"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
When attempting to "purge" or "delete" Sophos Update Manager (SUM) related errors or alerts, PurgeDB.exe always returns:
PurgeDB: 0 rows have been affected.
First seen in Sophos Update Manager
In the "Errors" table of the SOPHOS4 database, the "Source" of messages from Sophos Update Manager (SUM) can be either "SDDMAlert" or "SDDM". PurgeDB.exe uses a config file called ActionMapping.xml to map the command line parameter values to those in the database.
For Example, the following command will clear an outstanding Migration Failed alert against all SUMs
purgedb -action=delete -category=errors -HistoryLengthInDays=0 -type=SUMAlert -code=-2147220444
However this passes on type=SUMAlert as the Source and therefore makes no matches in the database. The "What to do" section of this article corrects the mapping.
<Type name="SUM" value="SUM" /> <Type name="SUMAlert" value="SUMALERT" />
and update them to read: <Type name="SUM" value="SDDM" /> <Type name="SUMAlert" value="SDDMALERT" />
<Type name="SUM" value="SDDM" /> <Type name="SUMAlert" value="SDDMALERT" />
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.