Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 4490 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Tooltips shows sophos protection disabled

MoeMca

I recently installed Sophos Endpoint security and Control 9.5 on a Vista machine. When I place cursor on the sophos icon on taskbar it tells me "Sophos protection disabled", but the update is current. The icon is normal, blue and there is no other sign on it. When I open Sophos I see the the on-access scanning is enabled. I have removed Sophos completely, rebooted computer and installed it again but still having the same problem.

Any body has any idea how to resolve the issue?

:7411


This thread was automatically locked due to age.
  • 0

    Hi,

    Is this the status all the time, for example, if you were to log out and back in again?

    It sounds like a disconnect between the Almon.exe process which is responsible for the shield icon and which is installed with AutoUpdate and Sophos AV Service.

    If you open up task manager and kill the Almon.exe process and then re-launch it by running:

    \Program Files (x86)\Sophos\AutoUpdate\ALMon.exe

    or

    \Program Files\Sophos\AutoUpdate\ALMon.exe

    Does the correct state then get reflected?

    Regards,

    Jak

    :7413
  • 0

    After I followed your instructions the icon showed "Sophos protection". So I thought the problem resolved. When I checked again after a couple of minutes it is back to "Sophos protection disabled" again. Could it be a malware already sitting in my computer changing it?

    :7417
  • 0

    I am having the same problem the Shield Icon states Protection is disabled. Its up to date as far as I can tell. Also I can not start the Sophos Anti-Virus Icon cause it also state the AntiVirus is disabled. I tried to start the service from Windows Vista Services it Fails as well with 80004005 error.

    :8259
  • 0

    0x80004005 - this is "Access denied". Last week I had some nasty FakeAV on a client and among other things I've found a driver under System Devices/[cmz vkmd] Virtual Bus named vbma3891.sys (this one should be detected by Sophos if it's working but ...). Check the NTFS permission on SAVService.exe - in this case they were Full for Everyone and nothing else. After correcting them the service could be started but some minutes later the permissions were reset and SAVservice seemed stuck (couldn't check the state as the driver also prevented Process Monitor to run as well as some other executables). 

    Once I had disabled this driver and corrected the permissions again savservice did run. There was also a hidden component registered as a service. which kept starting the FakeAV.

    Christian

    :8299
Unfiltered HTML