Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UNIX updating


We have installed Sophos Antivirus (version 9.15.1 VE3.74.2) on UNIX SP AIX1.

Computers are visible and managed via Enterprise console 5.5.1

Issue was that computers were not updating. Update manager is configured and working on LINUX a WINDOWS servers.

We have discovered that these UNIX machines does not update from default network path Server\Sophosupdate\CIDs\S000\EESAVUNIX\AIX_PPC but from this path Server\Sophosupdate\CIDs\S000\AIX_PPC

Unfortunately updates are downloaded to default path.

Is it possible to configure this path somehow?




This thread was automatically locked due to age.
  • Hello Michal,

    visible and managed [...] UNIX machines does not update from default network path
    do they show as compliant with the updating policy and are the Primary (and optionally Secondary) location as expected (i.e the paths SUM on the server deploys to)? AFAIK an updating policy sent to then endpoints contains all available products and their paths, the endpoint agent selects the appropriate for its platform but does not modify it.
    I don't have a license for UNIX so I can't say how it behaves or supposed to behave. I'd say the SEC should produce the correct paths from the subscription selected, the endpoints receive, process, and apply it accordingly. For the first I'd export the updating policy to check which paths are sent.


  • Hi Christian,

    Thanks for your reply.

    Yes UNIX computers are compliant with updating policy like WINDOWS and LINUX machines.

    I have created export you mentioned. Default path for updates is


    I have checked in details of WINDOWS, LINUX and UNIX machines path from which they download updates

    Windows has \\<server_name>\SophosUpdate\CIDs\S000\SAVSCFXP\ and updated files are directly in this folder

    Linux has \\<server_name>\SophosUpdate\CIDs\S000\savlinux and updated files are directly in this folder 

    UNIX has \\<server_name>\SophosUpdate\CIDs\S000, but updated files are downloaded to \\<server_name>\SophosUpdate\CIDs\S000\EESAVUNIX\AIX_PPC

    somehow update manager is expecting updated files in different folder from the folder where they were downloaded from Sophos.

    If I could modify path where updates are placed, or path for update manager , issue would be fixed.






  • Hello Michal,

    as said, I don't have a UNIX subscription so I can't check what SEC puts into the policy for the UNIX platforms. It might just be the "subscription tag" (Snnn). Previously a path for UNIX had two elements - EESAVUNIX and a platform-dependent subfolder like \AIX_PPC.

    Either SEC has always put EESAVUNIX into the policy and the endpoint added the platform path - then it'd be an issue with SEC 5.5.1.
    Or the path always ended in Snnn and the updater in version 9.15 builds the path incorrectly.

    A possible workaround is a specific updating policy for your UNIX machines (if feasible and if it indeed works as I assume): In the Primary Source add the \EESAVUNIX folder.  SEC will complain but accept this location. The endpoints should then build the correct path.

    Nevertheless you should contact Support to find out how it's supposed to work.


  • Thank you Christian,


    I think too that there is an issue with SEC. I have contacted support to help me with fixing of this issue.



  • Hello Michal,

    as said, I expect that a policy with \\<server_name>\SophosUpdate\EESAVUNIX as path would provide a temporary workaround.


  • Hi Christian,

    This did not work.

    When I configured update manager as you mentioned.

    Details by Unix machine were changed to this path \\server\SophosUpdate\EESAVUNIX\CIDs\S000  and updating did not work.

    There must be problem in the update manager settings, which I cannot change.


  • Hello Michal,

    This did not work
    naturally. What was I thinking [:@]?!? Sorry, my bad [:$]

    Let's recap: SEC/SUM writes to ...\EESAVUNIX\AIX_PPC but tells the UNIX machines to use ...\AIX_PPC.
    So ... if you open an admin command prompt, cd to the \S000 directory, and then mklink /J AIX_PPC .\EESAVUNIX\AIX_PPC the UNIX machines should see AIX_PPC where they are told to expect it.


  • Hi,

    I have the same problem and resolved in the next step.

    Workaround 1
    1 Click the button at the top of the SEC screen and switch to "Update Manager"
    2 Double-click on the policy subscription (eg "recommended version") currently assigned to the computer
    3 Uncheck unnecessary if OS is not currently being used (eg Sophos for Virtual Environments etc.)
    4 Press "OK" twice to close the screen
    5 Wait until update manager's "download status" is "Downloading binary" changes to "last check date:
    6 Click the button at the top of the screen of the SEC and switch to "end point"
    7 Double-click on the "update" policy assigned to the target computer
    8 Press "OK" twice to reflect policy

    Because it is google translation, sorry if it's weird.


  • *moved the thread to the SAV for UNIX thread so others can find this.*

  • Thanks this helped.

    Many thanks for you assistance.