This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

While Restoring a VM Server with Sophos on it, Are there any pre requisites from Sophos Endpoint perspective ?

We have issues with Certain Servers which were restored due to some issue, However after restoring the VM from Previous Backup the Sophos has corrupted.

When we restore a VM wrt Sophos do we have some pre requisites wrt Sophos? Like disable Tamper etc.? 



This thread was automatically locked due to age.
Parents
  • Hi blueskies,

    Thanks for reaching out to the Sophos Community Forum.

    Could you elaborate on what symptoms you're seeing currently? Generally, the update processes will perform self-repair operations where needed. 

    If the entire system image is taken from a previous state, this may cause some brief discrepancies with reporting and component versions, but after updating the device should return to operating normally.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Restore of VMs are not planned for us to disable tamper in Advance, As part of our backup policy Snapshots are taken for few servers as per schedule and based on the scenarios there we might try restoring VM

    Scenarios where we could restore VMs

    • Data Corruption or Loss
    • Software or OS Updates Gone Wrong
    • Security Incidents
    • Testing and Development
    • Disaster Recovery

     

    Now about events are not planned but can occur anytime, Thus my question again what is the official recommendation? When a snapshot is restored and when a snapshot is taken is there any recommendation?

     

    Regards to Sophos broken,

    The Sophos UI does not appear on the Server to disable tamper and try restarting service or any t/s.

    Current status of Server on Central - Last Sophos Central Activity a month ago | Last Agent Update a month ago

    Only fix to this is Booting in REcovery mode to re install SOphos as SAFE mode is ruled out.

Reply
  • Restore of VMs are not planned for us to disable tamper in Advance, As part of our backup policy Snapshots are taken for few servers as per schedule and based on the scenarios there we might try restoring VM

    Scenarios where we could restore VMs

    • Data Corruption or Loss
    • Software or OS Updates Gone Wrong
    • Security Incidents
    • Testing and Development
    • Disaster Recovery

     

    Now about events are not planned but can occur anytime, Thus my question again what is the official recommendation? When a snapshot is restored and when a snapshot is taken is there any recommendation?

     

    Regards to Sophos broken,

    The Sophos UI does not appear on the Server to disable tamper and try restarting service or any t/s.

    Current status of Server on Central - Last Sophos Central Activity a month ago | Last Agent Update a month ago

    Only fix to this is Booting in REcovery mode to re install SOphos as SAFE mode is ruled out.

Children
  • When these issues occur upon restoration, could you try running the following command line to disable Tamper Protection? 
    - SEDcli.exe -OverrideTPoff <password>

    Once this is done, I'd suggest running the following command line with a new installer package. 
    - SophosSetup.exe --registeronly 

    May I ask on what schedule the backups are taken? There is a possibility that if the backup is running a much older version of components, this could cause the issues you're experiencing.

    If you have a device still in the erroneous state, I'd suggest gathering an SDU log from the device. I will contact you via PM to request the logs to take a closer look.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • The CLI does not work as there no SEDCLI in the directory 

    It was restored from last weeks backup 

    I already have reported a case to Sophos and i did not get a proper answers on 

    - When a VM is restored from a SNAPSHOT Backup why does it go into bad state

    - Why is the KEY not working 

    Last option we see is  Sophos has changed SAFE Mode T/s to Recovery Mode method for un install or re install the VM

    SDU logs sharing has not helped us

  • Can you replicate the behaviour you observed when restoring from a backup each time you perform this operation or is this the first occurrence you've seen? 

    When checking on your opened support case related to this issue, I'm unable to find an SDU log provided. Could you share an SDU with me via PM so I may take a look? 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids