This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos blocked "ALVA" PDF creation/ printing - it only worked when Sophos Endpoint Agent was reinstalled

We're using the software "ALVA" by Ascherslebener Computer GmbH. Yesterday there was a scheduled update install of "ALVA". After installing the update you were not able to create or print any files out of the "ALVA" software. Also there was no error message in Sophos Central indicating that Sophos blocked anything related to the newly updated "ALVA". We turned every Sophos feature on the PC where "ALVA" was executed off and it still didn't print any PDF file. But after uninstalling Sophos on the PC the software was able to generate PDF files. We reinstalled Sophos Endpoint Agent on the PC and everything was put back to factory settings (all Sophos features enabled), it worked again.

To conclude we had to reinstall Sophos Endpoint Agent on the PC with the "ALVA" software installed in order to make the software works properly again.

Does anyone know why it only worked again when we reinstalled Sophos Endpoint Agent on the PC and why didn't it work when we disabled all Sophos Endpoint Agent features?

The developers of Ascherslebener Computer GmbH said it could be due to a file called "zlib.dll" in the install directory but Sophos didn't find anything malicious about this file when it was scanned.

Thx for guessing on this topic.

Best regards!

This thread was automatically locked due to age.
  • Hello Jona,

    Thank you for reaching the community forum.

    Can you confirm if, until now, the issues didn't re-occur again after you've re-install the Sophos endpoint on the device? 
    By any chance, we're you able to get what version of Core Agent on the endpoint where the issue is observed? Also, have you tried performing a Manual update to the endpoint after you have installed "ALVA" on the system?

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • After the reinstall of Sophos, have you rebooted and does it still work? If not, then to me it is sounds likely to be due a loaded/injected dll into one of the processes. Most likely hmpalert.dll but sophosed.dll or potentially even the Sophos AMSI dll could be the reason. 

  • Hello Glenn,

    thanks for taking your time with this issue.

    The issue didn't reoccur after the re-install process.

    I'm not sure about the Core Agent Version that has been installed on the PC before reinstalling it, but the current Core Agent Version is 2023.1.2.3.

    About just a day earlier before patching "ALVA" appareantly there had been a Sophos Endpoint Update installed on the PC. But unfortunately it doesn't say which Version it was in the "events" tab of the PC in Sophos Central.

    We did a manual update to the endpoint by going into the Sophos Endpoint Agent UI and clicked on ->Information -> update now. It didn't affect the issue at all.


  • Hello Sophos User930,

    thanks for your suggestion. The PC rebooted several times, I'll ask my colleague if the issue has reappeared.

  • Good day Sophos USer930,

    after rebooting the PC the issue didn't reappear.

  • In that case it should be OK as all launched process would be injected in to.