Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 3 subscribers
  • Views 10110 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Endpoint fails to install updates?

FabianT

Dear all

Unfortunately i am not a computer expert so some of the Post i read here were not really of great help for me even if the maybe answered my question already? 

I have the following question:

My windows Defender notified me that my virus software is out of date. Sophos itself notifies my that i AM PROTECTED???

I have the Sophos endpoint installed and the licence is from my University.

Zeit: 16.06.2016 10:20:50
Meldung: Installation von Sophos System Protection übersprungen
Modul: ALUpdate
Prozess-ID: 7576
Thread-ID: 7680

Zeit: 16.06.2016 10:20:50
Meldung: Installation von Sophos AutoUpdate übersprungen
Modul: ALUpdate
Prozess-ID: 7576
Thread-ID: 7680

Zeit: 16.06.2016 10:20:50
Meldung: Installation von Sophos Network Threat Protection übersprungen
Modul: ALUpdate
Prozess-ID: 7576
Thread-ID: 7680

Zeit: 16.06.2016 10:20:50
Meldung: Installation von SAVXP übersprungen
Modul: ALUpdate
Prozess-ID: 7576
Thread-ID: 7680

It skips the installation of the files it downloaded.

The last ide file in C:\Program Files (x86)\Sophos\Sophos Anti-Virus is also over a week old.

But i did not do anything to the Pc. I recently found out that some of the User $path variables were also gone?

I already deleted %tmp% files and did a restart. But this had no effect. there was no error Prompt whatsoever

I would be really nice if you could help me.



This thread was automatically locked due to age.
Parents
  • 0

    Hello Fabian T,

    the Installation [...] übersprungen (installation of [...] skipped) is normal if there are no new files since the last download (Download von Produkt ... und Update des Caches abgeschlossen doesn't mean that there is anything new). If you click Produktinfo (Sophos GUI, on the left) and expand Antivirus und HIPS Software it should have 212 Erkennungsdateien and a Letztes Update date - this is the date of the last actual download. If this date is not recent it might be that the update location (university server? \\UNC or http://?) is "stale" i.e. it is not update for whatever reason. I this case you'd have to ask your university's IT.

    Christian

Reply
  • 0

    Hello Fabian T,

    the Installation [...] übersprungen (installation of [...] skipped) is normal if there are no new files since the last download (Download von Produkt ... und Update des Caches abgeschlossen doesn't mean that there is anything new). If you click Produktinfo (Sophos GUI, on the left) and expand Antivirus und HIPS Software it should have 212 Erkennungsdateien and a Letztes Update date - this is the date of the last actual download. If this date is not recent it might be that the update location (university server? \\UNC or http://?) is "stale" i.e. it is not update for whatever reason. I this case you'd have to ask your university's IT.

    Christian

Children
  • 0 in reply to QC

    Thank you for your replie,

    It seems that on outer computer the ide Files are also a week old.... so maybe it is ineed a problem with the University server.

  • 0 in reply to QC

    Hi

    Ok... i informed our Admin and he is updating our Enterprise Console. What is strange tho is the fact that at least some installations of the Endpoint protection do update fine.

    I changed my primary and secondary path to the same value and switched of the manipulation protection but this doesn´t change anything for me?

  • 0 in reply to FabianT

    Hello Fabian T,

    to verify that the update location is live you'd need the password (which you likely don't have). But if the update log doesn't show a download (or installation) error there's neither a problem with the endpoint software nor with connectivity. You could check the detailed (ALUpdate) log in %ProgramData%\Sophos\AutoUpdate\Logs\ but this will probably tell you everything is ok. 
    It still seems to be a problem on the management server ...

    Christian

  • 0 in reply to QC

    EDIT: It seems to work now! As you said there was something wrong with the update server on the university it seems

    The log is so long, i will just post the last entrys:

    Trace(2016-Jun-17 14:43:50): ALUpdate started: -ScheduledUpdate -NoGUI -RootPath "C:\Program Files (x86)\Sophos\AutoUpdate"
    Trace(2016-Jun-17 14:43:50): Process security set successfully
    Trace(2016-Jun-17 14:43:50): Product subscription is disabled: iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} action value is:0
    Trace(2016-Jun-17 14:43:50): Product iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} has not been added.
    Trace(2016-Jun-17 14:43:50): Product subscription is disabled: iProductData.{D752FAB9-5883-4b36-8740-61565B6BAD29} action value is:0
    Trace(2016-Jun-17 14:43:50): Product iProductData.{D752FAB9-5883-4b36-8740-61565B6BAD29} has not been added.
    Trace(2016-Jun-17 14:43:50): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} has been added.
    Trace(2016-Jun-17 14:43:50): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} is available from Sophos.
    Trace(2016-Jun-17 14:43:50): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} is not the Spam Rules package.
    Trace(2016-Jun-17 14:43:50): Product subscription is disabled: iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} action value is:0
    Trace(2016-Jun-17 14:43:50): Product iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} has not been added.
    Trace(2016-Jun-17 14:43:50): Product iProductData.{3B758ED7-87C1-4e89-BDE1-F49DFF1249F6} has not been added.
    Trace(2016-Jun-17 14:43:50): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} has been added.
    Trace(2016-Jun-17 14:43:50): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is available from Sophos.
    Trace(2016-Jun-17 14:43:50): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is the Spam Rules package.
    Trace(2016-Jun-17 14:43:50): Computer is a not possible cluster
    Trace(2016-Jun-17 14:43:50): PureMessageDetector::AreSpamRulesRequired - Could not open registry on Software\Sophos\MMEx\Config\Global
    Trace(2016-Jun-17 14:43:50): ConfigurationImpl, considering PMSR 2.6: PureMessage not installed, PMSR package will not be updated without a subscription
    Trace(2016-Jun-17 14:43:50): Considering subscribed products.
    Trace(2016-Jun-17 14:43:50): Considering product {8087796B-2289-4897-98A5-58FF23DAAFD0}
    Trace(2016-Jun-17 14:43:50): Product {8087796B-2289-4897-98A5-58FF23DAAFD0} is not already subscribed.
    Trace(2016-Jun-17 14:43:50): Product {8087796B-2289-4897-98A5-58FF23DAAFD0} was added to the list.
    Trace(2016-Jun-17 14:43:50): Considering product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8}
    Trace(2016-Jun-17 14:43:50): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} is not already subscribed.
    Trace(2016-Jun-17 14:43:50): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} was added to the list.
    Trace(2016-Jun-17 14:43:50): Considering product {F8FFD42E-47AC-4CFF-9E27-EC84ED62128E}
    Trace(2016-Jun-17 14:43:50): Product {F8FFD42E-47AC-4CFF-9E27-EC84ED62128E} is not already subscribed.
    Trace(2016-Jun-17 14:43:50): Product {F8FFD42E-47AC-4CFF-9E27-EC84ED62128E} was added to the list.
    Trace(2016-Jun-17 14:43:50): Product {F8FFD42E-47AC-4CFF-9E27-EC84ED62128E} is removable.
    Trace(2016-Jun-17 14:43:50): Product {8087796B-2289-4897-98A5-58FF23DAAFD0} is removable.
    Trace(2016-Jun-17 14:43:50): IPCBase::IPCBase: Initialising shared memory A32951C539924a12B3C8F2FDA5A268E4
    Trace(2016-Jun-17 14:43:50): IPCSender::ProcessSend started
    Trace(2016-Jun-17 14:43:50): IPCSender::ProcessSend: No messages in queue, starting to wait
    Trace(2016-Jun-17 14:43:50): RMSMessageHandler: ALUpdateStart
    Trace(2016-Jun-17 14:43:50): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
    Trace(2016-Jun-17 14:43:50): IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
    Trace(2016-Jun-17 14:43:50): IPCSender::ProcessSend: No messages in queue, starting to wait
    Trace(2016-Jun-17 14:43:50): ALUpdate(AutoUpdate.Started): *************** Sophos AutoUpdate started ***************
    Trace(2016-Jun-17 14:43:50): UpdateCoordinator::UpdateNow: Entering
    Trace(2016-Jun-17 14:43:50): PopulateCache: Entering
    Trace(2016-Jun-17 14:43:50): UpdateCoordinator::UpdateNow: current platform is WIN_7_X64
    Trace(2016-Jun-17 14:43:50): ProductFactory::Create: SimpleProduct: {E17FE03B-0501-4aaa-BC69-0129D965F311}
    Trace(2016-Jun-17 14:43:50): ProductFactory::Create: SimpleProduct: {8087796B-2289-4897-98A5-58FF23DAAFD0}
    Trace(2016-Jun-17 14:43:50): ProductFactory::Create: SAU Product
    Trace(2016-Jun-17 14:43:50): ProductFactory::Create: SimpleProduct: {F8FFD42E-47AC-4CFF-9E27-EC84ED62128E}
    Trace(2016-Jun-17 14:43:50): UpdateCoordinator::UpdateNow: About to Sync list of products
    Trace(2016-Jun-17 14:43:50): UpdateLocationFacade::SyncProduct: Last Update Mechanism = CID
    Trace(2016-Jun-17 14:43:50): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Started:
    Trace(2016-Jun-17 14:43:50): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, creating update location
    Trace(2016-Jun-17 14:43:50): Calling package_source_init
    Trace(2016-Jun-17 14:43:50): TrySyncProduct, Calling BeginSync
    Trace(2016-Jun-17 14:43:50): Custom certificate already present.
    Trace(2016-Jun-17 14:43:50): CalculateChecksum. Processing file C:\ProgramData\Sophos\AutoUpdate\cache\escdp.dat
    Trace(2016-Jun-17 14:43:50): Remote connection over HTTP.
    Trace(2016-Jun-17 14:43:50): Read file master.upd (Remote).
    Trace(2016-Jun-17 14:43:50): Synchronised file root.upd (Local).
    Trace(2016-Jun-17 14:43:50): Synchronised file escdp.dat (Local).
    Trace(2016-Jun-17 14:43:50): CalculateChecksum. Processing file C:\ProgramData\Sophos\AutoUpdate\cache\ProductID.dat
    Trace(2016-Jun-17 14:43:50): Synchronised file ProductID.dat (Local).
    Trace(2016-Jun-17 14:43:50): ParseCustomerIDFile: completed: 0
    Trace(2016-Jun-17 14:43:50): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Calling SyncProduct with {E17FE03B-0501-4aaa-BC69-0129D965F311}
    Trace(2016-Jun-17 14:43:50): CIDUpdateLocation::SyncProduct - Updating Product: SAVXP

Unfiltered HTML