The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
In Enterprise Console, one or more of your endpoints lists one of the following error messages:-
a0480001 Loading SAV Interface returned the error 0x800700b: C:\Program Files...
a050000c Runtime behavior analysis is disabled because of a configuration error
a050000f Failed to load suspicious behavior detection rules file '\\.\globalroot'
On Mac OS X clients, the below error is listed:
com.sophos.intercheck: Sophos Anti-Virus failed to load the following IDE files: com.sophos.intercheck: xxx.ide
First seen in Sophos Anti-Virus for Windows 2000+Sophos Anti-Virus for LinuxSophos Anti-Virus for Mac OS X
There are two scenarios where this error can occur:
If the following example error is displayed:
a0480001 Loading SAV Interface returned the error 0x800700b: C:\Program Files\Sophos\Sophos Anti-Virus\example.ide
This means the specified ide file cannot be loaded by Sophos Anti-Virus on the endpoint due to corruption. There could be further ide files on the endpoint that also fail to load. To determine this view the SAV.txt log file on the endpoint:
This will list all individual ide files that also fail to load.
If either of the following errors are displayed:
a050000c Runtime behavior analysis is disabled because of a configuration error a050000f Failed to load suspicious behavior detection rules file '\\.\globalroot'
This means either the HIPSConfig*.dat or HIPSRules*.bdl files cannot be loaded by Sophos Anti-Virus on the endpoint due to corruption. These errors would also be logged in the SAV.txt log file on the endpoint:
If a single machine is displaying alerts
If all or groups of machines are displaying alerts
Note: If your update manager maintains multiple update locations this may take time to update.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.