Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 3 subscribers
  • Views 5198 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Endpoint security wont update detection data from 5.19

WICETHelpdesk

We have a number of computers that are reporting out of date with detection data of 5.19 and virus data date of 15/09/2015, when you run an update now it completes successfully and there are no errors in the autoupdate log and last updated shows current date time.

The update source path is the same for all computers managed by EC with the majority of computers updating correctly. 

Any suggestion on what would be causing this and a resolution will be appreciated

Thank you



This thread was automatically locked due to age.
Parents
  • 0
    Hi,

    Just to check, they are out of date in SEC?

    Is the last message time recent for these computers?
    Note: Restarting the Sophos Agent service on the client will force a new status after 20 seconds and also update the last message time.

    Under the Anti-virus details tab, is the "IDEs" count the same as a "working" computer, along with the "Anti-Virus version", and "Detection data". The up-to-date state is calculated based on the Sophos Update Manager (SUM) sending in information about the packages and storing it in the Packages table of the "core" database. The endpoints, send up their status and the above values should match an existing package put there by SUM. The fact they don't show as Unknown (I assume they don't), suggest that the combination of data the clients are sending up does match a package that has been put their by SUM.

    On a problematic client you could:
    Stop the "SAVService".
    Delete all ".ide" files under: "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\"
    Delete: "C:\ProgramData\Sophos\AutoUpdate\data\status\status.xml"
    Force an update of the client.
    Does the status message following this fix a computer?

    Hope it helps.
Reply
  • 0
    Hi,

    Just to check, they are out of date in SEC?

    Is the last message time recent for these computers?
    Note: Restarting the Sophos Agent service on the client will force a new status after 20 seconds and also update the last message time.

    Under the Anti-virus details tab, is the "IDEs" count the same as a "working" computer, along with the "Anti-Virus version", and "Detection data". The up-to-date state is calculated based on the Sophos Update Manager (SUM) sending in information about the packages and storing it in the Packages table of the "core" database. The endpoints, send up their status and the above values should match an existing package put there by SUM. The fact they don't show as Unknown (I assume they don't), suggest that the combination of data the clients are sending up does match a package that has been put their by SUM.

    On a problematic client you could:
    Stop the "SAVService".
    Delete all ".ide" files under: "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\"
    Delete: "C:\ProgramData\Sophos\AutoUpdate\data\status\status.xml"
    Force an update of the client.
    Does the status message following this fix a computer?

    Hope it helps.
Children
No Data
Unfiltered HTML