Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 9945 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Live Protection errors

kuzess
I am facing the error a0570002:The sending of file samples for Sophos Live Protection failed. for my LAN PCs. I think it is because our firewall is blocking the unknown traffic to communicate HTTP to the internet. If I want to configure my firewall to allow Sophos Client to summit samples to Sophos Live Protection, what's the destination for the Sophos Live Protection?
:5668


This thread was automatically locked due to age.
  • 0

    HI,

    I had a quick poke around the config files of Sophos and found in Factory.xml:

     <DetectionFeedback>
            <settings>
     <lookupDomain>samples.sophosxl.net</lookupDomain>

        <DetectionFeedback>        <settings> <lookupDomain>samples.sophosxl.net</lookupDomain>

    So samples.sophosxl.net looks a possible.

    It might also be worth checking what you have set in:
    HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\SAVService\SophosProxy
    with regard to the proxy details that has been found by Sophos.

    From what I can tell, Almon.exe, the "logged on user" process that displays the shield, runs SavProxy.exe, which I assume gets the proxy details of the user, these values end up in the above keys.
    I hope that gives you something to check and work with.
    Thanks,
    Jak
    :5671
  • 0

    Hello kuzess,

    Whitelisting the Sophos domain to enable automatic sample submission and Overview of the Sophos Live Protection architecture in SESC 9.5+ contain some information about SXL. If "your firewall" (which one?) blocks certain traffic it should tell you so. Usually the logs contain the required information (although in case of multiple potential target IP addresses it could take some time to collect all of them).  

    Christian

    :5672
  • 0 in reply to QC
    What is Sophos Live Protection doing if the DNS request gets an answer like "No such name" from the DNS server?
    Is it waiting for an timeout? Trying again? How often? how long?

    regards Joerg
Unfiltered HTML