milliseconds I1015 16:14:25.781069 11652 scheduler.cpp:112] Executing scheduled query vulnerability_outlook_flags I1015 16:14:25.897811 11652 scheduler.cpp:127] Query vulnerability_outlook_flags finished after: 116 milliseconds I1015 16:14:25.899811 11652 query.cpp:122] Scheduled query has been updated: vulnerability_outlook_flags I1015 16:14:25.927812 11652 scheduler.cpp:112] Executing scheduled query pack_live_query_3_running_processes_windows_sophos I1015 16:14:46.661126 11652 scheduler.cpp:127] Query pack_live_query_3_running_processes_windows_sophos finished after: 20737 milliseconds I1015 16:14:47.989284 11652 scheduler.cpp:112] Executing scheduled query pack_live_query_3_sophos_ips_windows
SophosOsqueryExtension.log:
i 2021-10-15T00:03:03.544Z [11840:10032] - Extension socket: \\.\pipe\sophoslivequery_mb7qSDpVkY.sock [Extension.cpp:116 ExtensionRunner] i 2021-10-15T00:03:03.545Z [11840:10032] - Extension cache entry limit: 1000 [Extension.cpp:117 ExtensionRunner] i 2021-10-15T00:03:03.545Z [11840:10032] - Extension resource usage limit: 262144000 bytes and resource check frequency: 50 rows [Extension.cpp:120 ExtensionRunner] i 2021-10-15T00:03:03.545Z [11840:10032] - Extension internal flag: 0 [Extension.cpp:121 ExtensionRunner] i 2021-10-15T00:03:03.545Z [11840:10032] - Extension max JRL attempts: 10 [Extension.cpp:122 ExtensionRunner] i 2021-10-15T00:03:03.545Z [11840:10032] - Extension JRL memory limit: 157286400 [Extension.cpp:123 ExtensionRunner] i 2021-10-15T00:03:03.645Z [11840:10032] - SED sync comms initialized [Extension.cpp:143 ExtensionRunner] i 2021-10-15T00:03:03.694Z [11840:10032] - Starting Extension (SophosExtension) [OsqueryExtension.cpp:94 OsquerySDK::internal::Extension::Start] i 2021-10-15T00:03:03.732Z [11840:10032] - Registered Extension (SophosExtension, 29626) [OsqueryExtension.cpp:124 OsquerySDK::internal::Extension::Start] i 2021-10-15T00:53:32.182Z [2708:13040] - Extension socket: \\.\pipe\sophoslivequery_U8Xeb482mq.sock [Extension.cpp:116 ExtensionRunner] i 2021-10-15T00:53:32.182Z [2708:13040] - Extension cache entry limit: 1000 [Extension.cpp:117 ExtensionRunner] i 2021-10-15T00:53:32.182Z [2708:13040] - Extension resource usage limit: 262144000 bytes and resource check frequency: 50 rows [Extension.cpp:120 ExtensionRunner] i 2021-10-15T00:53:32.182Z [2708:13040] - Extension internal flag: 0 [Extension.cpp:121 ExtensionRunner] i 2021-10-15T00:53:32.182Z [2708:13040] - Extension max JRL attempts: 10 [Extension.cpp:122 ExtensionRunner] i 2021-10-15T00:53:32.182Z [2708:13040] - Extension JRL memory limit: 157286400 [Extension.cpp:123 ExtensionRunner] i 2021-10-15T00:53:32.983Z [2708:13040] - SED sync comms initialized [Extension.cpp:143 ExtensionRunner] i 2021-10-15T00:53:32.986Z [2708:13040] - Starting Extension (SophosExtension) [OsqueryExtension.cpp:94 OsquerySDK::internal::Extension::Start] i 2021-10-15T00:53:33.054Z [2708:13040] - Registered Extension (SophosExtension, 10046) [OsqueryExtension.cpp:124 OsquerySDK::internal::Extension::Start] i 2021-10-15T12:19:11.439Z [2544:7140] - Extension socket: \\.\pipe\sophoslivequery_MgwNX22Pmq.sock [Extension.cpp:116 ExtensionRunner] i 2021-10-15T12:19:11.448Z [2544:7140] - Extension cache entry limit: 1000 [Extension.cpp:117 ExtensionRunner] i 2021-10-15T12:19:11.448Z [2544:7140] - Extension resource usage limit: 262144000 bytes and resource check frequency: 50 rows [Extension.cpp:120 ExtensionRunner] i 2021-10-15T12:19:11.448Z [2544:7140] - Extension internal flag: 0 [Extension.cpp:121 ExtensionRunner] i 2021-10-15T12:19:11.448Z [2544:7140] - Extension max JRL attempts: 10 [Extension.cpp:122 ExtensionRunner] i 2021-10-15T12:19:11.448Z [2544:7140] - Extension JRL memory limit: 157286400 [Extension.cpp:123 ExtensionRunner] i 2021-10-15T12:19:11.469Z [2544:7140] - SED sync comms initialized [Extension.cpp:143 ExtensionRunner] i 2021-10-15T12:19:12.204Z [2544:7140] - Starting Extension (SophosExtension) [OsqueryExtension.cpp:94 OsquerySDK::internal::Extension::Start] i 2021-10-15T12:19:12.227Z [2544:7140] - Registered Extension (SophosExtension, 14931) [OsqueryExtension.cpp:124 OsquerySDK::internal::Extension::Start] e 2021-10-15T12:19:56.361Z [2544:8140] - Private Usage exceeded: 157519872 > 157286400 [ResourceUsageHelper.cpp:33 ResourceUsageHelper::CheckIfExceeded] i 2021-10-15T12:19:56.361Z [2544:8140] - Resource usage exceeded, returning rows generated so far: query_id=sophos_ips_windows, attempt=1 [OsqueryJournalEventGenerator.cpp:133 OsqueryJournalEventGenerator::GetJournalEvents] e 2021-10-15T12:20:28.090Z [2544:11148] - Private Usage exceeded: 178876416 > 157286400 [ResourceUsageHelper.cpp:33 ResourceUsageHelper::CheckIfExceeded] i 2021-10-15T12:20:28.091Z [2544:11148] - Resource usage exceeded, returning rows generated so far: query_id=running_processes_windows_sophos, attempt=1 [OsqueryJournalEventGenerator.cpp:133 OsqueryJournalEventGenerator::GetJournalEvents] i 2021-10-15T13:16:43.193Z [12076:10872] - Extension socket: \\.\pipe\sophoslivequery_rtJtpyQv6T.sock [Extension.cpp:116 ExtensionRunner] i 2021-10-15T13:16:43.194Z [12076:10872] - Extension cache entry limit: 1000 [Extension.cpp:117 ExtensionRunner] i 2021-10-15T13:16:43.194Z [12076:10872] - Extension resource usage limit: 262144000 bytes and resource check frequency: 50 rows [Extension.cpp:120 ExtensionRunner] i 2021-10-15T13:16:43.194Z [12076:10872] - Extension internal flag: 0 [Extension.cpp:121 ExtensionRunner] i 2021-10-15T13:16:43.194Z [12076:10872] - Extension max JRL attempts: 10 [Extension.cpp:122 ExtensionRunner] i 2021-10-15T13:16:43.194Z [12076:10872] - Extension JRL memory limit: 157286400 [Extension.cpp:123 ExtensionRunner] i 2021-10-15T13:16:43.374Z [12076:10872] - SED sync comms initialized [Extension.cpp:143 ExtensionRunner] i 2021-10-15T13:16:43.414Z [12076:10872] - Starting Extension (SophosExtension) [OsqueryExtension.cpp:94 OsquerySDK::internal::Extension::Start] i 2021-10-15T13:16:43.439Z [12076:10872] - Registered Extension (SophosExtension, 2377) [OsqueryExtension.cpp:124 OsquerySDK::internal::Extension::Start] i 2021-10-15T13:16:53.846Z [12076:13856] - Resetting JRL attempt counter: query_id=running_processes_windows_sophos [OsqueryJournalEventGenerator.cpp:151 OsqueryJournalEventGenerator::GetJournalEvents] e 2021-10-15T13:33:53.174Z [12076:2876] - Private Usage exceeded: 204029952 > 157286400 [ResourceUsageHelper.cpp:33 ResourceUsageHelper::CheckIfExceeded] i 2021-10-15T13:33:53.175Z [12076:2876] - Resource usage exceeded, returning rows generated so far: query_id=sophos_ips_windows, attempt=2 [OsqueryJournalEventGenerator.cpp:133 OsqueryJournalEventGenerator::GetJournalEvents] i 2021-10-15T13:34:38.142Z [13292:2748] - Extension socket: \\.\pipe\sophoslivequery_W8nXYi1jUO.sock [Extension.cpp:116 ExtensionRunner] i 2021-10-15T13:34:38.143Z [13292:2748] - Extension cache entry limit: 1000 [Extension.cpp:117 ExtensionRunner] i 2021-10-15T13:34:38.143Z [13292:2748] - Extension resource usage limit: 262144000 bytes and resource check frequency: 50 rows [Extension.cpp:120 ExtensionRunner] i 2021-10-15T13:34:38.143Z [13292:2748] - Extension internal flag: 0 [Extension.cpp:121 ExtensionRunner] i 2021-10-15T13:34:38.143Z [13292:2748] - Extension max JRL attempts: 10 [Extension.cpp:122 ExtensionRunner] i 2021-10-15T13:34:38.143Z [13292:2748] - Extension JRL memory limit: 157286400 [Extension.cpp:123 ExtensionRunner] i 2021-10-15T13:34:38.239Z [13292:2748] - SED sync comms initialized [Extension.cpp:143 ExtensionRunner] i 2021-10-15T13:34:38.280Z [13292:2748] - Starting Extension (SophosExtension) [OsqueryExtension.cpp:94 OsquerySDK::internal::Extension::Start] i 2021-10-15T13:34:38.315Z [13292:2748] - Registered Extension (SophosExtension, 747) [OsqueryExtension.cpp:124 OsquerySDK::internal::Extension::Start] i 2021-10-15T13:40:34.959Z [2968: 628] - Extension socket: \\.\pipe\sophoslivequery_puDVl1akFe.sock [Extension.cpp:116 ExtensionRunner] i 2021-10-15T13:40:34.959Z [2968: 628] - Extension cache entry limit: 1000 [Extension.cpp:117 ExtensionRunner] i 2021-10-15T13:40:34.959Z [2968: 628] - Extension resource usage limit: 262144000 bytes and resource check frequency: 50 rows [Extension.cpp:120 ExtensionRunner] i 2021-10-15T13:40:34.959Z [2968: 628] - Extension internal flag: 0 [Extension.cpp:121 ExtensionRunner] i 2021-10-15T13:40:34.959Z [2968: 628] - Extension max JRL attempts: 10 [Extension.cpp:122 ExtensionRunner] i 2021-10-15T13:40:34.959Z [2968: 628] - Extension JRL memory limit: 157286400 [Extension.cpp:123 ExtensionRunner] i 2021-10-15T13:40:35.056Z [2968: 628] - SED sync comms initialized [Extension.cpp:143 ExtensionRunner] i 2021-10-15T13:40:35.101Z [2968: 628] - Starting Extension (SophosExtension) [OsqueryExtension.cpp:94 OsquerySDK::internal::Extension::Start] i 2021-10-15T13:40:35.131Z [2968: 628] - Registered Extension (SophosExtension, 13506) [OsqueryExtension.cpp:124 OsquerySDK::internal::Extension::Start] e 2021-10-15T13:41:41.235Z [2968:8592] - Private Usage exceeded: 158453760 > 157286400 [ResourceUsageHelper.cpp:33 ResourceUsageHelper::CheckIfExceeded] i 2021-10-15T13:41:41.235Z [2968:8592] - Resource usage exceeded, returning rows generated so far: query_id=sophos_ips_windows, attempt=3 [OsqueryJournalEventGenerator.cpp:133 OsqueryJournalEventGenerator::GetJournalEvents] e 2021-10-15T13:52:16.707Z [2968:1732] - Private Usage exceeded: 184889344 > 157286400 [ResourceUsageHelper.cpp:33 ResourceUsageHelper::CheckIfExceeded] i 2021-10-15T13:52:16.707Z [2968:1732] - Resource usage exceeded, returning rows generated so far: query_id=sophos_ips_windows, attempt=4 [OsqueryJournalEventGenerator.cpp:133 OsqueryJournalEventGenerator::GetJournalEvents] i 2021-10-15T13:52:52.995Z [13788:13224] - Extension socket: \\.\pipe\sophoslivequery_Y0Z8rtNpJw.sock [Extension.cpp:116 ExtensionRunner] i 2021-10-15T13:52:52.995Z [13788:13224] - Extension cache entry limit: 1000 [Extension.cpp:117 ExtensionRunner] i 2021-10-15T13:52:52.995Z [13788:13224] - Extension resource usage limit: 262144000 bytes and resource check frequency: 50 rows [Extension.cpp:120 ExtensionRunner] i 2021-10-15T13:52:52.995Z [13788:13224] - Extension internal flag: 0 [Extension.cpp:121 ExtensionRunner] i 2021-10-15T13:52:52.995Z [13788:13224] - Extension max JRL attempts: 10 [Extension.cpp:122 ExtensionRunner] i 2021-10-15T13:52:52.995Z [13788:13224] - Extension JRL memory limit: 157286400 [Extension.cpp:123 ExtensionRunner] i 2021-10-15T13:52:53.001Z [13788:13224] - SED sync comms initialized [Extension.cpp:143 ExtensionRunner] i 2021-10-15T13:52:53.169Z [13788:13224] - Starting Extension (SophosExtension) [OsqueryExtension.cpp:94 OsquerySDK::internal::Extension::Start] i 2021-10-15T13:52:53.225Z [13788:13224] - Registered Extension (SophosExtension, 16052) [OsqueryExtension.cpp:124 OsquerySDK::internal::Extension::Start] i 2021-10-15T13:57:53.659Z [11216:5088] - Extension socket: \\.\pipe\sophoslivequery_nepxXZSRrq.sock [Extension.cpp:116 ExtensionRunner] i 2021-10-15T13:57:53.659Z [11216:5088] - Extension cache entry limit: 1000 [Extension.cpp:117 ExtensionRunner] i 2021-10-15T13:57:53.659Z [11216:5088] - Extension resource usage limit: 262144000 bytes and resource check frequency: 50 rows [Extension.cpp:120 ExtensionRunner] i 2021-10-15T13:57:53.659Z [11216:5088] - Extension internal flag: 0 [Extension.cpp:121 ExtensionRunner] i 2021-10-15T13:57:53.659Z [11216:5088] - Extension max JRL attempts: 10 [Extension.cpp:122 ExtensionRunner] i 2021-10-15T13:57:53.659Z [11216:5088] - Extension JRL memory limit: 157286400 [Extension.cpp:123 ExtensionRunner] i 2021-10-15T13:57:53.764Z [11216:5088] - SED sync comms initialized [Extension.cpp:143 ExtensionRunner] i 2021-10-15T13:57:53.800Z [11216:5088] - Starting Extension (SophosExtension) [OsqueryExtension.cpp:94 OsquerySDK::internal::Extension::Start] i 2021-10-15T13:57:53.822Z [11216:5088] - Registered Extension (SophosExtension, 22816) [OsqueryExtension.cpp:124 OsquerySDK::internal::Extension::Start] e 2021-10-15T14:02:10.677Z [11216:4492] - Private Usage exceeded: 180285440 > 157286400 [ResourceUsageHelper.cpp:33 ResourceUsageHelper::CheckIfExceeded] i 2021-10-15T14:02:10.678Z [11216:4492] - Resource usage exceeded, returning rows generated so far: query_id=sophos_ips_windows, attempt=5 [OsqueryJournalEventGenerator.cpp:133 OsqueryJournalEventGenerator::GetJournalEvents] e 2021-10-15T14:15:47.720Z [11216:12632] - Private Usage exceeded: 218484736 > 157286400 [ResourceUsageHelper.cpp:33 ResourceUsageHelper::CheckIfExceeded] i 2021-10-15T14:15:47.738Z [11216:12632] - Resource usage exceeded, returning rows generated so far: query_id=sophos_ips_windows, attempt=6 [OsqueryJournalEventGenerator.cpp:133 OsqueryJournalEventGenerator::GetJournalEvents]
SophosMTRExtension.log:
2021-10-15T02:03:03.556+0200 info sophos.logger logging configured {"fileName": "C:\\ProgramData\\Sophos\\Live Query\\Logs\\SophosMTRExtension.log", "maxSizeMB": 10, "maxBackups": 3, "level": "info", "maxAgeInDays": 30}
2021-10-15T02:03:03.640+0200 info sophos.logger default logger updated
2021-10-15T02:03:03.640+0200 info sophos Sophos MTR Extension 2.1.0.65 - Commit 4cf9e440aedc818512dbfeb5f63d3c98cc5ae4c2
2021-10-15T02:03:03.640+0200 info sophos Registering sophosmdrextension
2021-10-15T02:51:25.671+0200 error sophos server run error: extension ping failed: i/o timeout
2021-10-15T02:53:32.265+0200 info sophos.logger logging configured {"fileName": "C:\\ProgramData\\Sophos\\Live Query\\Logs\\SophosMTRExtension.log", "maxSizeMB": 10, "maxBackups": 3, "level": "info", "maxAgeInDays": 30}
2021-10-15T02:53:32.349+0200 info sophos.logger default logger updated
2021-10-15T02:53:32.349+0200 info sophos Sophos MTR Extension 2.1.0.65 - Commit 4cf9e440aedc818512dbfeb5f63d3c98cc5ae4c2
2021-10-15T02:53:32.349+0200 info sophos Registering sophosmdrextension
2021-10-15T14:19:11.451+0200 info sophos.logger logging configured {"fileName": "C:\\ProgramData\\Sophos\\Live Query\\Logs\\SophosMTRExtension.log", "maxSizeMB": 10, "maxBackups": 3, "level": "info", "maxAgeInDays": 30}
2021-10-15T14:19:12.160+0200 info sophos.logger default logger updated
2021-10-15T14:19:12.160+0200 info sophos Sophos MTR Extension 2.1.0.65 - Commit 4cf9e440aedc818512dbfeb5f63d3c98cc5ae4c2
2021-10-15T14:19:12.160+0200 info sophos Registering sophosmdrextension
2021-10-15T15:16:43.233+0200 info sophos.logger logging configured {"fileName": "C:\\ProgramData\\Sophos\\Live Query\\Logs\\SophosMTRExtension.log", "maxSizeMB": 10, "maxBackups": 3, "level": "info", "maxAgeInDays": 30}
2021-10-15T15:16:43.365+0200 info sophos.logger default logger updated
2021-10-15T15:16:43.365+0200 info sophos Sophos MTR Extension 2.1.0.65 - Commit 4cf9e440aedc818512dbfeb5f63d3c98cc5ae4c2
2021-10-15T15:16:43.365+0200 info sophos Registering sophosmdrextension
2021-10-15T15:34:38.148+0200 info sophos.logger logging configured {"fileName": "C:\\ProgramData\\Sophos\\Live Query\\Logs\\SophosMTRExtension.log", "maxSizeMB": 10, "maxBackups": 3, "level": "info", "maxAgeInDays": 30}
2021-10-15T15:34:38.233+0200 info sophos.logger default logger updated
2021-10-15T15:34:38.233+0200 info sophos Sophos MTR Extension 2.1.0.65 - Commit 4cf9e440aedc818512dbfeb5f63d3c98cc5ae4c2
2021-10-15T15:34:38.233+0200 info sophos Registering sophosmdrextension
2021-10-15T15:39:42.038+0200 error sophos server run error: extension ping failed: i/o timeout
2021-10-15T15:40:34.968+0200 info sophos.logger logging configured {"fileName": "C:\\ProgramData\\Sophos\\Live Query\\Logs\\SophosMTRExtension.log", "maxSizeMB": 10, "maxBackups": 3, "level": "info", "maxAgeInDays": 30}
2021-10-15T15:40:35.050+0200 info sophos.logger default logger updated
2021-10-15T15:40:35.050+0200 info sophos Sophos MTR Extension 2.1.0.65 - Commit 4cf9e440aedc818512dbfeb5f63d3c98cc5ae4c2
2021-10-15T15:40:35.050+0200 info sophos Registering sophosmdrextension
2021-10-15T15:52:53.029+0200 info sophos.logger logging configured {"fileName": "C:\\ProgramData\\Sophos\\Live Query\\Logs\\SophosMTRExtension.log", "maxSizeMB": 10, "maxBackups": 3, "level": "info", "maxAgeInDays": 30}
2021-10-15T15:52:53.133+0200 info sophos.logger default logger updated
2021-10-15T15:52:53.133+0200 info sophos Sophos MTR Extension 2.1.0.65 - Commit 4cf9e440aedc818512dbfeb5f63d3c98cc5ae4c2
2021-10-15T15:52:53.133+0200 info sophos Registering sophosmdrextension
2021-10-15T15:57:04.187+0200 error sophos server run error: extension ping failed: i/o timeout
2021-10-15T15:57:53.668+0200 info sophos.logger logging configured {"fileName": "C:\\ProgramData\\Sophos\\Live Query\\Logs\\SophosMTRExtension.log", "maxSizeMB": 10, "maxBackups": 3, "level": "info", "maxAgeInDays": 30}
2021-10-15T15:57:53.759+0200 info sophos.logger default logger updated
2021-10-15T15:57:53.759+0200 info sophos Sophos MTR Extension 2.1.0.65 - Commit 4cf9e440aedc818512dbfeb5f63d3c98cc5ae4c2
2021-10-15T15:57:53.759+0200 info sophos Registering sophosmdrextension
Auto Update Log filtered for Query:
Line 61: 2021-10-15T10:18:01.726Z [ 3240:12072] [v6.7.352.0] INFO [I95020] sdds.CSP_2-18-2_10-8-10-3.1: looking for packages included from product LiveQuery64 3.2.1.206 path=livequery64 Line 61: 2021-10-15T10:18:01.726Z [ 3240:12072] [v6.7.352.0] INFO [I95020] sdds.CSP_2-18-2_10-8-10-3.1: looking for packages included from product LiveQuery64 3.2.1.206 path=livequery64 Line 62: 2021-10-15T10:18:01.726Z [ 3240:12072] [v6.7.352.0] INFO [I22529] sdds.CSP_2-18-2_10-8-10-3.1: looking for supplements included from product LiveQuery64 3.2.1.206 path=livequery64 Line 62: 2021-10-15T10:18:01.726Z [ 3240:12072] [v6.7.352.0] INFO [I22529] sdds.CSP_2-18-2_10-8-10-3.1: looking for supplements included from product LiveQuery64 3.2.1.206 path=livequery64 Line 63: 2021-10-15T10:18:01.922Z [ 3240:12072] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 63: 2021-10-15T10:18:01.922Z [ 3240:12072] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 63: 2021-10-15T10:18:01.922Z [ 3240:12072] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 63: 2021-10-15T10:18:01.922Z [ 3240:12072] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 63: 2021-10-15T10:18:01.922Z [ 3240:12072] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 64: 2021-10-15T10:18:01.922Z [ 3240:12072] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 64: 2021-10-15T10:18:01.922Z [ 3240:12072] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 64: 2021-10-15T10:18:01.922Z [ 3240:12072] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 64: 2021-10-15T10:18:01.922Z [ 3240:12072] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 64: 2021-10-15T10:18:01.922Z [ 3240:12072] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 111: 2021-10-15T10:18:02.861Z [ 3240:12072] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 111: 2021-10-15T10:18:02.861Z [ 3240:12072] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 111: 2021-10-15T10:18:02.861Z [ 3240:12072] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 112: 2021-10-15T10:18:02.862Z [ 3240:12072] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 112: 2021-10-15T10:18:02.862Z [ 3240:12072] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 112: 2021-10-15T10:18:02.862Z [ 3240:12072] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 113: 2021-10-15T10:18:02.862Z [ 3240:12072] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 113: 2021-10-15T10:18:02.862Z [ 3240:12072] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 113: 2021-10-15T10:18:02.862Z [ 3240:12072] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 114: 2021-10-15T10:18:02.863Z [ 3240:12072] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 114: 2021-10-15T10:18:02.863Z [ 3240:12072] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 114: 2021-10-15T10:18:02.863Z [ 3240:12072] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 162: 2021-10-15T10:18:08.252Z [ 3240:12072] [v6.7.352.0] INFO [I19463] Syncing product LiveQuery64 3.2.1.206 path=livequery64 Line 162: 2021-10-15T10:18:08.252Z [ 3240:12072] [v6.7.352.0] INFO [I19463] Syncing product LiveQuery64 3.2.1.206 path=livequery64 Line 236: 2021-10-15T10:18:10.071Z [ 3240:12072] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 236: 2021-10-15T10:18:10.071Z [ 3240:12072] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 236: 2021-10-15T10:18:10.071Z [ 3240:12072] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 239: 2021-10-15T10:18:10.129Z [ 3240:12072] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 239: 2021-10-15T10:18:10.129Z [ 3240:12072] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 239: 2021-10-15T10:18:10.129Z [ 3240:12072] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 241: 2021-10-15T10:18:10.149Z [ 3240:12072] [v6.7.352.0] INFO [I19464] Syncing file c63707cbfdc6a933bf4cb7f51c0cc220x000.dat: 117933 bytes: livequery64/scheduled_query_pack_next/sophos-scheduled-query-pack.conf Line 241: 2021-10-15T10:18:10.149Z [ 3240:12072] [v6.7.352.0] INFO [I19464] Syncing file c63707cbfdc6a933bf4cb7f51c0cc220x000.dat: 117933 bytes: livequery64/scheduled_query_pack_next/sophos-scheduled-query-pack.conf Line 241: 2021-10-15T10:18:10.149Z [ 3240:12072] [v6.7.352.0] INFO [I19464] Syncing file c63707cbfdc6a933bf4cb7f51c0cc220x000.dat: 117933 bytes: livequery64/scheduled_query_pack_next/sophos-scheduled-query-pack.conf Line 243: 2021-10-15T10:18:10.168Z [ 3240:12072] [v6.7.352.0] INFO [I19464] Syncing file 7f24ac62a4de8cc9817c3565eb213991x000.dat: 8217 bytes: livequery64/scheduled_query_pack_next/sophos-scheduled-query-pack.manifest.dat Line 243: 2021-10-15T10:18:10.168Z [ 3240:12072] [v6.7.352.0] INFO [I19464] Syncing file 7f24ac62a4de8cc9817c3565eb213991x000.dat: 8217 bytes: livequery64/scheduled_query_pack_next/sophos-scheduled-query-pack.manifest.dat Line 243: 2021-10-15T10:18:10.168Z [ 3240:12072] [v6.7.352.0] INFO [I19464] Syncing file 7f24ac62a4de8cc9817c3565eb213991x000.dat: 8217 bytes: livequery64/scheduled_query_pack_next/sophos-scheduled-query-pack.manifest.dat Line 245: 2021-10-15T10:18:10.182Z [ 3240:12072] [v6.7.352.0] INFO [I19464] Syncing file 9b0fabb2dd628d12a5cfce4e49a9f322x000.dat: 19730 bytes: livequery64/scheduled_query_pack_next/sophos-scheduled-query-pack.mtr.conf Line 245: 2021-10-15T10:18:10.182Z [ 3240:12072] [v6.7.352.0] INFO [I19464] Syncing file 9b0fabb2dd628d12a5cfce4e49a9f322x000.dat: 19730 bytes: livequery64/scheduled_query_pack_next/sophos-scheduled-query-pack.mtr.conf Line 245: 2021-10-15T10:18:10.182Z [ 3240:12072] [v6.7.352.0] INFO [I19464] Syncing file 9b0fabb2dd628d12a5cfce4e49a9f322x000.dat: 19730 bytes: livequery64/scheduled_query_pack_next/sophos-scheduled-query-pack.mtr.conf Line 247: 2021-10-15T10:18:10.196Z [ 3240:12072] [v6.7.352.0] INFO [I19464] Syncing file 0dcb97034e58a42ea2fbedd6a28bb918x000.dat: 29963 bytes: livequery64/scheduled_query_pack_next/sophos-scheduled-query-pack.mtr-e.conf Line 247: 2021-10-15T10:18:10.196Z [ 3240:12072] [v6.7.352.0] INFO [I19464] Syncing file 0dcb97034e58a42ea2fbedd6a28bb918x000.dat: 29963 bytes: livequery64/scheduled_query_pack_next/sophos-scheduled-query-pack.mtr-e.conf Line 247: 2021-10-15T10:18:10.196Z [ 3240:12072] [v6.7.352.0] INFO [I19464] Syncing file 0dcb97034e58a42ea2fbedd6a28bb918x000.dat: 29963 bytes: livequery64/scheduled_query_pack_next/sophos-scheduled-query-pack.mtr-e.conf Line 249: 2021-10-15T10:18:10.212Z [ 3240:12072] [v6.7.352.0] INFO [I19464] Syncing file 87825b7cc3c776c0d70a72e8112657d6x000.dat: 5 bytes: livequery64/scheduled_query_pack_next/version.txt Line 249: 2021-10-15T10:18:10.212Z [ 3240:12072] [v6.7.352.0] INFO [I19464] Syncing file 87825b7cc3c776c0d70a72e8112657d6x000.dat: 5 bytes: livequery64/scheduled_query_pack_next/version.txt Line 408: 2021-10-15T10:18:40.042Z [ 3240:12072] [v6.7.352.0] INFO [I46431] Decoding file C:/ProgramData/Sophos/AutoUpdate/Cache/decoded/livequery64/scheduled_query_pack_next/sophos-scheduled-query-pack.conf Line 408: 2021-10-15T10:18:40.042Z [ 3240:12072] [v6.7.352.0] INFO [I46431] Decoding file C:/ProgramData/Sophos/AutoUpdate/Cache/decoded/livequery64/scheduled_query_pack_next/sophos-scheduled-query-pack.conf Line 408: 2021-10-15T10:18:40.042Z [ 3240:12072] [v6.7.352.0] INFO [I46431] Decoding file C:/ProgramData/Sophos/AutoUpdate/Cache/decoded/livequery64/scheduled_query_pack_next/sophos-scheduled-query-pack.conf Line 409: 2021-10-15T10:18:40.051Z [ 3240:12072] [v6.7.352.0] INFO [I46431] Decoding file C:/ProgramData/Sophos/AutoUpdate/Cache/decoded/livequery64/scheduled_query_pack_next/sophos-scheduled-query-pack.manifest.dat Line 409: 2021-10-15T10:18:40.051Z [ 3240:12072] [v6.7.352.0] INFO [I46431] Decoding file C:/ProgramData/Sophos/AutoUpdate/Cache/decoded/livequery64/scheduled_query_pack_next/sophos-scheduled-query-pack.manifest.dat Line 409: 2021-10-15T10:18:40.051Z [ 3240:12072] [v6.7.352.0] INFO [I46431] Decoding file C:/ProgramData/Sophos/AutoUpdate/Cache/decoded/livequery64/scheduled_query_pack_next/sophos-scheduled-query-pack.manifest.dat Line 410: 2021-10-15T10:18:40.058Z [ 3240:12072] [v6.7.352.0] INFO [I46431] Decoding file C:/ProgramData/Sophos/AutoUpdate/Cache/decoded/livequery64/scheduled_query_pack_next/sophos-scheduled-query-pack.mtr.conf Line 410: 2021-10-15T10:18:40.058Z [ 3240:12072] [v6.7.352.0] INFO [I46431] Decoding file C:/ProgramData/Sophos/AutoUpdate/Cache/decoded/livequery64/scheduled_query_pack_next/sophos-scheduled-query-pack.mtr.conf Line 410: 2021-10-15T10:18:40.058Z [ 3240:12072] [v6.7.352.0] INFO [I46431] Decoding file C:/ProgramData/Sophos/AutoUpdate/Cache/decoded/livequery64/scheduled_query_pack_next/sophos-scheduled-query-pack.mtr.conf Line 411: 2021-10-15T10:18:40.064Z [ 3240:12072] [v6.7.352.0] INFO [I46431] Decoding file C:/ProgramData/Sophos/AutoUpdate/Cache/decoded/livequery64/scheduled_query_pack_next/sophos-scheduled-query-pack.mtr-e.conf Line 411: 2021-10-15T10:18:40.064Z [ 3240:12072] [v6.7.352.0] INFO [I46431] Decoding file C:/ProgramData/Sophos/AutoUpdate/Cache/decoded/livequery64/scheduled_query_pack_next/sophos-scheduled-query-pack.mtr-e.conf Line 411: 2021-10-15T10:18:40.064Z [ 3240:12072] [v6.7.352.0] INFO [I46431] Decoding file C:/ProgramData/Sophos/AutoUpdate/Cache/decoded/livequery64/scheduled_query_pack_next/sophos-scheduled-query-pack.mtr-e.conf Line 412: 2021-10-15T10:18:40.073Z [ 3240:12072] [v6.7.352.0] INFO [I46431] Decoding file C:/ProgramData/Sophos/AutoUpdate/Cache/decoded/livequery64/scheduled_query_pack_next/version.txt Line 412: 2021-10-15T10:18:40.073Z [ 3240:12072] [v6.7.352.0] INFO [I46431] Decoding file C:/ProgramData/Sophos/AutoUpdate/Cache/decoded/livequery64/scheduled_query_pack_next/version.txt Line 549: 2021-10-15T10:21:18.732Z [ 3240:12072] [v6.7.352.0] INFO Installing component LiveQuery64 3.2.1.206. Line 550: 2021-10-15T10:21:18.735Z [ 3240:12072] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\livequery64\manifest.dat Line 551: 2021-10-15T10:21:19.830Z [ 3240:12072] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\livequery64\scheduled_query_pack_latest\sophos-scheduled-query-pack.manifest.dat Line 551: 2021-10-15T10:21:19.830Z [ 3240:12072] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\livequery64\scheduled_query_pack_latest\sophos-scheduled-query-pack.manifest.dat Line 551: 2021-10-15T10:21:19.830Z [ 3240:12072] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\livequery64\scheduled_query_pack_latest\sophos-scheduled-query-pack.manifest.dat Line 552: 2021-10-15T10:21:19.846Z [ 3240:12072] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\livequery64\scheduled_query_pack_next\sophos-scheduled-query-pack.manifest.dat Line 552: 2021-10-15T10:21:19.846Z [ 3240:12072] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\livequery64\scheduled_query_pack_next\sophos-scheduled-query-pack.manifest.dat Line 552: 2021-10-15T10:21:19.846Z [ 3240:12072] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\livequery64\scheduled_query_pack_next\sophos-scheduled-query-pack.manifest.dat Line 553: 2021-10-15T10:21:19.861Z [ 3240:12072] [v6.7.352.0] INFO setupDll='C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\livequery64\setup.dll'; setupExe='C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\su-setup32.exe'. Line 554: 2021-10-15T10:21:20.020Z [ 8796: 9680] [v6.7.352.0] INFO Trying to load setup.dll of product LiveQuery64 3.2.1.206. Line 555: 2021-10-15T10:21:20.111Z [ 8796: 9680] [v6.7.352.0] INFO Setup DLL loaded C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\livequery64\setup.dll. Line 556: 2021-10-15T10:21:20.117Z [ 8796: 9680] [v6.7.352.0] INFO Trying interface IProductSetup2 of product LiveQuery64 3.2.1.206. Line 559: 2021-10-15T10:23:23.720Z [ 8796: 9680] [v6.7.352.0] WARN Failed to install product LiveQuery64 3.2.1.206. Line 561: 2021-10-15T10:23:24.587Z [ 3240:12072] [v6.7.352.0] INFO Processing install failed Health event for: LiveQuery64 (Sophos Live Query (64-bit)) Line 561: 2021-10-15T10:23:24.587Z [ 3240:12072] [v6.7.352.0] INFO Processing install failed Health event for: LiveQuery64 (Sophos Live Query (64-bit)) Line 563: 2021-10-15T10:23:24.588Z [ 3240:12072] [v6.7.352.0] INFO Saving intermediate state after installing LiveQuery64 Line 613: 2021-10-15T11:17:49.570Z [ 4240: 7536] [v6.7.352.0] INFO Features: APPCNTRL AV CLEAN CORE DLP DVCCNTRL EFW FIM HBT LIVEQUERY LIVETERMINAL MTD NTP SAV SDU WEBCNTRL XPD Line 650: 2021-10-15T11:17:53.170Z [ 4240: 7536] [v6.7.352.0] INFO Including LiveQuery64 3.2.1.206: livequery64/* Line 650: 2021-10-15T11:17:53.170Z [ 4240: 7536] [v6.7.352.0] INFO Including LiveQuery64 3.2.1.206: livequery64/* Line 696: 2021-10-15T11:17:55.952Z [ 4240: 7536] [v6.7.352.0] INFO [I45378] sdds.CSP_2-18-2_10-8-10-3.1: found included product LiveQuery64 3.2.1.206 path=livequery64 baseVersion= [included from product WindowsCloudServer 1.8.10.202 path=] Line 696: 2021-10-15T11:17:55.952Z [ 4240: 7536] [v6.7.352.0] INFO [I45378] sdds.CSP_2-18-2_10-8-10-3.1: found included product LiveQuery64 3.2.1.206 path=livequery64 baseVersion= [included from product WindowsCloudServer 1.8.10.202 path=] Line 759: 2021-10-15T11:17:57.880Z [ 4240: 7536] [v6.7.352.0] INFO [I95020] sdds.CSP_2-18-2_10-8-10-3.1: looking for packages included from product LiveQuery64 3.2.1.206 path=livequery64 Line 759: 2021-10-15T11:17:57.880Z [ 4240: 7536] [v6.7.352.0] INFO [I95020] sdds.CSP_2-18-2_10-8-10-3.1: looking for packages included from product LiveQuery64 3.2.1.206 path=livequery64 Line 760: 2021-10-15T11:17:57.880Z [ 4240: 7536] [v6.7.352.0] INFO [I22529] sdds.CSP_2-18-2_10-8-10-3.1: looking for supplements included from product LiveQuery64 3.2.1.206 path=livequery64 Line 760: 2021-10-15T11:17:57.880Z [ 4240: 7536] [v6.7.352.0] INFO [I22529] sdds.CSP_2-18-2_10-8-10-3.1: looking for supplements included from product LiveQuery64 3.2.1.206 path=livequery64 Line 761: 2021-10-15T11:17:57.975Z [ 4240: 7536] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 761: 2021-10-15T11:17:57.975Z [ 4240: 7536] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 761: 2021-10-15T11:17:57.975Z [ 4240: 7536] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 761: 2021-10-15T11:17:57.975Z [ 4240: 7536] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 761: 2021-10-15T11:17:57.975Z [ 4240: 7536] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 762: 2021-10-15T11:17:57.975Z [ 4240: 7536] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 762: 2021-10-15T11:17:57.975Z [ 4240: 7536] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 762: 2021-10-15T11:17:57.975Z [ 4240: 7536] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 762: 2021-10-15T11:17:57.975Z [ 4240: 7536] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 762: 2021-10-15T11:17:57.975Z [ 4240: 7536] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 809: 2021-10-15T11:17:58.551Z [ 4240: 7536] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 809: 2021-10-15T11:17:58.551Z [ 4240: 7536] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 809: 2021-10-15T11:17:58.551Z [ 4240: 7536] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 810: 2021-10-15T11:17:58.551Z [ 4240: 7536] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 810: 2021-10-15T11:17:58.551Z [ 4240: 7536] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 810: 2021-10-15T11:17:58.551Z [ 4240: 7536] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 811: 2021-10-15T11:17:58.551Z [ 4240: 7536] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 811: 2021-10-15T11:17:58.551Z [ 4240: 7536] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 811: 2021-10-15T11:17:58.551Z [ 4240: 7536] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 812: 2021-10-15T11:17:58.552Z [ 4240: 7536] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 812: 2021-10-15T11:17:58.552Z [ 4240: 7536] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 812: 2021-10-15T11:17:58.552Z [ 4240: 7536] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 860: 2021-10-15T11:18:01.021Z [ 4240: 7536] [v6.7.352.0] INFO [I19463] Syncing product LiveQuery64 3.2.1.206 path=livequery64 Line 860: 2021-10-15T11:18:01.021Z [ 4240: 7536] [v6.7.352.0] INFO [I19463] Syncing product LiveQuery64 3.2.1.206 path=livequery64 Line 880: 2021-10-15T11:18:01.805Z [ 4240: 7536] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 880: 2021-10-15T11:18:01.805Z [ 4240: 7536] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 880: 2021-10-15T11:18:01.805Z [ 4240: 7536] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 881: 2021-10-15T11:18:01.815Z [ 4240: 7536] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 881: 2021-10-15T11:18:01.815Z [ 4240: 7536] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 881: 2021-10-15T11:18:01.815Z [ 4240: 7536] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 928: 2021-10-15T11:18:47.499Z [ 4240: 7536] [v6.7.352.0] INFO Installing component LiveQuery64 3.2.1.206. Line 929: 2021-10-15T11:18:47.505Z [ 4240: 7536] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\livequery64\manifest.dat Line 930: 2021-10-15T11:18:48.568Z [ 4240: 7536] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\livequery64\scheduled_query_pack_latest\sophos-scheduled-query-pack.manifest.dat Line 930: 2021-10-15T11:18:48.568Z [ 4240: 7536] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\livequery64\scheduled_query_pack_latest\sophos-scheduled-query-pack.manifest.dat Line 930: 2021-10-15T11:18:48.568Z [ 4240: 7536] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\livequery64\scheduled_query_pack_latest\sophos-scheduled-query-pack.manifest.dat Line 931: 2021-10-15T11:18:48.584Z [ 4240: 7536] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\livequery64\scheduled_query_pack_next\sophos-scheduled-query-pack.manifest.dat Line 931: 2021-10-15T11:18:48.584Z [ 4240: 7536] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\livequery64\scheduled_query_pack_next\sophos-scheduled-query-pack.manifest.dat Line 931: 2021-10-15T11:18:48.584Z [ 4240: 7536] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\livequery64\scheduled_query_pack_next\sophos-scheduled-query-pack.manifest.dat Line 932: 2021-10-15T11:18:48.599Z [ 4240: 7536] [v6.7.352.0] INFO setupDll='C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\livequery64\setup.dll'; setupExe='C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\su-setup32.exe'. Line 933: 2021-10-15T11:18:48.777Z [ 1380: 5440] [v6.7.352.0] INFO Trying to load setup.dll of product LiveQuery64 3.2.1.206. Line 934: 2021-10-15T11:18:48.860Z [ 1380: 5440] [v6.7.352.0] INFO Setup DLL loaded C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\livequery64\setup.dll. Line 935: 2021-10-15T11:18:48.860Z [ 1380: 5440] [v6.7.352.0] INFO Trying interface IProductSetup2 of product LiveQuery64 3.2.1.206. Line 938: 2021-10-15T11:19:27.261Z [ 1380: 5440] [v6.7.352.0] WARN Failed to install product LiveQuery64 3.2.1.206. Line 941: 2021-10-15T11:19:27.494Z [ 4240: 7536] [v6.7.352.0] INFO Saving intermediate state after installing LiveQuery64 Line 964: 2021-10-15T12:17:49.706Z [13092:11208] [v6.7.352.0] INFO Features: APPCNTRL AV CLEAN CORE DLP DVCCNTRL EFW FIM HBT LIVEQUERY LIVETERMINAL MTD NTP SAV SDU WEBCNTRL XPD Line 1001: 2021-10-15T12:17:53.249Z [13092:11208] [v6.7.352.0] INFO Including LiveQuery64 3.2.1.206: livequery64/* Line 1001: 2021-10-15T12:17:53.249Z [13092:11208] [v6.7.352.0] INFO Including LiveQuery64 3.2.1.206: livequery64/* Line 1047: 2021-10-15T12:17:56.372Z [13092:11208] [v6.7.352.0] INFO [I45378] sdds.CSP_2-18-2_10-8-10-3.1: found included product LiveQuery64 3.2.1.206 path=livequery64 baseVersion= [included from product WindowsCloudServer 1.8.10.202 path=] Line 1047: 2021-10-15T12:17:56.372Z [13092:11208] [v6.7.352.0] INFO [I45378] sdds.CSP_2-18-2_10-8-10-3.1: found included product LiveQuery64 3.2.1.206 path=livequery64 baseVersion= [included from product WindowsCloudServer 1.8.10.202 path=] Line 1110: 2021-10-15T12:17:57.651Z [13092:11208] [v6.7.352.0] INFO [I95020] sdds.CSP_2-18-2_10-8-10-3.1: looking for packages included from product LiveQuery64 3.2.1.206 path=livequery64 Line 1110: 2021-10-15T12:17:57.651Z [13092:11208] [v6.7.352.0] INFO [I95020] sdds.CSP_2-18-2_10-8-10-3.1: looking for packages included from product LiveQuery64 3.2.1.206 path=livequery64 Line 1111: 2021-10-15T12:17:57.652Z [13092:11208] [v6.7.352.0] INFO [I22529] sdds.CSP_2-18-2_10-8-10-3.1: looking for supplements included from product LiveQuery64 3.2.1.206 path=livequery64 Line 1111: 2021-10-15T12:17:57.652Z [13092:11208] [v6.7.352.0] INFO [I22529] sdds.CSP_2-18-2_10-8-10-3.1: looking for supplements included from product LiveQuery64 3.2.1.206 path=livequery64 Line 1112: 2021-10-15T12:17:57.742Z [13092:11208] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1112: 2021-10-15T12:17:57.742Z [13092:11208] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1112: 2021-10-15T12:17:57.742Z [13092:11208] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1112: 2021-10-15T12:17:57.742Z [13092:11208] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1112: 2021-10-15T12:17:57.742Z [13092:11208] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1113: 2021-10-15T12:17:57.742Z [13092:11208] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1113: 2021-10-15T12:17:57.742Z [13092:11208] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1113: 2021-10-15T12:17:57.742Z [13092:11208] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1113: 2021-10-15T12:17:57.742Z [13092:11208] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1113: 2021-10-15T12:17:57.742Z [13092:11208] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1160: 2021-10-15T12:17:58.244Z [13092:11208] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 1160: 2021-10-15T12:17:58.244Z [13092:11208] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 1160: 2021-10-15T12:17:58.244Z [13092:11208] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 1161: 2021-10-15T12:17:58.244Z [13092:11208] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 1161: 2021-10-15T12:17:58.244Z [13092:11208] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 1161: 2021-10-15T12:17:58.244Z [13092:11208] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 1162: 2021-10-15T12:17:58.245Z [13092:11208] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 1162: 2021-10-15T12:17:58.245Z [13092:11208] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 1162: 2021-10-15T12:17:58.245Z [13092:11208] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 1163: 2021-10-15T12:17:58.245Z [13092:11208] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 1163: 2021-10-15T12:17:58.245Z [13092:11208] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 1163: 2021-10-15T12:17:58.245Z [13092:11208] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 1211: 2021-10-15T12:18:01.027Z [13092:11208] [v6.7.352.0] INFO [I19463] Syncing product LiveQuery64 3.2.1.206 path=livequery64 Line 1211: 2021-10-15T12:18:01.027Z [13092:11208] [v6.7.352.0] INFO [I19463] Syncing product LiveQuery64 3.2.1.206 path=livequery64 Line 1231: 2021-10-15T12:18:02.104Z [13092:11208] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 1231: 2021-10-15T12:18:02.104Z [13092:11208] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 1231: 2021-10-15T12:18:02.104Z [13092:11208] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 1232: 2021-10-15T12:18:02.117Z [13092:11208] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 1232: 2021-10-15T12:18:02.117Z [13092:11208] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 1232: 2021-10-15T12:18:02.117Z [13092:11208] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 1279: 2021-10-15T12:18:52.604Z [13092:11208] [v6.7.352.0] INFO Installing component LiveQuery64 3.2.1.206. Line 1280: 2021-10-15T12:18:52.615Z [13092:11208] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\livequery64\manifest.dat Line 1281: 2021-10-15T12:18:53.669Z [13092:11208] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\livequery64\scheduled_query_pack_latest\sophos-scheduled-query-pack.manifest.dat Line 1281: 2021-10-15T12:18:53.669Z [13092:11208] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\livequery64\scheduled_query_pack_latest\sophos-scheduled-query-pack.manifest.dat Line 1281: 2021-10-15T12:18:53.669Z [13092:11208] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\livequery64\scheduled_query_pack_latest\sophos-scheduled-query-pack.manifest.dat Line 1282: 2021-10-15T12:18:53.684Z [13092:11208] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\livequery64\scheduled_query_pack_next\sophos-scheduled-query-pack.manifest.dat Line 1282: 2021-10-15T12:18:53.684Z [13092:11208] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\livequery64\scheduled_query_pack_next\sophos-scheduled-query-pack.manifest.dat Line 1282: 2021-10-15T12:18:53.684Z [13092:11208] [v6.7.352.0] INFO Checking manifest:C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\livequery64\scheduled_query_pack_next\sophos-scheduled-query-pack.manifest.dat Line 1283: 2021-10-15T12:18:53.705Z [13092:11208] [v6.7.352.0] INFO setupDll='C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\livequery64\setup.dll'; setupExe='C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\su-setup32.exe'. Line 1284: 2021-10-15T12:18:53.897Z [11112:11252] [v6.7.352.0] INFO Trying to load setup.dll of product LiveQuery64 3.2.1.206. Line 1285: 2021-10-15T12:18:53.983Z [11112:11252] [v6.7.352.0] INFO Setup DLL loaded C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\livequery64\setup.dll. Line 1286: 2021-10-15T12:18:53.992Z [11112:11252] [v6.7.352.0] INFO Trying interface IProductSetup2 of product LiveQuery64 3.2.1.206. Line 1289: 2021-10-15T12:19:01.989Z [11112:11252] [v6.7.352.0] INFO Successfully installed product LiveQuery64 3.2.1.206. Line 1290: 2021-10-15T12:19:02.020Z [13092:11208] [v6.7.352.0] INFO Processing install succeeded Health event for: LiveQuery64 (Sophos Live Query (64-bit)) Line 1290: 2021-10-15T12:19:02.020Z [13092:11208] [v6.7.352.0] INFO Processing install succeeded Health event for: LiveQuery64 (Sophos Live Query (64-bit)) Line 1292: 2021-10-15T12:19:02.021Z [13092:11208] [v6.7.352.0] INFO Saving intermediate state after installing LiveQuery64 Line 1316: 2021-10-15T13:17:50.471Z [ 1136: 4420] [v6.7.352.0] INFO Features: APPCNTRL AV CLEAN CORE DLP DVCCNTRL EFW FIM HBT LIVEQUERY LIVETERMINAL MTD NTP SAV SDU WEBCNTRL XPD Line 1353: 2021-10-15T13:17:54.715Z [ 1136: 4420] [v6.7.352.0] INFO Including LiveQuery64 3.2.1.206: livequery64/* Line 1353: 2021-10-15T13:17:54.715Z [ 1136: 4420] [v6.7.352.0] INFO Including LiveQuery64 3.2.1.206: livequery64/* Line 1399: 2021-10-15T13:17:57.613Z [ 1136: 4420] [v6.7.352.0] INFO [I45378] sdds.CSP_2-18-2_10-8-10-3.1: found included product LiveQuery64 3.2.1.206 path=livequery64 baseVersion= [included from product WindowsCloudServer 1.8.10.202 path=] Line 1399: 2021-10-15T13:17:57.613Z [ 1136: 4420] [v6.7.352.0] INFO [I45378] sdds.CSP_2-18-2_10-8-10-3.1: found included product LiveQuery64 3.2.1.206 path=livequery64 baseVersion= [included from product WindowsCloudServer 1.8.10.202 path=] Line 1462: 2021-10-15T13:17:59.060Z [ 1136: 4420] [v6.7.352.0] INFO [I95020] sdds.CSP_2-18-2_10-8-10-3.1: looking for packages included from product LiveQuery64 3.2.1.206 path=livequery64 Line 1462: 2021-10-15T13:17:59.060Z [ 1136: 4420] [v6.7.352.0] INFO [I95020] sdds.CSP_2-18-2_10-8-10-3.1: looking for packages included from product LiveQuery64 3.2.1.206 path=livequery64 Line 1463: 2021-10-15T13:17:59.060Z [ 1136: 4420] [v6.7.352.0] INFO [I22529] sdds.CSP_2-18-2_10-8-10-3.1: looking for supplements included from product LiveQuery64 3.2.1.206 path=livequery64 Line 1463: 2021-10-15T13:17:59.060Z [ 1136: 4420] [v6.7.352.0] INFO [I22529] sdds.CSP_2-18-2_10-8-10-3.1: looking for supplements included from product LiveQuery64 3.2.1.206 path=livequery64 Line 1464: 2021-10-15T13:17:59.168Z [ 1136: 4420] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1464: 2021-10-15T13:17:59.168Z [ 1136: 4420] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1464: 2021-10-15T13:17:59.168Z [ 1136: 4420] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1464: 2021-10-15T13:17:59.168Z [ 1136: 4420] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1464: 2021-10-15T13:17:59.168Z [ 1136: 4420] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1465: 2021-10-15T13:17:59.168Z [ 1136: 4420] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1465: 2021-10-15T13:17:59.168Z [ 1136: 4420] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1465: 2021-10-15T13:17:59.168Z [ 1136: 4420] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1465: 2021-10-15T13:17:59.168Z [ 1136: 4420] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1465: 2021-10-15T13:17:59.168Z [ 1136: 4420] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1512: 2021-10-15T13:17:59.716Z [ 1136: 4420] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 1512: 2021-10-15T13:17:59.716Z [ 1136: 4420] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 1512: 2021-10-15T13:17:59.716Z [ 1136: 4420] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 1513: 2021-10-15T13:17:59.716Z [ 1136: 4420] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 1513: 2021-10-15T13:17:59.716Z [ 1136: 4420] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 1513: 2021-10-15T13:17:59.716Z [ 1136: 4420] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 1514: 2021-10-15T13:17:59.716Z [ 1136: 4420] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 1514: 2021-10-15T13:17:59.716Z [ 1136: 4420] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 1514: 2021-10-15T13:17:59.716Z [ 1136: 4420] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 1515: 2021-10-15T13:17:59.717Z [ 1136: 4420] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 1515: 2021-10-15T13:17:59.717Z [ 1136: 4420] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 1515: 2021-10-15T13:17:59.717Z [ 1136: 4420] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 1563: 2021-10-15T13:18:01.392Z [ 1136: 4420] [v6.7.352.0] INFO [I19463] Syncing product LiveQuery64 3.2.1.206 path=livequery64 Line 1563: 2021-10-15T13:18:01.392Z [ 1136: 4420] [v6.7.352.0] INFO [I19463] Syncing product LiveQuery64 3.2.1.206 path=livequery64 Line 1583: 2021-10-15T13:18:01.935Z [ 1136: 4420] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 1583: 2021-10-15T13:18:01.935Z [ 1136: 4420] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 1583: 2021-10-15T13:18:01.935Z [ 1136: 4420] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 1584: 2021-10-15T13:18:01.949Z [ 1136: 4420] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 1584: 2021-10-15T13:18:01.949Z [ 1136: 4420] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 1584: 2021-10-15T13:18:01.949Z [ 1136: 4420] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 1629: 2021-10-15T13:18:27.433Z [ 1136: 4420] [v6.7.352.0] INFO Skipped installation of component LiveQuery64 3.2.1.206 Line 1651: 2021-10-15T14:17:50.080Z [14304: 9468] [v6.7.352.0] INFO Features: APPCNTRL AV CLEAN CORE DLP DVCCNTRL EFW FIM HBT LIVEQUERY LIVETERMINAL MTD NTP SAV SDU WEBCNTRL XPD Line 1688: 2021-10-15T14:17:54.615Z [14304: 9468] [v6.7.352.0] INFO Including LiveQuery64 3.2.1.206: livequery64/* Line 1688: 2021-10-15T14:17:54.615Z [14304: 9468] [v6.7.352.0] INFO Including LiveQuery64 3.2.1.206: livequery64/* Line 1734: 2021-10-15T14:17:57.731Z [14304: 9468] [v6.7.352.0] INFO [I45378] sdds.CSP_2-18-2_10-8-10-3.1: found included product LiveQuery64 3.2.1.206 path=livequery64 baseVersion= [included from product WindowsCloudServer 1.8.10.202 path=] Line 1734: 2021-10-15T14:17:57.731Z [14304: 9468] [v6.7.352.0] INFO [I45378] sdds.CSP_2-18-2_10-8-10-3.1: found included product LiveQuery64 3.2.1.206 path=livequery64 baseVersion= [included from product WindowsCloudServer 1.8.10.202 path=] Line 1797: 2021-10-15T14:17:59.340Z [14304: 9468] [v6.7.352.0] INFO [I95020] sdds.CSP_2-18-2_10-8-10-3.1: looking for packages included from product LiveQuery64 3.2.1.206 path=livequery64 Line 1797: 2021-10-15T14:17:59.340Z [14304: 9468] [v6.7.352.0] INFO [I95020] sdds.CSP_2-18-2_10-8-10-3.1: looking for packages included from product LiveQuery64 3.2.1.206 path=livequery64 Line 1798: 2021-10-15T14:17:59.340Z [14304: 9468] [v6.7.352.0] INFO [I22529] sdds.CSP_2-18-2_10-8-10-3.1: looking for supplements included from product LiveQuery64 3.2.1.206 path=livequery64 Line 1798: 2021-10-15T14:17:59.340Z [14304: 9468] [v6.7.352.0] INFO [I22529] sdds.CSP_2-18-2_10-8-10-3.1: looking for supplements included from product LiveQuery64 3.2.1.206 path=livequery64 Line 1799: 2021-10-15T14:17:59.447Z [14304: 9468] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1799: 2021-10-15T14:17:59.447Z [14304: 9468] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1799: 2021-10-15T14:17:59.447Z [14304: 9468] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1799: 2021-10-15T14:17:59.447Z [14304: 9468] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1799: 2021-10-15T14:17:59.447Z [14304: 9468] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1800: 2021-10-15T14:17:59.447Z [14304: 9468] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1800: 2021-10-15T14:17:59.447Z [14304: 9468] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1800: 2021-10-15T14:17:59.447Z [14304: 9468] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1800: 2021-10-15T14:17:59.447Z [14304: 9468] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1800: 2021-10-15T14:17:59.447Z [14304: 9468] [v6.7.352.0] INFO [I49502] sdds.scheduled_qp.xml: found supplement ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next baseVersion= [included from product LiveQuery64 3.2.1.206 path=livequery64] Line 1847: 2021-10-15T14:17:59.981Z [14304: 9468] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 1847: 2021-10-15T14:17:59.981Z [14304: 9468] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 1847: 2021-10-15T14:17:59.981Z [14304: 9468] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 1848: 2021-10-15T14:17:59.981Z [14304: 9468] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 1848: 2021-10-15T14:17:59.981Z [14304: 9468] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 1848: 2021-10-15T14:17:59.981Z [14304: 9468] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 1849: 2021-10-15T14:17:59.982Z [14304: 9468] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 1849: 2021-10-15T14:17:59.982Z [14304: 9468] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 1849: 2021-10-15T14:17:59.982Z [14304: 9468] [v6.7.352.0] INFO [I95020] sdds.scheduled_qp.xml: looking for packages included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 1850: 2021-10-15T14:17:59.982Z [14304: 9468] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 1850: 2021-10-15T14:17:59.982Z [14304: 9468] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 1850: 2021-10-15T14:17:59.982Z [14304: 9468] [v6.7.352.0] INFO [I22529] sdds.scheduled_qp.xml: looking for supplements included from product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 1898: 2021-10-15T14:18:01.879Z [14304: 9468] [v6.7.352.0] INFO [I19463] Syncing product LiveQuery64 3.2.1.206 path=livequery64 Line 1898: 2021-10-15T14:18:01.879Z [14304: 9468] [v6.7.352.0] INFO [I19463] Syncing product LiveQuery64 3.2.1.206 path=livequery64 Line 1918: 2021-10-15T14:18:02.410Z [14304: 9468] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 1918: 2021-10-15T14:18:02.410Z [14304: 9468] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 1918: 2021-10-15T14:18:02.410Z [14304: 9468] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack LATEST path=livequery64/scheduled_query_pack_latest Line 1919: 2021-10-15T14:18:02.422Z [14304: 9468] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 1919: 2021-10-15T14:18:02.422Z [14304: 9468] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 1919: 2021-10-15T14:18:02.422Z [14304: 9468] [v6.7.352.0] INFO [I19463] Syncing product ScheduledQueryPack NEXT path=livequery64/scheduled_query_pack_next Line 1968: 2021-10-15T14:18:43.965Z [14304: 9468] [v6.7.352.0] INFO Skipped installation of component LiveQuery64 3.2.1.206
SophosOsquery.log has always reocourring errors:
I1015 16:14:17.199028 11652 processes.cpp:366] Failed to lookup path information for process 4
I1015 16:14:17.199028 11652 processes.cpp:338] Failed to get PEB UPP for 4 with 0
I1015 16:14:17.199028 11652 processes.cpp:380] Failed to get cwd for 4 with 0
I1015 16:14:17.199028 11652 processes.cpp:272] Failed to get PEB UPP for 4 with 0
I1015 16:14:17.199028 11652 processes.cpp:338] Failed to get PEB UPP for 312 with 5
I1015 16:14:17.199028 11652 processes.cpp:380] Failed to get cwd for 312 with 5
I1015 16:14:17.199028 11652 processes.cpp:338] Failed to get PEB UPP for 408 with 5
I1015 16:14:17.199028 11652 processes.cpp:380] Failed to get cwd for 408 with 5
I1015 16:14:17.199028 11652 processes.cpp:338] Failed to get PEB UPP for 496 with 5
I1015 16:14:17.199028 11652 processes.cpp:380] Failed to get cwd for 496 with 5
I1015 16:14:17.199028 11652 processes.cpp:338] Failed to get PEB UPP for 592 with 5
I1015 16:14:17.199028 11652 processes.cpp:380] Failed to get cwd for 592 with 5
I1015 16:14:17.214648 11652 processes.cpp:338] Failed to get PEB UPP for 7688 with 5
I1015 16:14:17.214648 11652 processes.cpp:380] Failed to get cwd for 7688 with 5
SophosMTRExtension.log is showing this error repeatedly.
2021-10-15T15:52:53.133+0200 info sophos Registering sophosmdrextension
2021-10-15T15:57:04.187+0200 error sophos server run error: extension ping failed: i/o timeout
We're no MTR customer, why is it trying to register something with MTR all the time?
Couple of questions here:
1) are you running Live queries against this machine?
2) have you turned on data lake hydration?
Based on the errors in those logs - I suggest you open a support case. We will need an SDU from the machine (Endpoint UI > About > Endpoint Self Help > SDU) and a process monitor capture to see what is going on.
Does the activity ever die down?
Hi,
thanks for your reply. We were not running queries against that machines. Data Lake uploads is enabled.I wonder if we could somehow recreate the CPU spikes caused by the updateprocess. But except restoring a VM backup I have no idea how we could do that.
The CPU activity went normal after that hour shown in the screenshot above.
This is still happening all the time, causing some big logs:
SophosOsquery.log
I1018 10:58:16.352298 7404 scheduler.cpp:112] Executing scheduled query open_sockets
I1018 10:58:17.492595 7404 processes.cpp:366] Failed to lookup path information for process 4
I1018 10:58:17.492595 7404 processes.cpp:338] Failed to get PEB UPP for 4 with 0
I1018 10:58:17.492595 7404 processes.cpp:380] Failed to get cwd for 4 with 0
I1018 10:58:17.492595 7404 processes.cpp:272] Failed to get PEB UPP for 4 with 0
I1018 10:58:17.492595 7404 processes.cpp:338] Failed to get PEB UPP for 312 with 5
I1018 10:58:17.492595 7404 processes.cpp:380] Failed to get cwd for 312 with 5
I1018 10:58:17.492595 7404 processes.cpp:338] Failed to get PEB UPP for 408 with 5
I1018 10:58:17.492595 7404 processes.cpp:380] Failed to get cwd for 408 with 5
I1018 10:58:17.492595 7404 processes.cpp:338] Failed to get PEB UPP for 496 with 5
I1018 10:58:17.492595 7404 processes.cpp:380] Failed to get cwd for 496 with 5
I1018 10:58:17.492595 7404 processes.cpp:338] Failed to get PEB UPP for 592 with 5
I1018 10:58:17.492595 7404 processes.cpp:380] Failed to get cwd for 592 with 5
I1018 10:58:17.555094 7404 processes.cpp:338] Failed to get PEB UPP for 9356 with 5
I1018 10:58:17.555094 7404 processes.cpp:380] Failed to get cwd for 9356 with 5
I1018 10:58:17.680096 7404 scheduler.cpp:127] Query open_sockets finished after: 1330 milliseconds
I1018 10:58:23.112090 7404 scheduler.cpp:112] Executing scheduled query pack_live_query_3_running_processes_windows_sophos
I1018 10:58:23.446413 7404 scheduler.cpp:127] Query pack_live_query_3_running_processes_windows_sophos finished after: 345 milliseconds
I1018 10:58:45.196924 7404 scheduler.cpp:112] Executing scheduled query pack_live_query_3_changed_files_windows_sophos
MTR is showing ping failed: i/o timeout errors sometimes but now seems to have registered though we're not MTR customer.
SophosMTRExtension.log
2021-10-16T18:41:13.567+0200 info sophos Registering sophosmdrextension
2021-10-17T02:01:25.395+0200 info sophos.logger logging configured {"fileName": "C:\\ProgramData\\Sophos\\Live Query\\Logs\\SophosMTRExtension.log", "maxSizeMB": 10, "maxBackups": 3, "level": "info", "maxAgeInDays": 30}
2021-10-17T02:01:25.487+0200 info sophos.logger default logger updated
2021-10-17T02:01:25.487+0200 info sophos Sophos MTR Extension 2.1.0.65 - Commit xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxc5ae4c2
2021-10-17T02:01:25.487+0200 info sophos Registering sophosmdrextension
2021-10-17T08:21:14.467+0200 error sophos server run error: extension ping failed: i/o timeout
2021-10-17T08:21:54.913+0200 info sophos.logger logging configured {"fileName": "C:\\ProgramData\\Sophos\\Live Query\\Logs\\SophosMTRExtension.log", "maxSizeMB": 10, "maxBackups": 3, "level": "info", "maxAgeInDays": 30}
2021-10-17T08:21:55.015+0200 info sophos.logger default logger updated
2021-10-17T08:21:55.015+0200 info sophos Sophos MTR Extension 2.1.0.65 - Commit xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxc5ae4c2
2021-10-17T08:21:55.015+0200 info sophos Registering sophosmdrextension
2021-10-17T18:01:47.850+0200 info sophos.logger logging configured {"fileName": "C:\\ProgramData\\Sophos\\Live Query\\Logs\\SophosMTRExtension.log", "maxSizeMB": 10, "maxBackups": 3, "level": "info", "maxAgeInDays": 30}
2021-10-17T18:01:47.935+0200 info sophos.logger default logger updated
2021-10-17T18:01:47.935+0200 info sophos Sophos MTR Extension 2.1.0.65 - Commit xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxc5ae4c2
2021-10-17T18:01:47.935+0200 info sophos Registering sophosmdrextension
SophosOsqueryExtension.log
seems OK for me
Case 04525567 for the SophosOsquery.log Failures
Got update from support about the Failed to get PEB UPP, cwd and so on failures:
GES confirmed: Failures are just resulting noisy errors from the open_sockets query. These are not an issue nor to they indicate and issue with the software however they addressed in our 2021.3 Central release. ... they are nothing that could affect the security or the usability of the product.
Quote