Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 4 subscribers
  • Views 9623 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot schedule task

Vlad Alexandru

i am currently evaluating this software for our server protection but i fail to schedule a scan. Anything i try results in "incorrect password or does not adhere to security policy". I have tried all the solutions suggested in this forum, including creating a new user especially for sophos scan but the result is the same. All the users i have tried have full admin rights, and the passwords are 20 chars long and include uppercase, lowercase, special chars and digits. I run Windows Server 2012 R2.



This thread was automatically locked due to age.
Parents
  • 0

    Hello Vlad Alexandru,

    which product are you evaluating? You are using the local GUI, Scans -> New scan, aren't you? This is simply an interface to the Task Scheduler. Normally if you enter the user credentials used to log on to the server it should work. Don't think that the GUI would mangle the special characters but in this case the Security Event log should show an Audit Failure event.

    Christian

  • 0 in reply to QC

    Hello Christian

    There are in fact several "audit success" events every time i try to setup that scheduled scan, and there is only one "audit failure" ( see below ). Does this help in finding the problem ?

    Thank you

    Vlad

     

    Service:
        Server:    Security
        Service Name:    -

    Process:
        Process ID:    0xe94
        Process Name:    C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe

    Service Request Information:
        Privileges:        SeTcbPrivilege

  • 0 in reply to Vlad Alexandru

    Hello Vlad,

    indeed a failure? Hm, SavMain.exe is the GUI which wants to run elevated for certain functions. Haven't seen that it requests SeTcbPrivilege though (but I don't have access to a 2012R2 - , do you know more?). BTW: Guess the message (... or does not adhere  ...) is misleading - you get the same message if you enter an invalid username or domain.

    Christian

Reply
  • 0 in reply to Vlad Alexandru

    Hello Vlad,

    indeed a failure? Hm, SavMain.exe is the GUI which wants to run elevated for certain functions. Haven't seen that it requests SeTcbPrivilege though (but I don't have access to a 2012R2 - , do you know more?). BTW: Guess the message (... or does not adhere  ...) is misleading - you get the same message if you enter an invalid username or domain.

    Christian

Children
  • 0 in reply to QC

    Hello Christian

    username and domain are fine ( verified over and over again, including by using them for logging with remote desktop manager ). Also i guess the other privileges would be refused as well if there was a typo in the username/domain.

    Vlad

  • 0 in reply to Vlad Alexandru

    Hello Vlad,

    username and domain are fine
    wonder if the GUI gets as far as passing the credentials for verification (still puzzling over the Audit Failure you've posted). Now - some testing suggests that SAVMain.exe doesn't do any verification on its own but simply calls the Task Scheduler when you enter the credentials. And - I get the same Incorrect password ... message when the Task Scheduler service is not started though not the SeTcbPrivilege failure event. Makes me wonder what the actual issue is. You can create a Scheduled Task using the Server Manager or from the command line?

    Christian

  • +1 in reply to QC

    Hello Christian

     

    finally figured out the problem; the following setting should be "Disabled"

    Local Group Policy/Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Do not allow storage of passwords and credentials for network authentication

     

    The problem is that this setting is required to be "Enabled" by CIS in order to get PCI compliant. I will have to find some other solution to run scheduled scans on this server.

     

    Thank you for your support

    Vlad

  • 0 in reply to Vlad Alexandru

    Hello Vlad,

    well done!
    AFAIK you can use the SYSTEM account with the local GUI (although it's valid for the Task Scheduler). Please note though that for a managed install (On-Premise/SEC or Cloud/Central) you can schedule a scan which runs with the SYSTEM account using the console. The drawback is that by default all local drives are scanned and you can't apply different exclusions to individual scans.
    It's not impossible though (but you'd need assistance from Sophos) to set up special scheduled scans if needed.

    Christian

    P.S.: please mark your post as answer (even if it doesn't actually solve your problem)

Unfiltered HTML