Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 3 subscribers
  • Views 8876 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Web Intelligence Service stopped

S van Dongen

 We have the following error message: "sophos web intelligence service stopped".

This message pops-up in the right cornor of the screen at our customers. They working on a terminal server.

If i look at the services, the service is not stopped. After a reboot the service starts without a problem, but randomly this message pops-up. Do someone acure the same problem and is there any solution for this?

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Can you attach the file:

    C:\ProgramData\Sophos\Health\Logs\Health.log

    If for example you stop a service that is monitored by Sophos Health, then in the logs you see in the logs:

    2017-10-22T09:19:50.328Z [ 5144] INFO EventPublisher::PostServiceEvent Posting service stopped event: d6665adb-33f1-4a38-bda3-b8cfd64642f9 Sophos Web Intelligence Service
    2017-10-22T09:19:50.722Z [ 2920] INFO DatabaseAccessor::AddEvent Processing event id: 2569c532-d308-436e-b162-684b98d1bfa7
    2017-10-22T09:19:50.725Z [ 2920] INFO DatabaseAccessor::UpdateHealthCategories Health state has changed to - Overall: 3, Service: 3, Threat: 0

    There are grace periods when services being missing or stopped are expected.  In that case you will see something like:

    2017-10-21T19:51:38.729Z [ 1044] WARN ServiceHelper::GetServiceStatus OpenService() for 'Sophos Device Encryption Service' returned: 1060
    2017-10-21T19:51:38.729Z [ 1044] INFO ServiceCheckLogic::CalculateResult Ignored service check results: during update grace period

    Here the Sophos Device Encryption Service service was stopped during an update and hence the alert was suppressed.

    Maybe you can correlate an event in the Health log for the service being stopped that triggered the message and an update happening? 

    Evidence of the update history is probably easiest to see by looking under \windows\temp\ at the installer logs or checking the C:\ProgramData\Sophos\AutoUpdate\logs\SophosUpdate.log file for when AutoUpdate has attempted an install of a component.

    I assume the service is either being stopped during an update and the update is taking longer than Health expects (extends beyond the grace period) so you get an alert half way through or the process is crashing and restarting due to the auto recovery on the service.  For this reason it is stopped but when you check it's started..




    Is there anything in the Windows Application Event log from the following sources to backup/rule out the process is crashing

    • Windows Error Reporting
    • Application Error

    Also, what OS is it you're seeing the error on?

    Regards,

    Jak

Reply
  • 0

    Hi,

    Can you attach the file:

    C:\ProgramData\Sophos\Health\Logs\Health.log

    If for example you stop a service that is monitored by Sophos Health, then in the logs you see in the logs:

    2017-10-22T09:19:50.328Z [ 5144] INFO EventPublisher::PostServiceEvent Posting service stopped event: d6665adb-33f1-4a38-bda3-b8cfd64642f9 Sophos Web Intelligence Service
    2017-10-22T09:19:50.722Z [ 2920] INFO DatabaseAccessor::AddEvent Processing event id: 2569c532-d308-436e-b162-684b98d1bfa7
    2017-10-22T09:19:50.725Z [ 2920] INFO DatabaseAccessor::UpdateHealthCategories Health state has changed to - Overall: 3, Service: 3, Threat: 0

    There are grace periods when services being missing or stopped are expected.  In that case you will see something like:

    2017-10-21T19:51:38.729Z [ 1044] WARN ServiceHelper::GetServiceStatus OpenService() for 'Sophos Device Encryption Service' returned: 1060
    2017-10-21T19:51:38.729Z [ 1044] INFO ServiceCheckLogic::CalculateResult Ignored service check results: during update grace period

    Here the Sophos Device Encryption Service service was stopped during an update and hence the alert was suppressed.

    Maybe you can correlate an event in the Health log for the service being stopped that triggered the message and an update happening? 

    Evidence of the update history is probably easiest to see by looking under \windows\temp\ at the installer logs or checking the C:\ProgramData\Sophos\AutoUpdate\logs\SophosUpdate.log file for when AutoUpdate has attempted an install of a component.

    I assume the service is either being stopped during an update and the update is taking longer than Health expects (extends beyond the grace period) so you get an alert half way through or the process is crashing and restarting due to the auto recovery on the service.  For this reason it is stopped but when you check it's started..




    Is there anything in the Windows Application Event log from the following sources to backup/rule out the process is crashing

    • Windows Error Reporting
    • Application Error

    Also, what OS is it you're seeing the error on?

    Regards,

    Jak

Children
No Data
Unfiltered HTML