Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 3076 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

000000c1 Sophos Exploit Updates restart required (repeating)

Blood

Hello

I am seeing this notification on some, not all, of our Windows 10 clients and would appreciate some help, please.

Date/time                  Code        Description
21/10/2019 08:59:00 000000c1 Restart required for Sophos Exploit Prevention updates to take effect

Looking this up there is a Sophos article stating:

000000c1 Restart required for Sophos Exploit Prevention updates to take effect This is triggered by a pending reboot due to an Exploit prevention update or uninstall. Reboot the computer.

The computers have been rebooted several times but the notification persists.

Exploit Prevention is shown as active and the system seems to be functioning fine - all Sophos services started and working etc., and apart from the message all components are reporting as working/active in the Enterprise Console.

Can I safely ignore this message?

Thanks.



This thread was automatically locked due to age.
  • 0

    Hi  

    A reboot is required if certain components are upgraded. Could you please check on any one of the endpoints, the registry key HKLM\System\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations as it stores the names of the files to renamed when the system restarts. The file names are stored in the value of this entry until the system is restarted and they are renamed. If there is a problem where the registry entry is not clearing, create a backup of the Session manager key and delete the PendingFileRenameOperations entry. You can acknowledge the alerts from the dashboard and see if it re-occurs. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • +1

    Hello Blood,

    is the EXP version shown for these endpoints the latest (4.7.13.1460)? If not, could it be that these weren't actually restarted but shut down and started with fast startup enabled?

    Christian

  • 0 in reply to QC

    Thanks to both of you for replying.

    Christian, I think you hit the nail on the head. Most of these machines were being shutdown. This morning just two of them were reported with the error in the console so, after reading this, I shut down one, then switched it back on and the other I restarted. Sure enough, the one that was shut down showed the error again. The one that was restarted appeared with the error again, but the error disappeared after a few minutes. I restarted the other and it too resolved itself after a few minutes.

    Thank you for your help.

Unfiltered HTML