Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 1 subscriber
  • Views 841 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Anti-Virus Service "log on as"

Parker278

Hi All

We currently have a problem with Sophos not reporting back to the Enterprise Console and Manual Scans not able to be started. This is effecting a 150+ of our machines.

Although sophos have found the issue.

They recommended the following.

This error is typically caused by the default Microsoft permissions being changed on the boot partition (C:\). The local Everyone group should be listed with Travers Folder, List Folder, Read Attributes, Read Extended, and Read permissions. If this group and these rights are missing, the above mentioned issue will result. The permission change should only be applied to "This folder only".

Please note that changing permissions on the folder structure could damage the computer.

If the system is critical, make sure you have a backup of the data. Microsoft's "FixIt" tool can be used in worst case scenarios. This tool can be found at http://support.microsoft.com/kb/313222.


Before following these steps, be sure that the permissions on the C:\ are missing the Everyone group.



1. Open My Computer, right click the C:\ drive, select Sharing and Security.

2. Click the Security tab. Confirm that "Everyone" is not listed.

3. Click Advanced

4. Click Add

5. Change the Location to the local computer

6. Type Everyone in the name field, then click OK.

7. In the Permission Entry dialogue, select "This folder only" for the 'Apply onto:' drop down.

8. Tick the Allow checkbox for Traverse Folder / Execute File, List Folder / Read Data, Read Attributes, and Read Permissions. (see screen shot)

9. Click OK 3 times to commit the change.

10. Restart the Sophos Anti-Virus Service and confirm the issue is resolved.

Its fine that this solution works although it is a bit tricky to role out. So i wanted to look for another solution.

Due to it being a permission error i thought i would start by looking at what service the Sophos Anti-Virus was using.

It seems to be running under "Local Service". After this i noticed that every other Sophos Service is running under "Local System". With this in  mind i decided to try run the service i was having the issue with under these credentials.

To my amazement this worked!

Basically my question is, will there be any issues if i run the Sophos Anti-Virus service with the "log on as" credentials of "Local System", rather than "Local Service"?

Thanks in advanced

Dan Parker

:2721


This thread was automatically locked due to age.
Unfiltered HTML