This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"You do not have sufficient privileges"

"You do not have sufficient privileges to run the Sophos Endpoint Security and Control main application"

Windows Security tray icon shows a white X on a red background stating that I currently have no antivirus loaded.

I can't access my Sophos Control panel, as it gives me the error in the subject line. I can right-click on the tray icon and "Update Now" but cannot load the main program.

Taskmanager shows that SavService.exe is running, taking 120.192Megs of memory.

I checked the usergroups specified in the error message with the following command

>net localgroup

---------------------------------------------
*Administrators
*boinc_admins
*boinc_projects
*boinc_users
*Guests
*HelpServicesGroup
*SophosAdministrator
*SophosOnAccess
*SophosPowerUser
*SophosUser
*Users
The command completed successfully."

I was already in the group SophosAdministrator, but manually added myself to the other 3 Sophos groups (and have since rebooted my PC).

I am running WinXP home 32 bit, SP3. Fully patched via windowsupdate. Also running Ad-Aware (fully updated)

Before my sophos problem

Recently, I added about 3 programs to my PC. A couple of days ago I had a BSOD-type error, which resulted in a reboot of my system. I believe Sophos loaded properly after that point. However, I elected to see which program had crashed my computer, which lead me to using the Windows (or Microsoft?) LiveCare through-the-web scanner. Unfamiliar with the interface, I must have told it to make all recommended changes to my system - I do not know if this resulted in the removal of any Sophos-critical files. In any case, at this time I also ran windowsupdate (which I ran about a week to 10 days prior), which had about 20 high priority updates available for me to download. I installed these. Upon the next reboot of the system sophos isn't working

Since my problem began

I added my username to other Sophos groups

I've downloaded and have run VundoFix (I had read that Vundo can knock out Sophos) - no infections found.

I ran the sav32cli from the sophos directory command line (no problems with executing that, but I'm not sure it scanned all files on all harddrives or anything, but it did scan 8 boot sectors. It found no infections)

Possible resolutions?

The LiveCare antivirus program said that it created a system restore point. Should I just roll back to that?

Do you need to see a dump from HijackThis?

Should I see if I have the installer for Sophos and reinstall that again? Any idea what the installer exe is typically named? I put this on my system a few years ago and have several hundred gigs of stuff:P

This thread was automatically locked due to age.

Parents

0 MDP over 14 years ago

As an update, I attempted a series of rollbacks to prior system configurations (saved over the last two weeks prior to this problem occuring). In all of these, the microsoft protection tool (can't recall the name) reported an error state saying that Sophos (or any other antivirus) were not loaded. In at least a couple of cases, I could access the Sophos Endpoint Security and Control, but everything but "View Updating Log" were grayed out and I could not even go to Help->About (I could click on it, but it would load an error screen)
I then uninstalled sophos again (autoupdater first, followed by main program)
rebooted
shut down several tray processes (AdAware, BOINC, SoundMax)
installed sophos
did "update now" - resulted in a yellow "!" state of sophos, saying some components needed reboot
disabled (in msconfig) the following:
Services->Cisco Systems, Inc. VPN Service
Startup->
dumprep 0 -k
Adobe ARM
Reader_sl
Microsoft Protection tool still registered error (no antivirus loaded)
Rebooted
Now everything appears loaded (no "protection tool error" and I can access my sophos endpoint. However, ProcMon still reports periodic Access Denied events to SavService)
I now have ProcMon configured to boot log. I've downloaded AutoRuns, but there are so many entries I don't know where to start. Nothing immediately leaps out at me, other than there are a few files that are instructed to be loaded that don't exist. All of these seem like they would legitimately be part of the WinXP OS though.
I noticed while I was installing Sophos (this time with the sound on), I would perodically hear a "pop" noise - I believe similar to the sound that the computer plays when you "Safely Remove Hardware". In the past few months I've heard this somewhat frequently, but I do not see any changes to my tray or taskbar, etc when I hear this noise. Monitoring the task monitor - I don't see anything appear or go away when I hear this noise, but I haven't done any sort of in-depth analysis. Other than when I heard it during the sophos install, most of the time I hear it is when I move my mouse to interrupt the power save state (ie, monitor off). Obviously with the monitor off it's difficult for me to visually monitor changes in programs.
In summary - at least for this current reboot, I'm not in an unprotected error state according to the OS. However, some things that SavService is attempting are still being blocked.
:3452
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 MDP over 14 years ago

As an update, I attempted a series of rollbacks to prior system configurations (saved over the last two weeks prior to this problem occuring). In all of these, the microsoft protection tool (can't recall the name) reported an error state saying that Sophos (or any other antivirus) were not loaded. In at least a couple of cases, I could access the Sophos Endpoint Security and Control, but everything but "View Updating Log" were grayed out and I could not even go to Help->About (I could click on it, but it would load an error screen)
I then uninstalled sophos again (autoupdater first, followed by main program)
rebooted
shut down several tray processes (AdAware, BOINC, SoundMax)
installed sophos
did "update now" - resulted in a yellow "!" state of sophos, saying some components needed reboot
disabled (in msconfig) the following:
Services->Cisco Systems, Inc. VPN Service
Startup->
dumprep 0 -k
Adobe ARM
Reader_sl
Microsoft Protection tool still registered error (no antivirus loaded)
Rebooted
Now everything appears loaded (no "protection tool error" and I can access my sophos endpoint. However, ProcMon still reports periodic Access Denied events to SavService)
I now have ProcMon configured to boot log. I've downloaded AutoRuns, but there are so many entries I don't know where to start. Nothing immediately leaps out at me, other than there are a few files that are instructed to be loaded that don't exist. All of these seem like they would legitimately be part of the WinXP OS though.
I noticed while I was installing Sophos (this time with the sound on), I would perodically hear a "pop" noise - I believe similar to the sound that the computer plays when you "Safely Remove Hardware". In the past few months I've heard this somewhat frequently, but I do not see any changes to my tray or taskbar, etc when I hear this noise. Monitoring the task monitor - I don't see anything appear or go away when I hear this noise, but I haven't done any sort of in-depth analysis. Other than when I heard it during the sophos install, most of the time I hear it is when I move my mouse to interrupt the power save state (ie, monitor off). Obviously with the monitor off it's difficult for me to visually monitor changes in programs.
In summary - at least for this current reboot, I'm not in an unprotected error state according to the OS. However, some things that SavService is attempting are still being blocked.
:3452
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data