Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 4490 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Tooltips shows sophos protection disabled

MoeMca

I recently installed Sophos Endpoint security and Control 9.5 on a Vista machine. When I place cursor on the sophos icon on taskbar it tells me "Sophos protection disabled", but the update is current. The icon is normal, blue and there is no other sign on it. When I open Sophos I see the the on-access scanning is enabled. I have removed Sophos completely, rebooted computer and installed it again but still having the same problem.

Any body has any idea how to resolve the issue?

:7411


This thread was automatically locked due to age.
Parents
  • 0

    0x80004005 - this is "Access denied". Last week I had some nasty FakeAV on a client and among other things I've found a driver under System Devices/[cmz vkmd] Virtual Bus named vbma3891.sys (this one should be detected by Sophos if it's working but ...). Check the NTFS permission on SAVService.exe - in this case they were Full for Everyone and nothing else. After correcting them the service could be started but some minutes later the permissions were reset and SAVservice seemed stuck (couldn't check the state as the driver also prevented Process Monitor to run as well as some other executables). 

    Once I had disabled this driver and corrected the permissions again savservice did run. There was also a hidden component registered as a service. which kept starting the FakeAV.

    Christian

    :8299
Reply
  • 0

    0x80004005 - this is "Access denied". Last week I had some nasty FakeAV on a client and among other things I've found a driver under System Devices/[cmz vkmd] Virtual Bus named vbma3891.sys (this one should be detected by Sophos if it's working but ...). Check the NTFS permission on SAVService.exe - in this case they were Full for Everyone and nothing else. After correcting them the service could be started but some minutes later the permissions were reset and SAVservice seemed stuck (couldn't check the state as the driver also prevented Process Monitor to run as well as some other executables). 

    Once I had disabled this driver and corrected the permissions again savservice did run. There was also a hidden component registered as a service. which kept starting the FakeAV.

    Christian

    :8299
Children
No Data
Unfiltered HTML