This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Endpoint - Service Sophos Autoupdate stopped

Hello,

 

we often have the problem with the service Sophos Autoupdate stopped. Sophos Enpoint is in error state until we re start the service manually (or restart the computer).

 

 

Can you help me to find a definitive solution? Thanks !



This thread was automatically locked due to age.
  • Hello Julian Cast,

    we often have the problem with the service Sophos Autoupdate stopped
    this is definitely not normal, that the service is stopped should very rarely be the case if at all.
    You say you can start it manually - there should be an event or error in the Windows Event logs (Application, System) that tells when and perhaps why it has stopped. Please also check the latest ALSvc2020... and ALUpdate2020... logs in %ProgramData%\Sophos\AutoUpdate\Logs\.

    Christian

  • Hello QC,

     

    thanks, i will check and share it with  you !

     

    Julian 

  • Hello,

    for information, this computer is a fresh installation from this afternoon... 

    here sophosUpdate.log

    020-01-27T14:13:54.954Z [ 1748:11376] [v6.1.356.0] INFO [I19463] Syncing product 97B6A561-5F87-4A2E-A4FE-177F48D8899F RECOMMENDED path=savxp/crt
    2020-01-27T14:13:54.983Z [ 1748:11376] [v6.1.356.0] INFO [I19463] Syncing product SAVCONTROLLINE CEP path=savxp
    2020-01-27T14:13:54.989Z [ 1748:11376] [v6.1.356.0] INFO [I19463] Syncing product SXLSUP LATEST path=savxp
    2020-01-27T14:13:54.994Z [ 1748:11376] [v6.1.356.0] INFO [I19463] Syncing product HIPS LATEST_CLOUD_ENDPOINT path=savxp
    2020-01-27T14:13:55.000Z [ 1748:11376] [v6.1.356.0] INFO [I19463] Syncing product hmpa_data LATEST path=hmpa
    2020-01-27T14:13:55.005Z [ 1748:11376] [v6.1.356.0] INFO [I19463] Syncing product hmpa_data LATEST path=hmpa64
    2020-01-27T14:13:55.008Z [ 1748:11376] [v6.1.356.0] INFO [I19463] Syncing product IDE572 LATEST path=savxp
    2020-01-27T14:13:55.092Z [ 1748:11376] [v6.1.356.0] INFO [I19463] Syncing product IDE573 LATEST path=savxp
    2020-01-27T14:13:55.369Z [ 1748:11376] [v6.1.356.0] INFO Removing orphan products.
    2020-01-27T14:13:55.370Z [ 1748:11376] [v6.1.356.0] INFO No orphan products detected.
    2020-01-27T14:13:55.375Z [ 1748:11376] [v6.1.356.0] INFO Overwriting state file C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
    2020-01-27T14:13:55.385Z [ 1748:11376] [v6.1.356.0] INFO Verified state file can be loaded.
    2020-01-27T14:13:55.385Z [ 1748:11376] [v6.1.356.0] INFO Beginning decode
    2020-01-27T14:13:58.002Z [ 1748:11376] [v6.1.356.0] INFO WindowsCloudNextGen: skipping decode: nothing to do
    2020-01-27T14:14:02.562Z [ 1748:11376] [v6.1.356.0] INFO WindowsCloudNextGen: downloaded suite version: 11.6.360, display version: 2.5.5
    2020-01-27T14:14:02.566Z [ 1748:11376] [v6.1.356.0] INFO WindowsCloudClean: skipping decode: nothing to do
    2020-01-27T14:14:07.119Z [ 1748:11376] [v6.1.356.0] INFO WindowsCloudClean: downloaded suite version: 1.0.42, display version: empty
    2020-01-27T14:14:07.119Z [ 1748:11376] [v6.1.356.0] INFO WindowsCloudAV: skipping decode: nothing to do
    2020-01-27T14:14:11.671Z [ 1748:11376] [v6.1.356.0] INFO WindowsCloudAV: downloaded suite version: 11.6.360, display version: 10.8.6.215
    2020-01-27T14:14:11.671Z [ 1748:11376] [v6.1.356.0] INFO WindowsCloudEncryption: skipping decode: nothing to do
    2020-01-27T14:14:16.240Z [ 1748:11376] [v6.1.356.0] INFO WindowsCloudEncryption: downloaded suite version: 1.20.70, display version: 2.0.70
    2020-01-27T14:14:16.241Z [ 1748:11376] [v6.1.356.0] INFO WindowsCloudHitmanProAlert: skipping decode: nothing to do
    2020-01-27T14:14:20.816Z [ 1748:11376] [v6.1.356.0] INFO WindowsCloudHitmanProAlert: downloaded suite version: 1.0.415, display version: 2.0.16
    2020-01-27T14:14:23.455Z [ 1748:11376] [v6.1.356.0] INFO Saving state.
    2020-01-27T14:14:23.458Z [ 1748:11376] [v6.1.356.0] INFO Overwriting state file C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
    2020-01-27T14:14:23.467Z [ 1748:11376] [v6.1.356.0] INFO Verified state file can be loaded.
    2020-01-27T14:14:23.468Z [ 1748:11376] [v6.1.356.0] INFO Installing products.
    2020-01-27T14:14:23.468Z [ 1748:11376] [v6.1.356.0] INFO Skipped installation of component 0253775E-970D-4876-959C-21B422420E5A 1.5.3
    2020-01-27T14:14:23.469Z [ 1748:11376] [v6.1.356.0] INFO Skipped installation of component 1129226C-32AB-4B72-85E1-A9CC8DFBC859 2.2.0.3371
    2020-01-27T14:14:23.470Z [ 1748:11376] [v6.1.356.0] INFO Skipped installation of component 1FE3E7DF-EFFA-408A-A1B0-89F15BA61F31 6.1.356.356
    2020-01-27T14:14:23.470Z [ 1748:11376] [v6.1.356.0] INFO Skipped installation of component 243DECCD-8080-410D-A45F-77F2182715EE 1.8.1.1
    2020-01-27T14:14:23.471Z [ 1748:11376] [v6.1.356.0] INFO Skipped installation of component 244E68BF-E1BB-4A6B-AC18-A492DE0134C0 3.7.15.446.446
    2020-01-27T14:14:23.471Z [ 1748:11376] [v6.1.356.0] INFO Skipped installation of component 3799FB3E-808A-4F7D-AC6A-0C74F931C386 4.11.127.0
    2020-01-27T14:14:23.472Z [ 1748:11376] [v6.1.356.0] INFO Skipped installation of component 3CE954A1-0F41-4D9B-B2F0-58AA75334DFD 2.3.12.0
    2020-01-27T14:14:23.473Z [ 1748:11376] [v6.1.356.0] INFO Skipped installation of component 3D8DC0A9-7F42-4CD5-AA7B-CF29296E7789 3.8.7.124
    2020-01-27T14:14:23.473Z [ 1748:11376] [v6.1.356.0] INFO Skipped installation of component 591706A7-9603-4255-A65F-EA49BB11E8AC 1.6.540.0
    2020-01-27T14:14:23.474Z [ 1748:11376] [v6.1.356.0] INFO Skipped installation of component 5CD1A7B6-812E-47A1-A986-3A6D5D5C19F5 1.7.631.0
    2020-01-27T14:14:23.474Z [ 1748:11376] [v6.1.356.0] INFO Skipped installation of component 642A6FD9-A9D6-482D-BD8C-46661F241A0E 1.0.1503.0
    2020-01-27T14:14:23.475Z [ 1748:11376] [v6.1.356.0] INFO Skipped installation of component 70FDD40E-986A-44E5-9620-2B894A06702A 1.5.3
    2020-01-27T14:14:23.476Z [ 1748:11376] [v6.1.356.0] INFO Skipped installation of component 7F682906-6E49-481B-89C5-2DCA36720F4F 2.6.0.2
    2020-01-27T14:14:23.476Z [ 1748:11376] [v6.1.356.0] INFO Skipped installation of component 8087796B-2289-4897-98A5-58FF23DAAFD0 1.9.2235.0.99
    2020-01-27T14:14:23.477Z [ 1748:11376] [v6.1.356.0] INFO Skipped installation of component CD297D6B-58A5-474F-8A0D-0A15803B8B50 1.1.0.0
    2020-01-27T14:14:23.477Z [ 1748:11376] [v6.1.356.0] INFO Skipped installation of component E17FE03B-0501-4aaa-BC69-0129D965F311 10.8.6.215
    2020-01-27T14:14:23.478Z [ 1748:11376] [v6.1.356.0] INFO Skipped installation of component F1DAD925-C973-4e5e-B172-78E97EB60689 1.20.70.0
    2020-01-27T14:14:23.478Z [ 1748:11376] [v6.1.356.0] INFO Skipped installation of component SDU RECOMMENDED
    2020-01-27T14:14:23.484Z [ 1748:11376] [v6.1.356.0] INFO Telemetry::LoadTelemetrySupplement 215: Telemetry Interval set to 86400 seconds
    2020-01-27T14:14:23.484Z [ 1748:11376] [v6.1.356.0] INFO Telemetry::LoadDocument 202: C:\ProgramData\Sophos\AutoUpdate\\Config\TelemetryConfig.json loaded
    2020-01-27T14:14:23.484Z [ 1748:11376] [v6.1.356.0] INFO Telemetry::LoadTelemetrySupplement 256: Telemetry Interval updated to 86400 seconds
    2020-01-27T14:14:23.484Z [ 1748:11376] [v6.1.356.0] INFO Telemetry::CalculateLastTelemtryTime 145: Telemetry last ran at 2020-01-26 14:20:46, Offset 7130, Offset Time 2020-01-26 16:19:36
    2020-01-27T14:14:23.484Z [ 1748:11376] [v6.1.356.0] INFO Telemetry::HasTelemetrySchedulePeriodElapsed 168: Telemetry schedule has not elapsed.
    2020-01-27T14:14:24.497Z [ 1748:11376] [v6.1.356.0] INFO Overwriting state file C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
    2020-01-27T14:14:24.521Z [ 1748:11376] [v6.1.356.0] INFO Verified state file can be loaded.
    2020-01-27T14:14:24.523Z [ 1748:11376] [v6.1.356.0] INFO SophosUpdate has completed with the result 0.
    2020-01-27T14:14:24.523Z [ 1748:11376] [v6.1.356.0] INFO SophosUpdate is exiting.

    And now ALC.log

     

    0x4 SophosUpdate 0x32 0x19bc 0x1 0x6 0x2660 0x5e2ee4d8
    0x4 Update 0x32 0x19bc 0x1 0x55 0x2660 0x5e2ee4e0 EndpointSecurityandControl Sophos
    0x4 Update 0x32 0x19bc 0x1 0x52 0x2660 0x5e2ee504
    0x4 Install 0x32 0x19bc 0x1 0x53 0x2660 0x5e2ee504 sed64
    0x4 Install 0x32 0x19bc 0x1 0x53 0x2660 0x5e2ee504 sau
    0x4 Install 0x32 0x19bc 0x1 0x53 0x2660 0x5e2ee504 uninstaller64
    0x4 Install 0x32 0x19bc 0x1 0x53 0x2660 0x5e2ee504 hmpa64
    0x4 Install 0x32 0x19bc 0x1 0x53 0x2660 0x5e2ee504 mcsep
    0x4 Install 0x32 0x19bc 0x1 0x53 0x2660 0x5e2ee504 shs
    0x4 Install 0x32 0x19bc 0x1 0x53 0x2660 0x5e2ee504 clean64
    0x4 Install 0x32 0x19bc 0x1 0x53 0x2660 0x5e2ee504 ui64
    0x4 Install 0x32 0x19bc 0x1 0x53 0x2660 0x5e2ee504 amsi64
    0x4 Install 0x32 0x19bc 0x1 0x53 0x2660 0x5e2ee504 sme64
    0x4 Install 0x32 0x19bc 0x1 0x53 0x2660 0x5e2ee504 esh64
    0x4 Install 0x32 0x19bc 0x1 0x53 0x2660 0x5e2ee504 ntp64
    0x4 Install 0x32 0x19bc 0x1 0x53 0x2660 0x5e2ee504 efw64
    0x4 Install 0x32 0x19bc 0x1 0x53 0x2660 0x5e2ee504 savxp
    0x4 Install 0x32 0x19bc 0x1 0x53 0x2660 0x5e2ee504 enc
    0x4 Install 0x32 0x19bc 0x1 0x53 0x2660 0x5e2ee504 sdu
    0x4 Install 0x32 0x19bc 0x1 0x68 0x2660 0x5e2ee504 sse64
    0x4 Install 0x32 0x19bc 0x1 0x4d 0x2660 0x5e2ee506 sse64
    0x4 Install 0x32 0x19bc 0x1 0x2e 0x2660 0x5e2ee506
    0x4 Install 0x32 0x19bc 0x1 0x68 0x2660 0x5e2ee506 sfs64
    0x4 Install 0x32 0x19bc 0x1 0x2e 0x2660 0x5e2ee50b
    0x4 Install 0x32 0x19bc 0x1 0x54 0x2660 0x5e2ee50b
    0x4 SophosUpdate 0x32 0x19bc 0x1 0x4c 0x2660 0x5e2ee50b
    0x4 SophosUpdate 0x32 0x6d4 0x1 0x6 0x2c70 0x5e2ef016
    0x4 Update 0x32 0x6d4 0x1 0x55 0x2c70 0x5e2ef01e EndpointSecurityandControl Sophos
    0x4 Update 0x32 0x6d4 0x1 0x52 0x2c70 0x5e2ef03f
    0x4 Install 0x32 0x6d4 0x1 0x53 0x2c70 0x5e2ef03f sse64
    0x4 Install 0x32 0x6d4 0x1 0x53 0x2c70 0x5e2ef03f sed64
    0x4 Install 0x32 0x6d4 0x1 0x53 0x2c70 0x5e2ef03f sau
    0x4 Install 0x32 0x6d4 0x1 0x53 0x2c70 0x5e2ef03f uninstaller64
    0x4 Install 0x32 0x6d4 0x1 0x53 0x2c70 0x5e2ef03f hmpa64
    0x4 Install 0x32 0x6d4 0x1 0x53 0x2c70 0x5e2ef03f mcsep
    0x4 Install 0x32 0x6d4 0x1 0x53 0x2c70 0x5e2ef03f shs
    0x4 Install 0x32 0x6d4 0x1 0x53 0x2c70 0x5e2ef03f clean64
    0x4 Install 0x32 0x6d4 0x1 0x53 0x2c70 0x5e2ef03f sfs64
    0x4 Install 0x32 0x6d4 0x1 0x53 0x2c70 0x5e2ef03f ui64
    0x4 Install 0x32 0x6d4 0x1 0x53 0x2c70 0x5e2ef03f amsi64
    0x4 Install 0x32 0x6d4 0x1 0x53 0x2c70 0x5e2ef03f sme64
    0x4 Install 0x32 0x6d4 0x1 0x53 0x2c70 0x5e2ef03f esh64
    0x4 Install 0x32 0x6d4 0x1 0x53 0x2c70 0x5e2ef03f ntp64
    0x4 Install 0x32 0x6d4 0x1 0x53 0x2c70 0x5e2ef03f efw64
    0x4 Install 0x32 0x6d4 0x1 0x53 0x2c70 0x5e2ef03f savxp
    0x4 Install 0x32 0x6d4 0x1 0x53 0x2c70 0x5e2ef03f enc
    0x4 Install 0x32 0x6d4 0x1 0x53 0x2c70 0x5e2ef03f sdu
    0x4 Install 0x32 0x6d4 0x1 0x54 0x2c70 0x5e2ef03f
    0x4 SophosUpdate 0x32 0x6d4 0x1 0x7b 0x2c70 0x5e2ef03f

     

    Thanks !

     

  • Hi  

    Thank you for the logs, I can see that installation for several components has been skipped here. Would you please try the steps listed in this article and see if t helps to resolve the issue. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • Have you checked if there is a group policy script that stops the service? I've seen before a broken deployment script that runs on each startup that disabled/stopped the service for some reason.

     

    Can we also see the AutoUpdate Service log file
    %ProgramData%\Sophos\AutoUpdate\Logs\susvc.log

    Regards,
    Jak

  • Shweta said:

    Hi  

    Thank you for the logs, I can see that installation for several components has been skipped here. Would you please try the steps listed in this article and see if t helps to resolve the issue. 

     

     

    Hello i do it but after the restarting, same problem with sophos autoupdate :(

  • jak said:

    Have you checked if there is a group policy script that stops the service? I've seen before a broken deployment script that runs on each startup that disabled/stopped the service for some reason.

     

    Can we also see the AutoUpdate Service log file
    %ProgramData%\Sophos\AutoUpdate\Logs\susvc.log

    Regards,
    Jak

     

    Hi Jack!

     

    Here the log susvc.log

     

    2020-01-27T13:20:45.025Z [14140: 6884] [v6.1.356.0] INFO =========================
    2020-01-27T13:20:45.025Z [14140: 6884] [v6.1.356.0] INFO Sophos Update Service is starting.
    2020-01-27T13:20:45.025Z [14140: 6884] [v6.1.356.0] INFO AutoUpdate version : 6.1.356.0
    2020-01-27T13:20:45.025Z [14140: 6884] [v6.1.356.0] INFO susvc version : 6.1.356.0
    2020-01-27T13:20:45.025Z [14140: 6884] [v6.1.356.0] INFO Build : 20190830114005-95a0922451e171e9dc54e46773bc3633f4b6b20b
    2020-01-27T13:20:45.025Z [14140: 6884] [v6.1.356.0] INFO =========================
    2020-01-27T13:20:45.025Z [14140: 6884] [v6.1.356.0] INFO Set process security...
    2020-01-27T13:20:45.025Z [14140: 6884] [v6.1.356.0] INFO Initialising module...
    2020-01-27T13:25:44.663Z [14140: 4784] [v6.1.356.0] INFO Startup delay expired; ready for first update
    2020-01-27T13:25:44.804Z [14140: 8960] [v6.1.356.0] INFO Started update [6588]: "C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\SophosUpdate.exe" -ScheduledUpdate -RootPath "C:\Program Files (x86)\Sophos\AutoUpdate\"
    2020-01-27T13:26:36.911Z [14140: 8960] [v6.1.356.0] INFO Finished update [6588]: exit 0
    2020-01-27T13:59:05.551Z [14140: 4784] [v6.1.356.0] INFO Scheduler thread is exiting
    2020-01-27T13:59:36.197Z [ 5340: 5344] [v6.1.356.0] INFO =========================
    2020-01-27T13:59:36.197Z [ 5340: 5344] [v6.1.356.0] INFO Sophos Update Service is starting.
    2020-01-27T13:59:36.197Z [ 5340: 5344] [v6.1.356.0] INFO AutoUpdate version : 6.1.356.0
    2020-01-27T13:59:36.197Z [ 5340: 5344] [v6.1.356.0] INFO susvc version : 6.1.356.0
    2020-01-27T13:59:36.198Z [ 5340: 5344] [v6.1.356.0] INFO Build : 20190830114005-95a0922451e171e9dc54e46773bc3633f4b6b20b
    2020-01-27T13:59:36.198Z [ 5340: 5344] [v6.1.356.0] INFO =========================
    2020-01-27T13:59:36.198Z [ 5340: 5344] [v6.1.356.0] INFO Set process security...
    2020-01-27T13:59:36.198Z [ 5340: 5344] [v6.1.356.0] INFO Initialising module...
    2020-01-27T13:59:54.930Z [ 5340: 6968] [v6.1.356.0] INFO Shutting down before expiry of startup delay
    2020-01-27T13:59:54.930Z [ 5340: 6968] [v6.1.356.0] INFO Scheduler thread is exiting
    2020-01-27T14:08:42.350Z [10020: 4748] [v6.1.356.0] INFO =========================
    2020-01-27T14:08:42.350Z [10020: 4748] [v6.1.356.0] INFO Sophos Update Service is starting.
    2020-01-27T14:08:42.350Z [10020: 4748] [v6.1.356.0] INFO AutoUpdate version : 6.1.356.0
    2020-01-27T14:08:42.350Z [10020: 4748] [v6.1.356.0] INFO susvc version : 6.1.356.0
    2020-01-27T14:08:42.350Z [10020: 4748] [v6.1.356.0] INFO Build : 20190830114005-95a0922451e171e9dc54e46773bc3633f4b6b20b
    2020-01-27T14:08:42.350Z [10020: 4748] [v6.1.356.0] INFO =========================
    2020-01-27T14:08:42.350Z [10020: 4748] [v6.1.356.0] INFO Set process security...
    2020-01-27T14:08:42.350Z [10020: 4748] [v6.1.356.0] INFO Initialising module...
    2020-01-27T14:13:42.467Z [10020:11572] [v6.1.356.0] INFO Startup delay expired; ready for first update
    2020-01-27T14:13:42.597Z [10020:11836] [v6.1.356.0] INFO Started update [1748]: "C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\SophosUpdate.exe" -ScheduledUpdate -RootPath "C:\Program Files (x86)\Sophos\AutoUpdate\"
    2020-01-27T14:14:24.528Z [10020:11836] [v6.1.356.0] INFO Finished update [1748]: exit 0
    2020-01-27T14:17:49.524Z [10020:11572] [v6.1.356.0] INFO Scheduler thread is exiting
    2020-01-27T15:13:07.234Z [ 5392: 5396] [v6.1.356.0] INFO =========================
    2020-01-27T15:13:07.234Z [ 5392: 5396] [v6.1.356.0] INFO Sophos Update Service is starting.
    2020-01-27T15:13:07.234Z [ 5392: 5396] [v6.1.356.0] INFO AutoUpdate version : 6.1.356.0
    2020-01-27T15:13:07.235Z [ 5392: 5396] [v6.1.356.0] INFO susvc version : 6.1.356.0
    2020-01-27T15:13:07.235Z [ 5392: 5396] [v6.1.356.0] INFO Build : 20190830114005-95a0922451e171e9dc54e46773bc3633f4b6b20b
    2020-01-27T15:13:07.235Z [ 5392: 5396] [v6.1.356.0] INFO =========================
    2020-01-27T15:13:07.235Z [ 5392: 5396] [v6.1.356.0] INFO Set process security...
    2020-01-27T15:13:07.235Z [ 5392: 5396] [v6.1.356.0] INFO Initialising module...
    2020-01-27T15:13:18.140Z [ 5392: 6620] [v6.1.356.0] INFO Shutting down before expiry of startup delay
    2020-01-27T15:13:18.141Z [ 5392: 6620] [v6.1.356.0] INFO Scheduler thread is exiting
    2020-01-28T07:58:35.971Z [ 5304: 5308] [v6.1.356.0] INFO =========================
    2020-01-28T07:58:35.972Z [ 5304: 5308] [v6.1.356.0] INFO Sophos Update Service is starting.
    2020-01-28T07:58:35.972Z [ 5304: 5308] [v6.1.356.0] INFO AutoUpdate version : 6.1.356.0
    2020-01-28T07:58:35.972Z [ 5304: 5308] [v6.1.356.0] INFO susvc version : 6.1.356.0
    2020-01-28T07:58:35.972Z [ 5304: 5308] [v6.1.356.0] INFO Build : 20190830114005-95a0922451e171e9dc54e46773bc3633f4b6b20b
    2020-01-28T07:58:35.972Z [ 5304: 5308] [v6.1.356.0] INFO =========================
    2020-01-28T07:58:35.972Z [ 5304: 5308] [v6.1.356.0] INFO Set process security...
    2020-01-28T07:58:35.972Z [ 5304: 5308] [v6.1.356.0] INFO Initialising module...
    2020-01-28T07:58:50.922Z [ 5304: 6592] [v6.1.356.0] INFO Shutting down before expiry of startup delay
    2020-01-28T07:58:50.923Z [ 5304: 6592] [v6.1.356.0] INFO Scheduler thread is exiting
    2020-01-28T08:05:23.676Z [13024:11896] [v6.1.356.0] INFO =========================
    2020-01-28T08:05:23.676Z [13024:11896] [v6.1.356.0] INFO Sophos Update Service is starting.
    2020-01-28T08:05:23.676Z [13024:11896] [v6.1.356.0] INFO AutoUpdate version : 6.1.356.0
    2020-01-28T08:05:23.677Z [13024:11896] [v6.1.356.0] INFO susvc version : 6.1.356.0
    2020-01-28T08:05:23.677Z [13024:11896] [v6.1.356.0] INFO Build : 20190830114005-95a0922451e171e9dc54e46773bc3633f4b6b20b
    2020-01-28T08:05:23.677Z [13024:11896] [v6.1.356.0] INFO =========================
    2020-01-28T08:05:23.677Z [13024:11896] [v6.1.356.0] INFO Set process security...
    2020-01-28T08:05:23.677Z [13024:11896] [v6.1.356.0] INFO Initialising module...
    2020-01-28T08:05:23.824Z [13024:13728] [v6.1.356.0] INFO Started update [13736]: "C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\SophosUpdate.exe" -ManualUpdate -RootPath "C:\Program Files (x86)\Sophos\AutoUpdate\"
    2020-01-28T08:06:36.475Z [13024:13728] [v6.1.356.0] INFO Finished update [13736]: exit 0
    2020-01-28T08:10:24.650Z [13024:13612] [v6.1.356.0] INFO Startup delay expired; ready for first update
    2020-01-28T08:23:48.132Z [13024:13612] [v6.1.356.0] INFO Scheduler thread is exiting
    2020-01-28T08:24:15.499Z [ 5292: 5296] [v6.1.356.0] INFO =========================
    2020-01-28T08:24:15.499Z [ 5292: 5296] [v6.1.356.0] INFO Sophos Update Service is starting.
    2020-01-28T08:24:15.499Z [ 5292: 5296] [v6.1.356.0] INFO AutoUpdate version : 6.1.356.0
    2020-01-28T08:24:15.500Z [ 5292: 5296] [v6.1.356.0] INFO susvc version : 6.1.356.0
    2020-01-28T08:24:15.500Z [ 5292: 5296] [v6.1.356.0] INFO Build : 20190830114005-95a0922451e171e9dc54e46773bc3633f4b6b20b
    2020-01-28T08:24:15.500Z [ 5292: 5296] [v6.1.356.0] INFO =========================
    2020-01-28T08:24:15.500Z [ 5292: 5296] [v6.1.356.0] INFO Set process security...
    2020-01-28T08:24:15.500Z [ 5292: 5296] [v6.1.356.0] INFO Initialising module...
    2020-01-28T08:24:33.329Z [ 5292: 6924] [v6.1.356.0] INFO Shutting down before expiry of startup delay
    2020-01-28T08:24:33.329Z [ 5292: 6924] [v6.1.356.0] INFO Scheduler thread is exiting

  • Hi  

    When you try to start the service manually, is there any event generated, could you please check under event logs. Also, could you please run this command and paste the results over here. 

    REG QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall /s /f SOPHOS

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • There is no error, but I find it odd looking at these 4 service starts followed by the service stopping.

    Note: The message: "Shutting down before expiry of startup delay", suggests that the service has stopped within 5 minutes of startup as 5 mins is the default startup delay.

    =====
    2020-01-27T13:59:36.197Z [ 5340: 5344] [v6.1.356.0] INFO Sophos Update Service is starting.
    2020-01-27T13:59:36.197Z [ 5340: 5344] [v6.1.356.0] INFO AutoUpdate version : 6.1.356.0
    2020-01-27T13:59:36.197Z [ 5340: 5344] [v6.1.356.0] INFO susvc version : 6.1.356.0
    2020-01-27T13:59:36.198Z [ 5340: 5344] [v6.1.356.0] INFO Build : 20190830114005-95a0922451e171e9dc54e46773bc3633f4b6b20b
    2020-01-27T13:59:36.198Z [ 5340: 5344] [v6.1.356.0] INFO =========================
    2020-01-27T13:59:36.198Z [ 5340: 5344] [v6.1.356.0] INFO Set process security...
    2020-01-27T13:59:36.198Z [ 5340: 5344] [v6.1.356.0] INFO Initialising module...

    2020-01-27T13:59:54.930Z [ 5340: 6968] [v6.1.356.0] INFO Shutting down before expiry of startup delay

    18 seconds after starting, the service is stopped

     

    Example 2:

    =====

    2020-01-27T15:13:07.234Z [ 5392: 5396] [v6.1.356.0] INFO Sophos Update Service is starting.
    2020-01-27T15:13:07.234Z [ 5392: 5396] [v6.1.356.0] INFO AutoUpdate version : 6.1.356.0
    2020-01-27T15:13:07.235Z [ 5392: 5396] [v6.1.356.0] INFO susvc version : 6.1.356.0
    2020-01-27T15:13:07.235Z [ 5392: 5396] [v6.1.356.0] INFO Build : 20190830114005-95a0922451e171e9dc54e46773bc3633f4b6b20b
    2020-01-27T15:13:07.235Z [ 5392: 5396] [v6.1.356.0] INFO =========================
    2020-01-27T15:13:07.235Z [ 5392: 5396] [v6.1.356.0] INFO Set process security...
    2020-01-27T15:13:07.235Z [ 5392: 5396] [v6.1.356.0] INFO Initialising module...

    2020-01-27T15:13:18.140Z [ 5392: 6620] [v6.1.356.0] INFO Shutting down before expiry of startup delay

    11 seconds after starting, the service is stopped

    =====

    Example 3

    =====

    2020-01-28T07:58:35.972Z [ 5304: 5308] [v6.1.356.0] INFO Sophos Update Service is starting.
    2020-01-28T07:58:35.972Z [ 5304: 5308] [v6.1.356.0] INFO AutoUpdate version : 6.1.356.0
    2020-01-28T07:58:35.972Z [ 5304: 5308] [v6.1.356.0] INFO susvc version : 6.1.356.0
    2020-01-28T07:58:35.972Z [ 5304: 5308] [v6.1.356.0] INFO Build : 20190830114005-95a0922451e171e9dc54e46773bc3633f4b6b20b
    2020-01-28T07:58:35.972Z [ 5304: 5308] [v6.1.356.0] INFO =========================
    2020-01-28T07:58:35.972Z [ 5304: 5308] [v6.1.356.0] INFO Set process security...
    2020-01-28T07:58:35.972Z [ 5304: 5308] [v6.1.356.0] INFO Initialising module...

    2020-01-28T07:58:50.922Z [ 5304: 6592] [v6.1.356.0] INFO Shutting down before expiry of startup delay

    25 seconds after starting, the service is stopped

    =====

    2020-01-28T08:24:15.499Z [ 5292: 5296] [v6.1.356.0] INFO Sophos Update Service is starting.
    2020-01-28T08:24:15.499Z [ 5292: 5296] [v6.1.356.0] INFO AutoUpdate version : 6.1.356.0
    2020-01-28T08:24:15.500Z [ 5292: 5296] [v6.1.356.0] INFO susvc version : 6.1.356.0
    2020-01-28T08:24:15.500Z [ 5292: 5296] [v6.1.356.0] INFO Build : 20190830114005-95a0922451e171e9dc54e46773bc3633f4b6b20b
    2020-01-28T08:24:15.500Z [ 5292: 5296] [v6.1.356.0] INFO =========================
    2020-01-28T08:24:15.500Z [ 5292: 5296] [v6.1.356.0] INFO Set process security...
    2020-01-28T08:24:15.500Z [ 5292: 5296] [v6.1.356.0] INFO Initialising module...

    2020-01-28T08:24:33.329Z [ 5292: 6924] [v6.1.356.0] INFO Shutting down before expiry of startup delay

    18 seconds after starting it's stopped.

    ======

    It would be interesting to correlate the computer starting up with these logs.  For example, the service could start on update if the AutoUpdate component updates itself which isn't very often and from the log provided it's all the same version in these logs.

    So I have to assume that the computer has started up, the Sophos AutoUpdate service has started but then, 18, 11, 25 and 18 seconds later the service has stopped.  The AutoUpdate service is an auto-start service, so as part of the startup I believe a process is stopping it, maybe a startup script.

    I would probably gather a Process Monitor boot trace of the computer to see what processes/scripts get executed when the service is stopped. You should see a process exit event for alsvc.exe as a way of seeing when the service stops.  The problem should be between the Process Start for alsvc.exe and the process exit.

    Regards,

    Jak

  • Hello  

    Have you also had the chance to look into Event Viewer logs that might pinpoint the reason why the AU service would stop even if it has been set to Delayed Start?

    Would be interesting to know if there are any errors there.