This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Update Failed with Checkpoint Endpoint VPN Client (since v86.40)

Hi all

We use Sophos InterceptX on all computers (w10 et w11)

for VPN, we are using Checkpoint Endpoint Client https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doShowproductpage&productTab=downloads&product=175

The last versions, v86.40 and v86.50 are blocking Sophos Update ! 

Sophos support tell me that Checkpoint seems do not use "file system minifilter"  https://support.sophos.com/support/s/article/KB-000033347?language=en_US&name=KB-000033347

have you experimented some similar problem ?

thanks



This thread was automatically locked due to age.
Parents
  • Hi ,

    Thank you for reaching out to the Sophos Community! Please allow us to check this further. In the meantime, please share the logs that show the Checkpoint VPN blocking the Sophos update, this will help us further analyze the issue. If you have opened a support case related to this, kindly share the case number as well.

    Have you also reached out to the vendor (Checkpoint VPN) to check if this is a known conflict with their software?

    I look forward to your reply. Thank you.


    Gladys Reyes
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hi thanks for this answer

    i found this information in log file (

    [ 1300: 27] [v2.4.230.0] ERROR Execute ClientUpdate failed. Check if Sophos Update Service is running.
    EXCEPTION: System.Runtime.InteropServices.COMException (0x8000FFFF): Défaillance irrémédiable (Exception de HRESULT : 0x8000FFFF (E_UNEXPECTED))
    à ActiveLinkClient.IClientUpdate.UpdateNow(Boolean MayShowGUI, InstallMode InstallMode)
    à Sophos.NetUI.Endpoint.Sau.<>c__DisplayClass12_0.<UpdateNow>b__0()

    "C:\ProgramData\Sophos\Sophos UI\logs\SophosUI.Net.log"

    case opened: 05548403 

    we are contacting the vendor too

    thanks and best regards

    Jean-Philippe

  • Do you know if disabling any combination of Sophos' scanning features from the local tamper-override allows SophosUpdate to start normally? The following article outlines how to test this. This may help you establish a temporary work-around.
    - Sophos Central Endpoint: Basic troubleshooting

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hi

    i tried to disable protection for sliding on/off components (i used in before in other case) BUT when in admin mode with password ok, i can't tick the case for replacing policies, tick is not operate...so i can not test some work-around... button is not functionnal, like the manuel button for updating sophos.... all of this problem are here when checkpoint client is installed...

  • When testing an installation of CheckPointVPN, I found that during the installation process, the default option is "Checkpoint Endpoint Security VPN". 

    After the installation completes and a restart is performed, you can see an additional Filesystem filter driver loaded into the OS by running the command "fltmc" in an administrative command prompt. 

    If you are unable to interact with Sophos' scanning features from the local tamper override, you can also try stopping the services normally from the Services menu. 

    If this also does not work, you may want to try isolating "vsdatant.sys" first. From the information present in the UI for the VPN software and what is shown on the following page from CheckPoint's website, it does sound like there are some overlapping features in both Sophos and CheckPoint which are conflicting. 
    www.checkpoint.com/.../

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • When testing an installation of CheckPointVPN, I found that during the installation process, the default option is "Checkpoint Endpoint Security VPN". 

    After the installation completes and a restart is performed, you can see an additional Filesystem filter driver loaded into the OS by running the command "fltmc" in an administrative command prompt. 

    If you are unable to interact with Sophos' scanning features from the local tamper override, you can also try stopping the services normally from the Services menu. 

    If this also does not work, you may want to try isolating "vsdatant.sys" first. From the information present in the UI for the VPN software and what is shown on the following page from CheckPoint's website, it does sound like there are some overlapping features in both Sophos and CheckPoint which are conflicting. 
    www.checkpoint.com/.../

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children