Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 2652 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Won't install - fails the "equivalent protection" test

Amhazing

Hi Guys,

We're converting from Trend Micro to Sphos.  Really want to use the remove third party software because we don't want to have to go to each computer to remove the existing anti virus software.

However the Sophos installation won't allow us to do that because we fail the "equivalent protection" test (i.e. we're not installing the firewall product and it wants us to).

Is there a way to override or turn off the check and do the removal anyway?

thanks

:11909


This thread was automatically locked due to age.
  • 0

    Hello H,

    you might want to read for example this thread. Also please see (haven't check if the thread refers to it) Sophos Anti-Virus: error 709999 when trying to remove third-party software.

    HTH

    Christian

    :11911
  • 0

    Thanks Christian - appreciated!

    The error 709999 didn't show up in my error message :( otherwise I would have had a much easier day yesterday ...

    The key words I got were the equivalent protection bit.

    As it turns out I had found the bit about editing the CRT config (as part of trying to run the AWremove tool manually - AWremoveW.exe being the one that doesn't give you interaction).  

    However when I ran the AWremove it didn't look like it was working so it wasn't till I came back in this morning and found it might have that I then attempted to run the install again..

    Either way it looks changing the config file made the difference so thanks.

    Now it looks like the client is deploying but none of them are coming back as managed - get the:

    "This computer is not yet managed. It is protected but has not yet reported back its status."

    error message.

    Any pointers on that one?

    regards,

    HL

    :11961
  • 0

    Open the Sophos Network Communications Report (from the Sophos\SESC program group) and check for errors. Also take a look at ClientMRInit-<timestamp>.log in %windir%\Temp (if it doesn't make sense to you please post it here).

    Christian

    :11971
  • 0

    Hi Christian,

    Here's the log file (I've removed servernames and IP for security reasons):

    08.04.2011 10:33:13 05A8 I SOF: C:\WINDOWS\TEMP/ClientMRInit-20110408-003313.log
    08.04.2011 10:33:13 05A8 D ClientMRInit updating
    08.04.2011 10:33:13 05A8 D mrfile=`MRInit.conf`
    cafile=`cac.pem`
    filepath=`C:\Program Files\Sophos\Remote Management System\`
    rtrname=`Router`
    logpath=`C:\WINDOWS\TEMP`
    08.04.2011 10:33:13 05A8 I Opening initialisation file: C:\Program Files\Sophos\Remote Management System/MRInit.conf
    08.04.2011 10:33:13 05A8 I Opening root certificate initialisation file: C:\Program Files\Sophos\Remote Management System/cac.pem
    08.04.2011 10:33:13 05A8 D CA certificates are the same, no action taken.
    08.04.2011 10:33:13 05A8 I Message Router identity keys match.
    08.04.2011 10:33:13 05A8 I Managed Application identity keys match.
    08.04.2011 10:33:13 05A8 I Management Agent identity keys match.
    08.04.2011 10:33:13 05A8 D CheckParentAddress( `serverIP,servermac,servername.domain.local,servername`->`serverIP,Servermac,servername.domain.local,servername` )
    08.04.2011 10:33:13 05A8 D IsThisComputer[serverIP,servermac,servername.domain.local,servername]
    08.04.2011 10:33:13 05A8 D Found 3 addresses
    08.04.2011 10:33:13 05A8 I Connection cache size for endpoint will be set to 10 , NumSenderThreads will be set to 3 
    08.04.2011 10:33:13 05A8 I Parent router ports match, no action taken: 8192
    08.04.2011 10:33:13 05A8 I Router IOR ports match, no action taken: 8192
    08.04.2011 10:33:13 05A8 D Router service args are the same (-ORBListenEndpoints iiop://:8193/ssl_port=8194), no change.
    08.04.2011 10:33:13 05A8 D Apply operating in update-only mode
    08.04.2011 10:33:16 05A8 I ClientMRInit successful exit

    08.04.2011 10:33:13 05A8 I SOF: C:\WINDOWS\TEMP/ClientMRInit-20110408-003313.log08.04.2011 10:33:13 05A8 D ClientMRInit updating08.04.2011 10:33:13 05A8 D mrfile=`MRInit.conf`cafile=`cac.pem`filepath=`C:\Program Files\Sophos\Remote Management System\`rtrname=`Router`logpath=`C:\WINDOWS\TEMP`08.04.2011 10:33:13 05A8 I Opening initialisation file: C:\Program Files\Sophos\Remote Management System/MRInit.conf08.04.2011 10:33:13 05A8 I Opening root certificate initialisation file: C:\Program Files\Sophos\Remote Management System/cac.pem08.04.2011 10:33:13 05A8 D CA certificates are the same, no action taken.08.04.2011 10:33:13 05A8 I Message Router identity keys match.08.04.2011 10:33:13 05A8 I Managed Application identity keys match.08.04.2011 10:33:13 05A8 I Management Agent identity keys match.08.04.2011 10:33:13 05A8 D CheckParentAddress(

    etc . .

    Apply operating in update-only mode08.04.2011 10:33:16 05A8 I ClientMRInit successful exit

    That looks all okay to me right - it looks like the client is checking for updates and getting them right?

    So will chase up the Sophos Network Comms Report..

    regards,

    H

    :12151
  • 0

    Hello,

    looks ok so far and the report will not give you more insight. Please check the router logs on the client in [%ALLUSERSPROFILE%\Application Data|%ProgramData%]\Sophos\Remote Management System\3\Router\Logs, preferably the one corresponding to MRInit. And are there any files in ...\Router\Envelopes\ ? You might also try to telnet from the client to the server's port 8194 - it should connect but close the connection after a short time.

    Christian

    :12165
Unfiltered HTML