"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
When troubleshooting a problem on a remote computer Sophos Technical Support may request the Sophos Diagnostic Utility (SDU) be used to gather information. Network administrators without direct access to remote computers can run the sducli.exe (Sophos Diagnostic Utility Command Line Interface) tool using the windows task scheduler to collect logs from a remote computer.
Installing the SDU tool on the Sophos Management server and using the existing SophosUpdate share, you can collect logs from the remote computer and have the output file written to the SophosUpdate share.
The SDU tool is included in SAV for Windows 10.0 and above. If you cannot find it, see article Sophos Diagnostic Utility (SDU): How to locate and downlod for alternate downloads.
Applies to the following Sophos products and versions Sophos Anti-Virus for Windows 2000+
The following steps should be performed on the Sophos Management Server.
"%allusersprofile%\Application Data\Sophos\Update Manager\Update Manager\"
"%allusersprofile%\Sophos\Update manager\Update manager\"
schtasks /create /s client /u domainName\administrator /p password /ru domainName\administrator /rp password /sc once /st hh:mm:ss /tn "Sophos Diagnose" /tr "\\serverName\SophosUpdate\CIDS\S000\SAVSCFXP\savxp\diagnose\sducli.exe -logdir=\\serverName\SophosUpdate\sduOutput\"
PSExec is classed as a Potentially Unwanted Application (PUA) by Sophos and will need to be authorised for use.
From the server hosting your Sophos Update Manager packages.
"psexec \\targetHostname \\serverName\SophosUpdate\CIDS\S000\SAVSCFXP\savxp\diagnose\sducli.exe -logdir=\\serverName\SophosUpdate\sduOutput\ -d -h"
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.