Sophos Central - Server Protection - Antivirus does not allow the Postgres service to start.

Sophos Central - Server Protection - Antivirus does not allow the Postgres service to start.

Dear,

We are having a problem with the operation of Sophos Server Protection, where even with the exclusions, the Postgres service does not start.
This service is part of a Sonicwall solution suite called GMS. We are considering this to be a bug, as with other antivirus solutions this does not happen.

We were forced to remove the antivirus. Before, I even created specific rules per group. Did not work. We removed the antivirus and everything returned to normal.

Has anyone ever experienced this?

  • Already ahead of the troubleshooting document, I manually deactivated the services beforehand. All of them and the problem persists. Only when we remove the antivirus that everything works again.
    support.sophos.com/.../KB-000036572

    Sonicwall GMS, in the SonicWall Universal Management Suite - Reports Summarizer service, only works when we remove the antivirus.


    Artur de Souza Aragão

  • The "SonicWall Universal Management Suite - Reports Summarizer" service summarizes the information that is collected from customers' Sonicwall appliances for management and information gathering.

    I got the service name wrong. In fact, it is the "SonicWall Universal Management Suite - Reports Database II" service that is experiencing the problem and it is this service that generates the reports with what is collected by the other service above.

    Artur de Souza Aragão

  • Hi Artur,

    Thanks for reaching out to the Sophos Community Forum.

    Are there any errors when trying to start the Postgres service? This may shed some light on the issue.

    Kushal Lakhan
    Global Community Support Engineer
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • I still haven't implemented this suggestion sent by support.

    HMPA Isolation:
    a) Access the Services and stop then disable the following service:HitmanPro.Alert service
    b) Access the following folder: C:\Windows\System32\
    c) Rename hmpalert.dll to hmpalert.orig
    d) Access the following folder: C:\Windows\SysWOW64\
    e) Rename hmpalert.dll to hmpalert.orig
    f) Reboot the computer

    But, as I decided that I would do the simulation, I installed the antivirus and noticed that after restarting, the services were active. No problems.
    When analyzing the antivirus to perform the action, I realized that it was still updating the definitions. I will wait for this process.

    After the updates the perception is that the GMS services to stop and restart are heavier. Strangely, they didn't stop this time.
    Restarting the server to better analyze the condition of the services.

    Artur de Souza Aragão



  • As I had been asked, this is the error.
    I restarted the server and the problem returned.

    There is no way to maintain Sophos protection if it is affecting the functioning of the GMS reporting service.



    Artur de Souza Aragão



  • I reproduced the steps and soon after the server restart the services went up. I noticed that the antivirus was updating after that.
    OK.

    I also noticed that the services are more agile. However, the "SonicWall Universal Management Suite - Reports Summarizer" service, when stopped, takes some time to stop abruptly, generating an error, but soon after it is possible to start.

    The past procedure worked. We need to check now if the services are working, because before, even when started, they weren't working correctly.

    Artur de Souza Aragão

  • Not satisfied, I restarted the server again.
    I noticed that the "SonicWall Universal Management Suite - Reports Database II" service stopped again. I viewed the dlls that asked to rename and new ones were placed in the folders.

    I need support with this.
    I opened support, but I am receiving in the email that I must register my order. I already did.

    Artur de Souza Aragão

  • If you require immediate assistance, I suggest using the regional phone numbers under "For Critical Cases" on the following page. 
    - support.sophos.com

    Otherwise, your Support Portal account will need to be approved before you're able to open an email case.

    I suspect the .dll was re-populated due to the Sophos AutoUpdate service and self-repair operations taking place. If you wish to test further, I suggest stopping the AutoUpdate service as well.

    Kushal Lakhan
    Global Community Support Engineer
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Dear,
    We have an incident already recorded pointing to this post. Awaiting resolutions.
    Thank you very much for everyone's kindness and contribution.

    Artur de Souza Aragão