Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 2 subscribers
  • Views 4475 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cross through Computer - No Alerts or Errors - Endpoint scan shows 5 Errors

Roy Littlewood

Hopefully just a quick question, I have a new installation running for a couple of weeks and I regularly see a Red Cross through the computer in Sophos Enterprise Console, it is a local computer and on the Endpoint is on the same machine as the Enterprise Console

Also today the Anti-Virus Log showed 5 Errors, yesterday it showed 7 Errors, the errors that are seen are:

(5 items)

20171223 024755 The device "D:\" is not ready. (This is a DVD drive so has now been removed from the scan)
20171223 024755 The folder "I:\" doesn't exist. (This is a network folder physically on this machine)
20171223 024755 The folder "L:\" doesn't exist. (This is a network folder physically on this machine)
20171223 024755 The folder "M:\" doesn't exist. (This is a network folder physically on this machine)
20171223 024755 The folder "S:\" doesn't exist. (This is a network folder physically on this machine)

(4 items)
20171223 024756 Unknown error 0x8000ffff decomposing "Music". 
20171223 024756 Unknown error 0x8000ffff decomposing "Videos".
20171223 024756 Unknown error 0x8000ffff decomposing "Documents".
20171223 024756 Unknown error 0x8000ffff decomposing "Pictures".

Computer Details are:

Computer name DC-ACMIUK
Computer description DC-1
Operating system Windows Server 2008 R2
Service pack
Domain/workgroup ACMIUK
IP address 10.0.10.1
Sophos Anti-Virus version 10.7.2 VE3.69.2
HIPS rules 10.3.242.1
HIPS configuration 1.0.65.2
Detection data 5.46
On-access scanning Active
Anti-virus and HIPS policy Same as policy
Last scheduled scan completed
Last message received from computer 21/12/2017 23:23:24
Last logged on user ACMIUK\Administrator
Up to date Yes
Updating policy Same as policy
Time installed package became available 14/12/2017 13:39:16
Time next package became available
Primary update server \\DC-ACMIUK\SophosUpdate\CIDs\S000\SAVSCFXP\
Secondary update server Sophos
Exploit prevention status
Exploit prevention policy compliance
Exploit prevention agent version
Client firewall enabled
Client firewall policy
Client firewall version
Client firewall mode
Application control policy Same as policy
Application control on-access scanning Inactive
Data control scanning status Inactive
Device control scanning status Inactive
Data control policy compliance Same as policy
Device control policy compliance Same as policy
Tamper protection status Inactive
Tamper protection policy compliance Same as policy
Patch assessment
Patch policy
Patch agent version
Web control status Inactive
Web control policy Same as policy
Group \Global Group\Domain Controllers

History

Items detected Date/time Type Name Sub-type Details Reference Action taken Username
22/12/2017 19:29:15 Virus/spyware Mal/EncPk-ANR C:\Windows\SysWOW64\IqZ8CbZ17Mv6g.exe Acknowledged
21/12/2017 12:12:02 Virus/spyware Troj/Agent-AXXD C:\Windows\28568024.exe Cleaned up NT AUTHORITY\SYSTEM
21/12/2017 12:10:38 Virus/spyware Troj/Agent-AXXD C:\Windows\28568024.exe Blocked ACMIUK\Administrator
20/12/2017 12:09:20 Virus/spyware Troj/Spy-AOB Threat no longer presentNT AUTHORITY\SYSTEM
20/12/2017 12:09:20 Virus/spyware Troj/Agent-AXXD C:\Windows\SysWOW64\OPRQs9M.exe Cleaned up NT AUTHORITY\SYSTEM
20/12/2017 12:01:04 Virus/spyware Troj/Spy-AOB C:\Windows\SysWOW64\zlrcm9dlsvko.exe Cleaned up ACMIUK\Administrator
20/12/2017 11:59:30 Virus/spyware Troj/Spy-AOB C:\Windows\SysWOW64\zlrcm9dlsvko.exe Blocked ACMIUK\Administrator
20/12/2017 11:59:05 Virus/spyware Troj/Agent-AXXD C:\Windows\SysWOW64\OPRQs9M.exe Blocked ACMIUK\Administrator
19/12/2017 16:41:27 Virus/spyware HPmal/Emotet-B C:\Windows\SysWOW64\cryptnvidia.exe Cleaned up NT AUTHORITY\SYSTEM
19/12/2017 16:41:03 Virus/spyware HPmal/Emotet-B C:\Windows\SysWOW64\cryptnvidia.exe Blocked NT AUTHORITY\SYSTEM
19/12/2017 16:06:51 Virus/spyware HPmal/Emotet-B C:\Windows\SysWOW64\cryptnvidia.exe Cleaned up NT AUTHORITY\SYSTEM
19/12/2017 16:06:27 Virus/spyware HPmal/Emotet-B C:\Windows\SysWOW64\cryptnvidia.exe Blocked NT AUTHORITY\SYSTEM
19/12/2017 00:45:24 Virus/spyware Mal/Generic-S C:\Windows\SysWOW64\cryptnvidia.exe Cleaned up NT AUTHORITY\SYSTEM
19/12/2017 00:44:46 Virus/spyware Mal/Generic-S C:\Windows\SysWOW64\cryptnvidia.exe Blocked NT AUTHORITY\SYSTEM
18/12/2017 20:58:28 Virus/spyware Troj/Emotet-KR C:\Windows\SysWOW64\vtjEjDgCCcijGX6WT1H.exe Cleaned up NT AUTHORITY\SYSTEM
18/12/2017 20:57:46 Virus/spyware Troj/Emotet-KR C:\Windows\SysWOW64\vtjEjDgCCcijGX6WT1H.exe Blocked ACMIUK\Administrator
18/12/2017 15:39:26 Virus/spyware Mal/EncPk-ANR C:\Windows\SysWOW64\IqZ8CbZ17Mv6g.exe partially removed - restart the computerNT AUTHORITY\SYSTEM
18/12/2017 15:39:04 Virus/spyware Mal/EncPk-ANR C:\Windows\SysWOW64\IqZ8CbZ17Mv6g.exe Blocked NT AUTHORITY\SYSTEM
18/12/2017 15:24:17 Virus/spyware Mal/EncPk-ANR Threat no longer presentNT AUTHORITY\SYSTEM
18/12/2017 15:24:17 Virus/spyware Mal/EncPk-ANR C:\Windows\SysWOW64\ODbmM3SWXSRQzI.exe Cleaned up NT AUTHORITY\SYSTEM
18/12/2017 15:23:52 Virus/spyware Mal/EncPk-ANR C:\Windows\SysWOW64\ODbmM3SWXSRQzI.exe Blocked NT AUTHORITY\SYSTEM
16/12/2017 03:09:46 Virus/spyware Mal/Generic-S C:\Windows\16640472.exe Cleaned up NT AUTHORITY\SYSTEM
16/12/2017 03:09:29 Virus/spyware Troj/Emotet-KT C:\Windows\17230296.exe Cleaned up NT AUTHORITY\SYSTEM
16/12/2017 03:09:04 Virus/spyware Troj/Agent-AXWM C:\Windows\SysWOW64\XJWGe0.exe Cleaned up NT AUTHORITY\SYSTEM
16/12/2017 03:06:44 Virus/spyware Mal/Generic-S C:\Windows\16640472.exe Blocked NT AUTHORITY\SYSTEM
16/12/2017 03:06:44 Virus/spyware Troj/Emotet-KT C:\Windows\17230296.exe Blocked NT AUTHORITY\SYSTEM
16/12/2017 03:06:43 Virus/spyware Troj/Agent-AXWM C:\Windows\SysWOW64\XJWGe0.exe Blocked NT AUTHORITY\SYSTEM
15/12/2017 23:13:07 Virus/spyware Troj/Agent-AXWM C:\Windows\SysWOW64\cryptnvidia.exe Cleaned up NT AUTHORITY\SYSTEM
15/12/2017 23:12:24 Virus/spyware Troj/Agent-AXWM C:\Windows\SysWOW64\cryptnvidia.exe Blocked NT AUTHORITY\SYSTEM
12/12/2017 10:38:24 Virus/spyware Mal/EncPk-ANR C:\Windows\55961888.exe Cleaned up NT AUTHORITY\SYSTEM
12/12/2017 10:38:00 Virus/spyware Mal/EncPk-ANR C:\Windows\55961888.exe Blocked ACMIUK\Peter.Schofield
11/12/2017 19:02:19 Virus/spyware HPmal/Emotet-B C:\Windows\SysWOW64\cryptnvidia.exe Cleaned up NT AUTHORITY\SYSTEM
11/12/2017 19:02:02 Virus/spyware Mal/EncPk-ANR C:\Windows\SysWOW64\1oa7FmwNY3Uw8j.exe Cleaned up NT AUTHORITY\SYSTEM
11/12/2017 19:01:39 Virus/spyware HPmal/Emotet-B C:\Windows\SysWOW64\cryptnvidia.exe Blocked NT AUTHORITY\SYSTEM
11/12/2017 19:01:39 Virus/spyware Mal/EncPk-ANR C:\Windows\SysWOW64\1oa7FmwNY3Uw8j.exe Blocked NT AUTHORITY\SYSTEM
11/12/2017 16:37:02 Virus/spyware HPmal/Emotet-B C:\Windows\SysWOW64\cryptnvidia.exe Cleaned up NT AUTHORITY\SYSTEM
11/12/2017 16:36:36 Virus/spyware HPmal/Emotet-B C:\Windows\SysWOW64\cryptnvidia.exe Blocked NT AUTHORITY\SYSTEM
11/12/2017 16:00:54 Virus/spyware HPmal/Emotet-B C:\Windows\SysWOW64\cryptnvidia.exe Cleaned up NT AUTHORITY\SYSTEM
11/12/2017 16:00:30 Virus/spyware HPmal/Emotet-B C:\Windows\SysWOW64\cryptnvidia.exe Blocked NT AUTHORITY\SYSTEM

Sophos AutoUpdate status Date/time Code Description
21/12/2017 23:16:47 00000000 Updated successfully
21/12/2017 20:13:55 00000067 Failed to install Sophos PureMessage: Error code 800706be
21/12/2017 19:13:53 00000067 Failed to install Sophos PureMessage: Error code 800706ba
21/12/2017 18:14:05 00000067 Failed to install Sophos PureMessage: Error code 800706bf
21/12/2017 17:13:40 00000067 Failed to install Sophos PureMessage: Error code 8007071a
21/12/2017 16:13:41 00000067 Failed to install Sophos PureMessage: Error code 800706be
21/12/2017 15:14:21 00000067 Failed to install Sophos PureMessage: Error code 800706bf
21/12/2017 13:13:45 00000067 Failed to install Sophos PureMessage: Error code 8007071a
21/12/2017 12:13:40 00000067 Failed to install Sophos PureMessage: Error code 800706bf
21/12/2017 11:13:41 00000067 Failed to install Sophos PureMessage: Error code 800706be
21/12/2017 10:13:40 00000067 Failed to install Sophos PureMessage: Error code 800706ba
21/12/2017 09:13:59 00000067 Failed to install Sophos PureMessage: Error code 8007071a
21/12/2017 08:08:31 00000067 Failed to install Sophos PureMessage: Error code 800706be
20/12/2017 19:18:52 00000000 Updated successfully
18/12/2017 19:18:43 00000000 Updated successfully
18/12/2017 19:14:14 0000006b Download of PMSR Data failed from server pmw-dynamic.sophos.com/.../
17/12/2017 18:57:34 00000000 Updated successfully
15/12/2017 18:47:42 00000000 Updated successfully
13/12/2017 21:35:29 00000000 Updated successfully
13/12/2017 10:00:48 00000000 Updated successfully
13/12/2017 09:01:26 00000067 Failed to install Sophos PureMessage: Error code 800706be
13/12/2017 08:00:52 00000067 Failed to install Sophos PureMessage: Error code 8007071a
13/12/2017 07:01:03 00000067 Failed to install Sophos PureMessage: Error code 800706ba
13/12/2017 04:00:52 00000067 Failed to install Sophos PureMessage: Error code 8007071a
13/12/2017 03:01:34 00000067 Failed to install Sophos PureMessage: Error code 800706be
13/12/2017 01:00:51 00000067 Failed to install Sophos PureMessage: Error code 8007071a
12/12/2017 23:00:57 00000067 Failed to install Sophos PureMessage: Error code 800706be
12/12/2017 21:01:06 00000067 Failed to install Sophos PureMessage: Error code 800706ba
12/12/2017 19:01:00 00000067 Failed to install Sophos PureMessage: Error code 800706be
12/12/2017 18:00:57 00000067 Failed to install Sophos PureMessage: Error code 800706ba
12/12/2017 15:00:56 00000067 Failed to install Sophos PureMessage: Error code 800706be
12/12/2017 13:01:02 00000067 Failed to install Sophos PureMessage: Error code 800706ba
12/12/2017 10:00:51 00000067 Failed to install Sophos PureMessage: Error code 800706be
12/12/2017 09:00:58 00000067 Failed to install Sophos PureMessage: Error code 8007071a
12/12/2017 08:00:53 00000067 Failed to install Sophos PureMessage: Error code 80020009
11/12/2017 22:35:43 00000067 Failed to install Sophos PureMessage: Error code 8007071a
11/12/2017 22:25:41 00000067 Failed to install Sophos PureMessage: Error code 800706ba
11/12/2017 22:15:41 00000067 Failed to install Sophos PureMessage: Error code 8007071a
11/12/2017 22:05:42 00000067 Failed to install Sophos PureMessage: Error code 800706ba
11/12/2017 20:45:50 00000067 Failed to install Sophos PureMessage: Error code 8007071a
11/12/2017 20:35:47 00000067 Failed to install Sophos PureMessage: Error code 800706be
11/12/2017 19:45:45 00000067 Failed to install Sophos PureMessage: Error code 8007071a
11/12/2017 19:35:46 00000067 Failed to install Sophos PureMessage: Error code 800706bf
11/12/2017 19:25:45 00000067 Failed to install Sophos PureMessage: Error code 8007071a
11/12/2017 19:15:46 00000067 Failed to install Sophos PureMessage: Error code 800706ba
11/12/2017 19:06:23 00000067 Failed to install Sophos PureMessage: Error code 8007071a
11/12/2017 15:46:20 00000000 Updated successfully
10/12/2017 19:20:51 00000000 Updated successfully

IDEs installed adwi-byb.ide age-axpl.ide age-axpq.ide age-axpt.ide age-axqw.ide
age-axsa.ide age-axse.ide age-axsv.ide age-axta.ide age-axtf.ide
age-axuj.ide age-axuk.ide age-axur.ide age-axva.ide age-axvc.ide
age-axxa.ide aimbo-ak.ide auto-cde.ide bank-bo.ide cerb-any.ide
chisb-tl.ide chisb-tp.ide chisb-tt.ide chisb-tu.ide chisb-tx.ide
chisb-ty.ide chmdl-d.ide chmdld-k.ide darkc-gq.ide darkc-gr.ide
darkc-gs.ide darkc-gt.ide darkc-ha.ide darkk-ac.ide decep-dz.ide
decep-eb.ide decep-fi.ide delf-gjh.ide delf-gjl.ide delf-gjp.ide
delf-gjv.ide delf-gko.ide delf-gla.ide delf-glh.ide delf-gli.ide
delf-glj.ide delf-glo.ide delf-glq.ide docd-lce.ide docd-lcj.ide
docd-lem.ide docd-lff.ide docd-lfx.ide docd-lgb.ide docd-lgl.ide
docd-lhg.ide docd-lhj.ide docd-lhr.ide docd-lhz.ide docd-lii.ide
docd-lin.ide docd-lis.ide docd-liy.ide docd-ljk.ide docd-lkb.ide
docd-lkj.ide docd-lku.ide docd-llb.ide docd-llx.ide docd-lly.ide
docd-lmd.ide docd-lmt.ide docd-lmw.ide docd-lne.ide docd-lnk.ide
docd-lnp.ide docd-loc.ide docd-loj.ide docd-loo.ide docd-low.ide
docd-lpk.ide docd-lpn.ide docd-lpx.ide docd-lpz.ide docd-lre.ide
docd-lro.ide docd-lsb.ide docd-lsk.ide docd-lta.ide docd-ltn.ide
docd-lty.ide docd-luy.ide docd-lvp.ide docd-lvz.ide docd-lya.ide
docd-lys.ide docdr-bj.ide docdr-dz.ide dwnl-uti.ide dwnl-uwq.ide
emoge-do.ide emoge-dq.ide emote-js.ide emote-jw.ide emote-jx.ide
emote-kk.ide emote-kl.ide emote-kp.ide fare-dvh.ide fare-dvk.ide
fare-dvn.ide fare-dvr.ide fare-dvx.ide fare-dvy.ide fare-dwd.ide
fare-dwi.ide fare-dwk.ide fare-dwo.ide fare-dws.ide fare-dxa.ide
fare-dxc.ide fare-dxl.ide fare-dxm.ide fare-dxn.ide fare-dxw.ide
fare-dyi.ide fare-dyk.ide fare-dze.ide fare-dzu.ide fare-eae.ide
gozi-mp.ide gozi-mw.ide hawke-qf.ide hawke-qn.ide htmld-cq.ide
inje-cuz.ide inje-cwt.ide inje-cwu.ide inje-cxc.ide inje-cxe.ide
inje-cxj.ide injec-wm.ide injec-xg.ide injec-xv.ide injec-yy.ide
injec-zc.ide java-ask.ide keylo-su.ide krypt-ia.ide lamber-a.ide
lethi-ci.ide lock-acj.ide lock-acl.ide mdro-iag.ide mdro-iav.ide
miner-eb.ide miner-ec.ide msil-kpa.ide msil-kpo.ide msil-kps.ide
msil-kqc.ide msil-kqg.ide msil-kqh.ide msil-krc.ide msili-pe.ide
msilk-aj.ide msilk-ak.ide nanoc-uj.ide nanoc-uo.ide nanoc-up.ide
nanoc-uw.ide pdfphi-w.ide pdfphi-x.ide pdfu-dgm.ide pdfu-dgx.ide
pdfu-dib.ide pdfu-dix.ide pdfu-dkb.ide pdfu-dmk.ide pdfu-dmm.ide
pdfu-dow.ide pdfu-dqg.ide pdfu-dqi.ide pdfu-dql.ide pdfu-dqw.ide
pdfu-drp.ide pdfu-drz.ide pdfu-duc.ide phis-bgq.ide phis-bhb.ide
phis-bhf.ide phis-bih.ide phis-bil.ide phis-bkg.ide phis-bko.ide
phis-bls.ide phis-blt.ide phis-blw.ide phis-bmd.ide phis-bmr.ide
phis-bms.ide phis-bns.ide phis-boo.ide phis-bot.ide phis-box.ide
qakbo-co.ide qbot-dx.ide rans-ern.ide rans-erx.ide rans-esh.ide
rans-esn.ide rans-ess.ide rans-esv.ide rans-esx.ide rans-ete.ide
rans-etl.ide rans-ets.ide rans-ett.ide rans-etu.ide rans-etv.ide
rans-euc.ide rtfdl-ct.ide rtfdl-dn.ide rtfdl-eb.ide shellt-c.ide
shlcod-e.ide spider-j.ide spy-ant.ide spy-aoa.ide tesla-dk.ide
trick-bg.ide trick-bk.ide trikb-am.ide trikb-ap.ide trikb-ar.ide
vb-joz.ide vb-jpd.ide vbdro-cd.ide vbs-oz.ide wdfloa-c.ide
wont-act.ide yakes-dw.ide zbot-lvk.ide zeus-s.ide

Total 244



This thread was automatically locked due to age.
  • 0

    After going through the Protect Computer again and comply with all policies i get an error "Computer is not yet managed [0xfffffffd]

    I have had nothing but problems since installing this and PureMessage, it seems very flaky software

    This has all been working for the past 2 weeks and now has failed with Computer is not yet managed [0xfffffffd] 

Unfiltered HTML