Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 3 subscribers
  • Views 4338 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Enterprise Console: error a058000c, Webfiltertreiber wurde entfernt oder umgangen

pc-service

Since October 2021 more and more Computers have the same Problem: a058000c - Web Protection is no longer functional. The filtering driver has been bypassed or unloaded.

It starts with 30 Computers and at Thursday i move them to a special Groupe, where in the Antivirus- and Hips policies the Web protection the two options are Off (Block access to malicious websites and Content Scanning)

The policy "Web Control" was set to standard (deaktivated)

On Monday all 30 PC was rebooted over the Weekend and had no effected.

In the moment we had over 500 PC's with the Problem: a058000c - Web Protection is no longer functional. The filtering driver has been bypassed or unloaded.

Have someone the same Problem and a working solution?

We use Windows 10 LTSB/ LTSC, Sophos Client 10.8, Sophos Enterprise Console 5.5.2

Thanks in advanced

Joachim



This thread was automatically locked due to age.
Parents
  • 0

    If you run:

    "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_lspdiag.exe" & echo %errorlevel%

    A few times on these computers, does it return 0 or 1?

    The error you are getting is essentially because this test is failing and not returning 0.

    I'm curious to know if this is a permanent or transient issue.  For example, if you reboot and run that command, what does it return vs after you have launched a browser process for example.

  • 0 in reply to Sophos User930

    Thanks  for answer, the return is 0

    Greetings Joachim

  • 0 in reply to pc-service

    That would suggest it's intermittent as it can work.

    While that is returning 0, it would suggest going to http://www.sophostest.com/phishing in a browser would also work, i.e. you would see the block page. 

    Note: it has to be HTTP for the classification of that site to work.

    If it is not getting 0 from time to time, that will be the issue, the interesting thing is, what triggers the state change?

    If you create a batch file (testwebc.bat), for example with the following content:

    :s
    echo %date% %time% >> checkres.txt
    "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_lspdiag.exe" & echo %errorlevel% >> checkres.txt
    timeout /t 30
    goto s

    Does it go from 0 to 1 at a certain time or event?  It is sampling every 30 seconds. Could be interesting to leave for a few hours and check the checkres.txt for change.

  • 0 in reply to Sophos User930

    As I mentioned, you can suppress the message showing in SEC to prevent acknowledging it, you can update the ErrorAlertFilters table with the following command on the SEC server, assuming the database is local.

    sqlcmd -E -S .\sophos -d SOPHOS552 -Q "INSERT INTO ErrorAlertFilters (Source, Number) VALUES ('SAV', '-1604845556')"

    where I have used:

    .\sophos as the SQL instance, i.e. a local SOPHOS named instance of SQL Server which is the default.

    SOPHOS552 as the CORE database name which is the case for SEC 5.5.2 - see https://support.sophos.com/support/s/article/KB-000033408 

    As for the Number value 0xA058000C = -1604845556 e.g.

    I'd still be interested to know why the check is presumably working and then failing.  If it's working more than it's failing, etc..

    If you were to move to Central as the management platform, this web protection component is about to be replaced so this is all mute Slight smile

Reply
  • 0 in reply to Sophos User930

    As I mentioned, you can suppress the message showing in SEC to prevent acknowledging it, you can update the ErrorAlertFilters table with the following command on the SEC server, assuming the database is local.

    sqlcmd -E -S .\sophos -d SOPHOS552 -Q "INSERT INTO ErrorAlertFilters (Source, Number) VALUES ('SAV', '-1604845556')"

    where I have used:

    .\sophos as the SQL instance, i.e. a local SOPHOS named instance of SQL Server which is the default.

    SOPHOS552 as the CORE database name which is the case for SEC 5.5.2 - see https://support.sophos.com/support/s/article/KB-000033408 

    As for the Number value 0xA058000C = -1604845556 e.g.

    I'd still be interested to know why the check is presumably working and then failing.  If it's working more than it's failing, etc..

    If you were to move to Central as the management platform, this web protection component is about to be replaced so this is all mute Slight smile

Children
No Data
Unfiltered HTML