This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to update Sophos Endpoint Protection

After setting my DNS to Google(8.8.8.8) I could finally install the endpoint protection through Sophos UTM.

Updating Endpoint Protection does not work.

Log in C:\ProgramData\Sophos\AutoUpdate\Logs\SophosUpdate.log shows:

2018-01-26T10:44:12.804Z [ 3668] WARN  WindowsProxyDiscoveryWrapper::GetProxyForUrl Failed to get the automatic proxy configuration. The error code was 12180.
2018-01-26T10:44:14.979Z [ 3668] ERROR SDDSDownloader::ReportSyncFailure Failed to read remote metadata.
2018-01-26T10:44:14.983Z [ 3668] INFO  UpdateLogic::SyncAndInstall Saving state.
2018-01-26T10:44:14.983Z [ 3668] INFO  StatePersister::Save Overwriting state file C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
2018-01-26T10:44:14.984Z [ 3668] INFO  UpdateLogic::SyncAndInstall Skipping product install as Sync failed.
2018-01-26T10:44:16.043Z [ 3668] INFO  IPCSender::Write IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>SDDSDownloadFailed</ID><StringID>107</StringID><Sender>SophosUpdate</Sender><Insert>cd2a5386-f08c-42b1-8d98-40240059e361</Insert><Insert>dci.sophosupd.com/.../ErrorMessage><ReadableMessage>ERROR:   Download of cd2a5386-f08c-42b1-8d98-40240059e361 failed from server dci.sophosupd.com/.../Config>
2018-01-26T10:44:16.043Z [ 3668] INFO  WinMain SophosUpdate has completed with the result 0.
2018-01-26T10:44:16.043Z [ 2516] INFO  IPCSender::ProcessSend IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>SDDSDownloadFailed</ID><StringID>107</StringID><Sender>SophosUpdate</Sender><Insert>cd2a5386-f08c-42b1-8d98-40240059e361</Insert><Insert>dci.sophosupd.com/.../ErrorMessage><ReadableMessage>ERROR:   Download of cd2a5386-f08c-42b1-8d98-40240059e361 failed from server http://dci.sophosupd.com/cloudupdate</ReadableMessage></Config>

 

To add, IDS is showing C&C botnet communication by C2/Zbot-A.

Guess I'll try the Sophos Virus Removal Tool? Windows Defender found nothing.



This thread was automatically locked due to age.