This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Script for Correction Services

Script for Correction Services Good morning Sophos community, I would like to clear a doubt, we have a computer park with more than 8 thousand computers, we are currently running a script in this environment to make the correction of some Sophos services, because when installing Sophos, many machines go up with large part of the services not working. Would we have a script that we could put on the network to make a general fix for all the services?

Today we use a script for the update

@echo off if there is "C:\Program Files\Sophos\Clean" IF %ERRORLEVEL% EQU 0 (GOTO QUIT) ELSE (GOTO REMOVE)

: REMOVE

del /q /f "C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml"

msiexec.exe /i "c:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sau\Sophos AutoUpdate.msi" /quiet

:QUIT

exit

But this script is working on the correction of the following services:

Missing: Sophos Safestore Service

Missing: Sophos Clean Service

But we always have machines with errors in other services such as:

Missing: Sophos Endpoint Defense Service

Missing: Sophos System Protection Service

HitmanPro Alert service



This thread was automatically locked due to age.
Parents
  • Is this Sophos Central or Sophos SEC managed?

    Reason I ask.  

    SAU XG which is part of the Central client has:

    C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml"

    SAU which is part of the on-prem client has:

    C:\ProgramData\Sophos\AutoUpdate\data\status\Status.xml"

    I would also not suggest running the MSIs directly.

    Deleting the above file will result in AutoUpdate, on the next update check running the installers of all the components it's managing.

  • In this case it's for the machines in Sophos Central

    In that case would it be ideal to eliminate the AutoUpdate file deletion?

    Every day I send this script to fix several machines with this Update error, they fix more is a series of other services stopped.

  • I would need to see more logs as to know why. I think a support case would be your best bet given the amount of logs required.

    I suppose the good news is Sophos is about to enable RepairKit.  This is a new component that runs at the start of an update to check the components are ok; i.e. if services are started, management adapters are present, files are signed by Sophos, etc.. If there are issues such as Sophos stopped then it will start them, for other issues mark the component for re-install so on the update it re-runs the installer.

    This is enabled in EAP now if you wanted to test it on a couple of machines.

  • Perfectly, in that case I could check with Sophos about this new RepairKit tool?

    Or would this be a procedure still under development?

  • If you join a test machine to the EAP you can see it in action. Disable tamper protection. Stop a service and call update now and it should start it. You can check the repair kit log file to see the checks. It’s under programdata\sophos\autoupdate\logs\

Reply
  • If you join a test machine to the EAP you can see it in action. Disable tamper protection. Stop a service and call update now and it should start it. You can check the repair kit log file to see the checks. It’s under programdata\sophos\autoupdate\logs\

Children
No Data