SEP console errors

Hello Faisal,

the first group is from endpoints that can't reach the update location(s). A common reason is that updating failed while the endpoint was "elsewhere" because it truly had no way to reach the CID. When it "comes home" it connects to the server and reports its status before AutoUpdate makes its next attempt. This update should succeed and thus the message clear within one updating interval.

The second is some issue with the SophosSAU account. The screenshot doesn't contain the details but either this account doesn't exist, has a different password from that stored by AutoUpdate, or is for some reason locked out or disabled. Usually happens when a machine is "derived" (e.g. partially cloned and modified) from another, changes are amde to the local accounts,  or the registry is tampered with.

The last group is, I think I've already mentioned it, an infrastructure (likely COM) issue. I still didn't have the opportunity to examine one of the endpoints with this error - I suggest that you contact Support.

Christian

Hello Faisal,

the first group is from endpoints that can't reach the update location(s). A common reason is that updating failed while the endpoint was "elsewhere" because it truly had no way to reach the CID. When it "comes home" it connects to the server and reports its status before AutoUpdate makes its next attempt. This update should succeed and thus the message clear within one updating interval.

The second is some issue with the SophosSAU account. The screenshot doesn't contain the details but either this account doesn't exist, has a different password from that stored by AutoUpdate, or is for some reason locked out or disabled. Usually happens when a machine is "derived" (e.g. partially cloned and modified) from another, changes are amde to the local accounts,  or the registry is tampered with.

The last group is, I think I've already mentioned it, an infrastructure (likely COM) issue. I still didn't have the opportunity to examine one of the endpoints with this error - I suggest that you contact Support.

Christian

Hello QC,

Thanks for your kind and quick feedback, actually recently there was an update from Sophos which fully marked my SEC with RED alerts. Almost 90% are to reboot the machines but there are some others as well. such as below screenshot. Any advise for this ?

Regards

Faisal

Hello Faisal,

an update from Sophos which fully marked my SEC with RED alerts
this is expected on major updates, nowadays computers are left running overnight, put to deep sleep or hibernated instead of shut down. So it may take a while until these alerts go away. These are, BTW, just yellow warnings - it's only the Errors section on the dashboard that has a red icon.

Download errors can have many causes but are usually transient, i.e. they go away with the next update check. Only if they persist for a certain endpoint you'd have to investigate.

Christian

Thanks QC,

Is there any PowerShell or bat script to remove Sophos Antir-Virus from the multiple remote machines under domain.

Regards

Faisal

Hello Faisal,

you shouldn't unquestioningly uninstall - if the endpoint doesn't actually have a problem it's just a redundant exercise, if it does have e.g. an updating problem it could be precisely because the uninstall fails. If you do think it is expedient please see uninstall from the command line. 

Christian