This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

The attempt to delete the infected file "X" failed. The user does not have the rights...

Hi all,

We are getting the following message more and more often:

The attempt to delete the infected file "X" failed.  The user does not have the rights to perform the action on the infected file

When I 'click -through' to the Sophos site it states that the Sophos Anti-Virus service should be run using an Administrator account.  When I checked, the service uses NT AUTHORITY\LocalService.  Is this the correct account or do we have an installation problem?

Thanks,

John

:384


This thread was automatically locked due to age.
Parents
  • Hi,

    The "Sophos Anti-Virus" service should run as "local service" on XP and above.  It runs as "local System" on 2000.

    For actions taken, the service impersonates the user requesting the action.  So if a user runs cleanup it will impersonate that user so in theory should have the ability to access files that user has access to and therefore clean.

    If cleanup is initiated from SEC, either as part of a scheduled task or as cleanup task, then cleanup will be performed under the "local system" context, which should be powerful enough to be able to take action on any component on the system.

    As a rule of thumb, cleanup should be initiated by an administrative user if run locally.  Otherwise a scheduled scan created by SEC or a cleanup from SEC should do the trick.

    Thanks

    :498
Reply
  • Hi,

    The "Sophos Anti-Virus" service should run as "local service" on XP and above.  It runs as "local System" on 2000.

    For actions taken, the service impersonates the user requesting the action.  So if a user runs cleanup it will impersonate that user so in theory should have the ability to access files that user has access to and therefore clean.

    If cleanup is initiated from SEC, either as part of a scheduled task or as cleanup task, then cleanup will be performed under the "local system" context, which should be powerful enough to be able to take action on any component on the system.

    As a rule of thumb, cleanup should be initiated by an administrative user if run locally.  Otherwise a scheduled scan created by SEC or a cleanup from SEC should do the trick.

    Thanks

    :498
Children
No Data