Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 2 answers
  • Subscribers 7 subscribers
  • Views 13789 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

is there a way to make Sophos notify the end user to restart computer after Sophos has been installed

MatthewPalulis

Just installed Sophos Enterprise Console.

Just started to deploy Sophos to our endpoint users, Is there a way to inform the user by having a pop up screen pop up to let the user know to restart computer.



This thread was automatically locked due to age.
  • 0

    Hi,

    There is no way via the product be it through the deployment wizard (push) or by passing a switch to setup.exe as part of a 'pull' install.  

    Yypically, for a fresh install a restart isn't 100% required on later platforms, i.e. Win 7+.  The only piece of functionality that isn't 100% working until a reboot, is data control and buffer overflow protection, i.e the features implemented by "detours" - https://www.sophos.com/support/knowledgebase/112099.aspx.

    The Sophos detours DLL is loaded into processes as they start, as a result, until all processes are restarted you can't guarantee your 100% covered for all functionality.

    The only thing you could so is either:

    1. Deploy using a script.  I.e. one that calls setup.exe with the required switches - https://www.sophos.com/en-us/support/knowledgebase/12570.aspx.  Then monitor for some marker and call from the script: shutdown /r /t 60 (or whatever the switches might be) for example at the end.

    2.  Deploy using SEC as you're doing.  Then using the database as a source of computers which need to be restarted and script a shut-down of each client from the server.  

    Hope it helps.

    Regards,

    Jak

  • 0 in reply to jak

    Hi,

     

    We have been wrestling with this for some time. We have come up with a solution for our needs and I will document as below.

    We are running Sec 5.50

    This involves interrogating the Sophos database for error codes in the computer with errors table.

     

    This has worked perfectly for me but if you are not comfortable with the below please do not attempt and I accept no responsibility.

    I run the following SQL Command on the Sophos Server to grab a list of PC's requiring a reboot.

    This searches for error codes 103,109 and 193 which we discovered most relevant for machines requiring a restart after an update and also for Hitman pro updates.

     

    qlcmd -E -S .\sophos -d sophos550 -Q "SET NOCOUNT ON select distinct c.name from computersanddeletedcomputers as c inner join errors as e on e.id = c.lastauerroralert where e.Number in (103, 109, 193) and e.outstanding = 1" > C:\MyComp.txt -h-1 -W

    This creates the output MyComp.txt with the affected PC's.

    I used a scheduled task to run this as a batch file and update this file every 30 minutes.

     

    I created a text file called MyText.txt with the following

     

    ***IMPORTANT***

    Can you please restart your PC As Soon As Possible to allow important Sophos Anti-Virus updates to be installed.
    This is necessary to maintain the performance and protection of your PC.

    Please complete ASAP. I.T. Department.

     

    I then use the following power shell script to read c:\MyComp.txt and c:\MyText.txt and pop a message on screen for the affected machines.

    $computername = Get-Content -Path C:\MyComp.txt
    $msg = Get-Content -Path C:\MyText.txt
    Invoke-WmiMethod -Path Win32_Process -Name Create -ArgumentList "msg * $msg" -ComputerName $computername

     

    Use Task scheduler to run the file every 30 minutes or whatever frequency you need. Users will keep getting notified until the computer no longer appears in the error section of the Enterprise Console which will be after they have restarted their machine.

     

    Thanks to my friend Dave for his SQL expertise in resolving the error codes.

     

    Hope it works for you.

  • 0 in reply to Nigel

    Well this has also been nightmare for us. 

    Reason - The error does not Disappear if User has SHUTDOWN the PC and STARTED again, The Message Only DISAPPEARS when there is  a Reboot Event :(((((((((

    We had HM-PRO Update earliest this month and now we have 5000 Computers with Error Message as seen below.

     

    Error is already a problem,

    Second is the Status on the Dashboard looks ugly.

    Third we got users writing emails to Service Desk complaining on the errors in this regards. As they get the message Sophos Update Failed when they login 

     

  • 0 in reply to skyisbluescreen

    Hello skyisbluescreen,

    you should contact Support directly. You did check that reboot vs. shutdown/start makes a difference, didn't you?
    Could you perhaps show an ALUpdate (%ProgramData%\Sophos\AutoUpdate\Logs\) and a Sophos HitmanPro Alert install (%windir%\Temp\) log?

    Christian

  • 0 in reply to QC

    Hallo

    I have DM'ed  you the ALU Logs 

    For the HMPRO See below

    a 2018-03-08 02:56:30.362 [12084:7288] - Beginning install
    a 2018-03-08 02:56:30.362 [12084:7288] - Executing step: Validate it is NextGen endpoint
    a 2018-03-08 02:56:30.362 [12084:7288] - Executing step: Validate the user is an admin
    a 2018-03-08 02:56:30.362 [12084:7288] - Executing step: Validate that HMPA is not pending reboot
    w 2018-03-08 02:56:30.362 [12084:7288] - Validation failed
    a 2018-03-08 02:56:30.362 [12084:7288] - Reboot required by execute step: Validate that HMPA is not pending reboot
    w 2018-03-08 02:56:30.362 [12084:7288] - Failed step: Validate that HMPA is not pending reboot, rolling back previous steps
    a 2018-03-08 02:56:30.362 [12084:7288] - Rolling back step: Validate the user is an admin
    a 2018-03-08 02:56:30.362 [12084:7288] - Rolling back step: Validate it is NextGen endpoint
    w 2018-03-08 02:56:30.362 [12084:7288] - Failed composite step
    e 2018-03-08 02:56:30.362 [12084:7288] - A reboot is required before the installation can proceed

  • 0 in reply to skyisbluescreen

    The error message doesn't disappear after shutdown when Windows Fast Startup feature is enabled which is the default on Windows 8/10.

    When Fast Startup is enabled then a computer doesn't really shutdown. Instead it enters a hibernation mode in order to boot up faster.

    Kernel drivers can't be reloaded when fast startup is enabled. The only way is real reboot.

     

    HitmanPro uses a kernel mode driver.  For this reason the error message appears.

     

    My recommendation is disabling Fast Boot.

     

    https://support.microsoft.com/en-us/help/4011287/windows-updates-not-install-with-fast-startup

    https://www.wintips.org/how-to-turn-off-fast-startup-in-windows-10-8-and-8-1/

     

    Regards,

     

    Holger

  • 0 in reply to Holger

    Thank You Guys.. This is of great help.

    That makes sense now as whenever we requested user to reboot the system to fix the Sophos Issue, The Reboot of the system used to trigger the Patch update too adding 20+Mins to complete and log back in.

     

    So i have 2 more questions

    1. I am sure this goes on as we move to Sophos Cloud too? 

    2. Has sophos published any article in this regards ?

Unfiltered HTML