Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 3480 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Comparison failure in AV and HIPS

Dazza

I have gone through the forums and found a few similar threads.

90% of my machines have a comparison failure with the Anti-virus and HIPS policy.

I have tried force comply with all group policies and the AV and HIPS one seperate

I have tried re-protecting

I have tried removing scheduled scans as in Knowledge base article 28060 this works for some machines (only a few)

The majority are still not compling with the policy

i have one of the agent logs here and it looks like access denied . i use an admin account with full access to the machine for sophos.

Any suggestions? Other than manually removing the software from all my machines and doing a fresh install (again!).

15.04.2010 09:54:00 0F14 I SAUAdapter - SAU AdapterImpl: Notifying agent of configuration change
15.04.2010 09:54:00 0F14 I ALC state observer received a configuration
15.04.2010 09:54:00 0F14 I SAUAdapter - SAU AdapterImpl: Notifying agent of status change: <?xml version="1.0" encoding="utf-8" ?><status xmlns="http://www.sophos.com/EE/EESauStatus"><CompRes xmlns="com.sophos\msys\csc" Res="Same" RevID="{ECB95FD7-6425-47DE-B4BC-62A2A1591CA6}" /></status>
15.04.2010 09:54:00 0F14 I ALC state observer notified that ALC is running
15.04.2010 09:54:00 0F14 I ALC state observer received a status: <?xml version="1.0" encoding="utf-8" ?><status xmlns="http://www.sophos.com/EE/EESauStatus"><CompRes xmlns="com.sophos\msys\csc" Res="Same" RevID="{ECB95FD7-6425-47DE-B4BC-62A2A1591CA6}" /></status>
15.04.2010 09:54:04 0B3C E SAVXP Adapter: COM exception caught in SAVConfig::CRTInspectionLoaderSaver::WriteConfigToService and re-thrown. Error Code 0x80070005: Access is denied.
15.04.2010 09:54:04 0B3C E SAVXP Adapter: COM exception caught in SAVConfig::CSAVConfigDataSaver::WriteConfigToService. Error Code 0x80070005: Access is denied.

:2408


This thread was automatically locked due to age.
Parents
  • 0

    Permissions in the root folder were not the issue they were set correctly.

    I have determined that the fault lies with the scheduled scan. I have removed it from the AV and HIPS policy completely and removed the scheduled task from the clients they are now showing "same as policy" (phew!)

    I think this will have been caused by the fact that these machines were sysprep'd for imaging and deployment. They must have had Sophos on before they were imaged which created a scheduled scan. So when the security identifiers were reset this scheduled task was orphaned and stopped Sophos from adding the new one when they were deployed.

    I will be attempting to re-introduce the scheduled scan next week after I have removed all the scheduled scans from the system.

    I will let this forum know what happens.

    Thanks :)

    :2531
Reply
  • 0

    Permissions in the root folder were not the issue they were set correctly.

    I have determined that the fault lies with the scheduled scan. I have removed it from the AV and HIPS policy completely and removed the scheduled task from the clients they are now showing "same as policy" (phew!)

    I think this will have been caused by the fact that these machines were sysprep'd for imaging and deployment. They must have had Sophos on before they were imaged which created a scheduled scan. So when the security identifiers were reset this scheduled task was orphaned and stopped Sophos from adding the new one when they were deployed.

    I will be attempting to re-introduce the scheduled scan next week after I have removed all the scheduled scans from the system.

    I will let this forum know what happens.

    Thanks :)

    :2531
Children
No Data
Unfiltered HTML