This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

2 Services stops after starting

After an Restore of an Server, we have an Issue with Sophos Endpoint Protections. 2 Services will not starting. The Services are the "Sophos Clean" and the "Sophos Safestore".  We have tried to remove and reinstall the Endpoint Protection, but after the reinstallation the Problem was still the same. Both Services will not start. When i try to startup the services manually, then comes the messages, that the services have been started and than stopped, but no Failure or Failurecode. The Logs of both services are here:

Sophos Safestore:

2021-12-16T15:40:05.835Z --- Sophos Safestore (3.9.14.1) process enabled ---
2021-12-16T15:40:05.836Z Async comms established
2021-12-16T15:40:05.836Z Started
2021-12-16T15:40:05.836Z Listening (tid 7120)
2021-12-16T15:40:06.328Z Command: getdigest
2021-12-16T15:40:06.328Z GetContext context: 0000000000000000
2021-12-16T15:40:06.328Z Attempting to obtain password from file: C:\ProgramData\Sophos\Safestore\SafeStore.pw
2021-12-16T15:40:06.328Z Attempting to create password for file: C:\ProgramData\Sophos\Safestore\SafeStore.pw
2021-12-16T15:40:06.330Z Initialising SafeStore
2021-12-16T15:40:06.738Z Task: "getdigest" (component 20)
2021-12-16T15:40:06.738Z No objects
2021-12-16T15:40:06.738Z No objects serialized
2021-12-16T15:40:06.739Z Task successful (time spent: 0ms)
2021-12-16T15:40:06.741Z Command: getdigest
2021-12-16T15:40:06.741Z GetContext context: 000000F12DA57EE0
2021-12-16T15:40:06.742Z Task: "getdigest" (component 20)
2021-12-16T15:40:06.742Z No objects
2021-12-16T15:40:06.742Z No objects serialized
2021-12-16T15:40:06.742Z Task successful (time spent: 0ms)
2021-12-16T15:40:08.750Z  - SafestoreServer::ShutdownHandler SetEvent returned true
2021-12-16T15:40:08.751Z Stopping...
2021-12-16T15:40:08.751Z  - SafestoreServer::Shutdown start
2021-12-16T15:40:08.751Z  - SafestoreServer::Shutdown before SignalObjectAndWait
2021-12-16T15:40:08.753Z  - SafestoreServer::Shutdown after SignalObjectAndWait
2021-12-16T15:40:08.753Z  - SafestoreServer::Shutdown before SgStopAsyncCommLibThread
2021-12-16T15:40:08.753Z  - SafestoreServer::Shutdown after Stop, before SgJoinAsyncCommLibThread
2021-12-16T15:40:08.753Z  - SafestoreServer::Shutdown after SgJoinAsyncCommLibThread
2021-12-16T15:40:08.753Z  - SafestoreServer::Shutdown before SgShutdownAsyncComms
2021-12-16T15:40:08.754Z  - SafestoreServer::Shutdown after SgShutdownAsyncComms
2021-12-16T15:40:08.754Z  - SafestoreServer::Shutdown end
2021-12-16T15:40:08.754Z Stopped
2021-12-16T15:40:13.809Z Registered service control handler
2021-12-16T15:42:39.060Z Registered service control handler
2021-12-16T15:44:35.932Z --- Sophos Safestore (3.9.14.1) process enabled ---
2021-12-16T15:44:35.932Z Async comms established
2021-12-16T15:44:35.933Z Started
2021-12-16T15:44:35.933Z Listening (tid 68404)
2021-12-16T15:44:36.433Z Command: getdigest
2021-12-16T15:44:36.433Z GetContext context: 0000000000000000
2021-12-16T15:44:36.433Z Attempting to obtain password from file: C:\ProgramData\Sophos\Safestore\SafeStore.pw
2021-12-16T15:44:36.434Z Initialising SafeStore
2021-12-16T15:44:36.758Z Task: "getdigest" (component 20)
2021-12-16T15:44:36.758Z No objects
2021-12-16T15:44:36.758Z No objects serialized
2021-12-16T15:44:36.758Z Task successful (time spent: 0ms)
2021-12-16T15:44:36.761Z Command: getdigest
2021-12-16T15:44:36.761Z GetContext context: 000000CF02E1CB10
2021-12-16T15:44:36.761Z Task: "getdigest" (component 20)
2021-12-16T15:44:36.762Z No objects
2021-12-16T15:44:36.762Z No objects serialized
2021-12-16T15:44:36.762Z Task successful (time spent: 0ms)
2021-12-16T15:44:38.769Z  - SafestoreServer::ShutdownHandler SetEvent returned true
2021-12-16T15:44:38.769Z Stopping...
2021-12-16T15:44:38.769Z  - SafestoreServer::Shutdown start
2021-12-16T15:44:38.769Z  - SafestoreServer::Shutdown before SignalObjectAndWait
2021-12-16T15:44:38.770Z  - SafestoreServer::Shutdown after SignalObjectAndWait
2021-12-16T15:44:38.770Z  - SafestoreServer::Shutdown before SgStopAsyncCommLibThread
2021-12-16T15:44:38.770Z  - SafestoreServer::Shutdown after Stop, before SgJoinAsyncCommLibThread
2021-12-16T15:44:38.770Z  - SafestoreServer::Shutdown after SgJoinAsyncCommLibThread
2021-12-16T15:44:38.770Z  - SafestoreServer::Shutdown before SgShutdownAsyncComms
2021-12-16T15:44:38.770Z  - SafestoreServer::Shutdown after SgShutdownAsyncComms
2021-12-16T15:44:38.771Z  - SafestoreServer::Shutdown end
2021-12-16T15:44:38.771Z Stopped
2021-12-16T15:45:22.252Z Registered service control handler
2021-12-16T15:45:50.552Z Registered service control handler
2021-12-16T15:50:40.330Z --- Sophos Safestore (3.9.14.1) process enabled ---
2021-12-16T15:50:40.331Z Async comms established
2021-12-16T15:50:40.331Z Started
2021-12-16T15:50:40.331Z Listening (tid 6528)
2021-12-16T15:50:40.829Z Command: getdigest
2021-12-16T15:50:40.829Z GetContext context: 0000000000000000
2021-12-16T15:50:40.829Z Attempting to obtain password from file: C:\ProgramData\Sophos\Safestore\SafeStore.pw
2021-12-16T15:50:40.829Z Initialising SafeStore
2021-12-16T15:50:41.153Z Task: "getdigest" (component 20)
2021-12-16T15:50:41.154Z No objects
2021-12-16T15:50:41.154Z No objects serialized
2021-12-16T15:50:41.154Z Task successful (time spent: 1ms)
2021-12-16T15:50:41.157Z Command: getdigest
2021-12-16T15:50:41.158Z GetContext context: 000000FF0629CB10
2021-12-16T15:50:41.158Z Task: "getdigest" (component 20)
2021-12-16T15:50:41.158Z No objects
2021-12-16T15:50:41.158Z No objects serialized
2021-12-16T15:50:41.158Z Task successful (time spent: 0ms)
2021-12-16T15:50:43.167Z  - SafestoreServer::ShutdownHandler SetEvent returned true
2021-12-16T15:50:43.167Z Stopping...
2021-12-16T15:50:43.168Z  - SafestoreServer::Shutdown start
2021-12-16T15:50:43.168Z  - SafestoreServer::Shutdown before SignalObjectAndWait
2021-12-16T15:50:43.168Z  - SafestoreServer::Shutdown after SignalObjectAndWait
2021-12-16T15:50:43.168Z  - SafestoreServer::Shutdown before SgStopAsyncCommLibThread
2021-12-16T15:50:43.168Z  - SafestoreServer::Shutdown after Stop, before SgJoinAsyncCommLibThread
2021-12-16T15:50:43.169Z  - SafestoreServer::Shutdown after SgJoinAsyncCommLibThread
2021-12-16T15:50:43.169Z  - SafestoreServer::Shutdown before SgShutdownAsyncComms
2021-12-16T15:50:43.169Z  - SafestoreServer::Shutdown after SgShutdownAsyncComms
2021-12-16T15:50:43.170Z  - SafestoreServer::Shutdown end
2021-12-16T15:50:43.170Z Stopped

Sophos Clean

2021-12-16T15:40:05.825Z --- Sophos Clean (3.9.14.1) process enabled ---
2021-12-16T15:40:05.826Z Async comms established
2021-12-16T15:40:06.739Z Successfully established communication with Safestore.
2021-12-16T15:40:06.739Z Command processor startup
2021-12-16T15:40:06.740Z Started
2021-12-16T15:40:06.740Z AutoSafeRestore started (verify every 14916 secs)
2021-12-16T15:40:06.740Z Command processor started
2021-12-16T15:40:06.740Z Request read from: C:\ProgramData\Sophos\Clean\Drop\scan_request_9AF1A0C5-8EEC-4E43-BA76-E34A32948F87.json (process)
2021-12-16T15:40:06.741Z {"command":"rescan-quarantine","reference_id":"61EA4CBB-E702-43A6-AB09-3149D597CDAF"}
2021-12-16T15:40:06.741Z Command rescan-quarantine => Verify now: C:\ProgramData\Sophos\Clean\Drop\scan_request_9AF1A0C5-8EEC-4E43-BA76-E34A32948F87.json
2021-12-16T15:40:06.741Z VerifySafestore
2021-12-16T15:40:06.742Z Number of threats in Safestore: 0
2021-12-16T15:40:06.742Z VerifySafestore: no files to restore
2021-12-16T15:40:06.746Z Response written to: C:\ProgramData\Sophos\Endpoint Defense\Data\Clean\Drop\61EA4CBB-E702-43A6-AB09-3149D597CDAF.json
2021-12-16T15:40:06.748Z {"command": "restored-from-quarantine", "reference_id": "61EA4CBB-E702-43A6-AB09-3149D597CDAF", "restored": []}
2021-12-16T15:40:08.750Z Stopping...
2021-12-16T15:40:08.753Z AutoSafeRestore stopped
2021-12-16T15:40:08.753Z Stopped
2021-12-16T15:40:14.396Z Registered service control handler
2021-12-16T15:42:35.716Z Registered service control handler
2021-12-16T15:44:35.931Z --- Sophos Clean (3.9.14.1) process enabled ---
2021-12-16T15:44:35.932Z Async comms established
2021-12-16T15:44:36.759Z Successfully established communication with Safestore.
2021-12-16T15:44:36.759Z Command processor startup
2021-12-16T15:44:36.760Z Started
2021-12-16T15:44:36.760Z AutoSafeRestore started (verify every 14677 secs)
2021-12-16T15:44:36.760Z Command processor started
2021-12-16T15:44:36.760Z Request read from: C:\ProgramData\Sophos\Clean\Drop\scan_request_BCD8154E-7F1E-4BD2-89E9-DE2DEA276736.json (process)
2021-12-16T15:44:36.761Z {"command":"rescan-quarantine","reference_id":"00F325C1-A772-4A63-B6B1-70A419A7DF10"}
2021-12-16T15:44:36.761Z Command rescan-quarantine => Verify now: C:\ProgramData\Sophos\Clean\Drop\scan_request_BCD8154E-7F1E-4BD2-89E9-DE2DEA276736.json
2021-12-16T15:44:36.761Z VerifySafestore
2021-12-16T15:44:36.762Z Number of threats in Safestore: 0
2021-12-16T15:44:36.762Z VerifySafestore: no files to restore
2021-12-16T15:44:36.767Z Response written to: C:\ProgramData\Sophos\Endpoint Defense\Data\Clean\Drop\00F325C1-A772-4A63-B6B1-70A419A7DF10.json
2021-12-16T15:44:36.768Z {"command": "restored-from-quarantine", "reference_id": "00F325C1-A772-4A63-B6B1-70A419A7DF10", "restored": []}
2021-12-16T15:44:38.769Z Stopping...
2021-12-16T15:44:38.770Z AutoSafeRestore stopped
2021-12-16T15:44:38.770Z Stopped
2021-12-16T15:45:00.196Z Registered service control handler
2021-12-16T15:50:40.327Z --- Sophos Clean (3.9.14.1) process enabled ---
2021-12-16T15:50:40.327Z Async comms established
2021-12-16T15:50:41.155Z Successfully established communication with Safestore.
2021-12-16T15:50:41.155Z Command processor startup
2021-12-16T15:50:41.156Z Started
2021-12-16T15:50:41.156Z AutoSafeRestore started (verify every 14423 secs)
2021-12-16T15:50:41.156Z Command processor started
2021-12-16T15:50:41.157Z Request read from: C:\ProgramData\Sophos\Clean\Drop\scan_request_6A3D63E1-F657-4670-8F04-9CC68C6992C9.json (process)
2021-12-16T15:50:41.157Z {"command":"rescan-quarantine","reference_id":"0A12020D-DCE3-49D1-A05D-B3C6B8F2A181"}
2021-12-16T15:50:41.157Z Command rescan-quarantine => Verify now: C:\ProgramData\Sophos\Clean\Drop\scan_request_6A3D63E1-F657-4670-8F04-9CC68C6992C9.json
2021-12-16T15:50:41.157Z VerifySafestore
2021-12-16T15:50:41.158Z Number of threats in Safestore: 0
2021-12-16T15:50:41.159Z VerifySafestore: no files to restore
2021-12-16T15:50:41.164Z Response written to: C:\ProgramData\Sophos\Endpoint Defense\Data\Clean\Drop\0A12020D-DCE3-49D1-A05D-B3C6B8F2A181.json
2021-12-16T15:50:41.166Z {"command": "restored-from-quarantine", "reference_id": "0A12020D-DCE3-49D1-A05D-B3C6B8F2A181", "restored": []}
2021-12-16T15:50:43.167Z Stopping...
2021-12-16T15:50:43.168Z AutoSafeRestore stopped
2021-12-16T15:50:43.168Z Stopped



This thread was automatically locked due to age.
Parents Reply Children
  • When the UI is healthy, it looks like:

    The Sophos Health Service watches for service health issues and the status is stored here:

    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\Health\Status

    0 = OK for each of the services it monitors.

    If a service is stopped that should be started, the EP shows:

    In the registry, 1= Stopped for a service.