Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 3482 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Comparison failure in AV and HIPS

Dazza

I have gone through the forums and found a few similar threads.

90% of my machines have a comparison failure with the Anti-virus and HIPS policy.

I have tried force comply with all group policies and the AV and HIPS one seperate

I have tried re-protecting

I have tried removing scheduled scans as in Knowledge base article 28060 this works for some machines (only a few)

The majority are still not compling with the policy

i have one of the agent logs here and it looks like access denied . i use an admin account with full access to the machine for sophos.

Any suggestions? Other than manually removing the software from all my machines and doing a fresh install (again!).

15.04.2010 09:54:00 0F14 I SAUAdapter - SAU AdapterImpl: Notifying agent of configuration change
15.04.2010 09:54:00 0F14 I ALC state observer received a configuration
15.04.2010 09:54:00 0F14 I SAUAdapter - SAU AdapterImpl: Notifying agent of status change: <?xml version="1.0" encoding="utf-8" ?><status xmlns="http://www.sophos.com/EE/EESauStatus"><CompRes xmlns="com.sophos\msys\csc" Res="Same" RevID="{ECB95FD7-6425-47DE-B4BC-62A2A1591CA6}" /></status>
15.04.2010 09:54:00 0F14 I ALC state observer notified that ALC is running
15.04.2010 09:54:00 0F14 I ALC state observer received a status: <?xml version="1.0" encoding="utf-8" ?><status xmlns="http://www.sophos.com/EE/EESauStatus"><CompRes xmlns="com.sophos\msys\csc" Res="Same" RevID="{ECB95FD7-6425-47DE-B4BC-62A2A1591CA6}" /></status>
15.04.2010 09:54:04 0B3C E SAVXP Adapter: COM exception caught in SAVConfig::CRTInspectionLoaderSaver::WriteConfigToService and re-thrown. Error Code 0x80070005: Access is denied.
15.04.2010 09:54:04 0B3C E SAVXP Adapter: COM exception caught in SAVConfig::CSAVConfigDataSaver::WriteConfigToService. Error Code 0x80070005: Access is denied.

:2408


This thread was automatically locked due to age.
Parents
  • 0

    This is typically caused by the default Microsoft permissions being changed on the boot partition (C:\). The local Everyone group should be listed with Travers Folder, List Folder, Read Attributes, Read Extended, and Read permissions. If this group and these rights are missing, the above mentioned issue will result. The permission change should only be applied to "This folder only". Please note that changing permisssions on the folder structure could damage the computer.

    If the system is critical, make sure you have a backup of the data. Microsoft's "FixIt" tool can be used in worst case scenarios. This tool can be found at http://support.microsoft.com/kb/313222.

    Before following these steps, be sure that the symptoms mentioned fit what you are seeing and that the permissions on the C:\ are missing the Everyone group.


    1. Open My Computer, right click the C:\ drive, select Sharing and Security.
    2. Click the Security tab. Confirm that "Everyone" is not listed.
    3. Click Advanced
    4. Click Add
    5. Change the Location to the local computer
    6. Type Everyone in the name field, then click OK.
    7. In the Permission Entry dialogue, select "This folder only" for the 'Apply onto:' drop down.
    8. Tick the Allow checkbox for Traverse Folder / Execute File, List Folder / Read Data, Read Attributes, and Read Permissions. (see screen shot)
    9. Click OK 3 times to commit the change.
    10. Restart the Sophos Anti-Virus Service and confirm the issue is resolved.

    For further assistance, please contact Sophos Technical Support via http://www.sophos.com/support/queries/, advising that KB 109831 has been followed.

    :2479
Reply
  • 0

    This is typically caused by the default Microsoft permissions being changed on the boot partition (C:\). The local Everyone group should be listed with Travers Folder, List Folder, Read Attributes, Read Extended, and Read permissions. If this group and these rights are missing, the above mentioned issue will result. The permission change should only be applied to "This folder only". Please note that changing permisssions on the folder structure could damage the computer.

    If the system is critical, make sure you have a backup of the data. Microsoft's "FixIt" tool can be used in worst case scenarios. This tool can be found at http://support.microsoft.com/kb/313222.

    Before following these steps, be sure that the symptoms mentioned fit what you are seeing and that the permissions on the C:\ are missing the Everyone group.


    1. Open My Computer, right click the C:\ drive, select Sharing and Security.
    2. Click the Security tab. Confirm that "Everyone" is not listed.
    3. Click Advanced
    4. Click Add
    5. Change the Location to the local computer
    6. Type Everyone in the name field, then click OK.
    7. In the Permission Entry dialogue, select "This folder only" for the 'Apply onto:' drop down.
    8. Tick the Allow checkbox for Traverse Folder / Execute File, List Folder / Read Data, Read Attributes, and Read Permissions. (see screen shot)
    9. Click OK 3 times to commit the change.
    10. Restart the Sophos Anti-Virus Service and confirm the issue is resolved.

    For further assistance, please contact Sophos Technical Support via http://www.sophos.com/support/queries/, advising that KB 109831 has been followed.

    :2479
Children
No Data
Unfiltered HTML