Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1257 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NAC push install to XP SP3

NButts42

we started rollg out Sophos with the NAC to our network and on about 40% of the XP SP3 machines we are getting a unsigned network driver warning (pops up for the user) during the install of the NAC component.  Anyone else seen this?  and if so, what if any was the resolution?

:5327


This thread was automatically locked due to age.
  • 0

    Hello,

    About NAC:

    NAC is an assessment tool that will only take action if you specifically set your policy to do so.

    From the standpoint of what you are seeing it is likely that this is a HIPS alert of some kind but giving details about the

    " Unsigned Driver" would be helpful.

    The fact that you are seeing this during the NAC part of the installation on only some of your XP machines and not others should lead us to ask what is different about these machines from the others that are not showing any issues?

    Also, this is not a common issue to answer the last part of your question.

    :5332
  • 0

    it is a Microsoft WQHL unsigned driver warning message, which you can continue installation or block.  It is not coming up as a HIPS alert. The message pops up twice, continuing installs the NAC, blocking and the NAC install fails.  Then interestingly enough if you push the NAC install again it installs fine without the popups.  Its almost like a part of the install updating certificates or registry hasnt completed before it tries to run the next portion of the install

    we have not been able to determine any differences in the machines.  I thought at first it was related to some windows updates, but i have been able to rule those out.  The machines are basic XP install, with office, adobe reader and citrix client.  I see it in both XP SP2 and 3.  But i am upgrading to SP3 if i find them not updated.  I have seen it with machines that are fully up to date, and those who have 30 updates. 

    I had also thought it was related to the age of the PC/windows install, as the first batch that it showed up on were all old PC's that are due for replacement.  But then it showed up a few times on some PC's deployed in the last 3-6 months.  reviewing software installed, there is no different between the machines, save one or two minor apps like notepad++ or a different revision  of adobe reader 9.

    :5353
  • 0

    Because it is a HIPS alert I would capture the driver and send a zipped sample to the sophos labs.

    If you decide to do this then go to the site and type 11490 in the search field then use the link to send the file zipped with a password of sophos on it.

    Also, explain what is happening in great detail and they may be able to make a new IDE that will prevent this from happening.

    :5405
Unfiltered HTML