This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Extended Anti-Virus support for Windows XP/2003

I'm under the understanding that these subscriptions are only for specific updates that Sophos may release for Windows XP and Server 2003. These machines will still receive virus definition updates as per normal without being applied to a group / update policy / subscription for Windows XP & Server 2003 extended support.

Is this true? We have remote sites which all have there own group, and update policy, and use the "Recommended" subscription. These remote sites use there own update managers as well.

Most of the remote sites have some XP and Server 2003 machines, if I was to create one group for the XP machines, then these machines won't be using there designated update manager.

I'm not sure how to proceed, creating a group for every site, we have over 60 might be a bit messy, and would add a lot more groups and update policies.

Any advice would be appreciated.

 



This thread was automatically locked due to age.
Parents
  • Hi Christian

     

    Captured what I think is going on....

     

  • Hello Peter,

    this shows how AutoUpdate(AU) determines that it should consider Patch. I'd run Process Monitor, perhaps filtering (dropping other events) for just this product GUID, delete the key, check what AU does.
    Did you always reboot after deleting the key? And then AU looked for it again? A startup script that sets this key so that Patch gets installed without running setup.exe ...maybe I've been in the sun too long???

    Christian

Reply
  • Hello Peter,

    this shows how AutoUpdate(AU) determines that it should consider Patch. I'd run Process Monitor, perhaps filtering (dropping other events) for just this product GUID, delete the key, check what AU does.
    Did you always reboot after deleting the key? And then AU looked for it again? A startup script that sets this key so that Patch gets installed without running setup.exe ...maybe I've been in the sun too long???

    Christian

Children
  • Morning Christian,

    I tried again this morning and removed both keys and rebooted and the Sophos Patch Agent hive has reappeared pretty much as soon as I logged in and the shield is showing an error and within the client the usual message saying that updating has failed for Sophos Patch Agent :(

    Really not sure at all what is causing this?

    Peter

  • Hello Peter,

    as said, there's AFAIK nothing in Sophos that should (re-)add these keys. Should be fairly easy to check whether they reappear after some time or only after a reboot.

    Christian

  • Hi Christian,

    Running a process monitor now and haven't rebooted after deleting those entries. So will keep and eye on it and see if anything comes up.

    I guess if it only happens on reboot be more difficult to track down?

    Peter

     

  • Hello Peter,

    more difficult to track down
    not necessarily. Process Monitor has an option to run it at bootup - if this is necessary at all. Using gpedit.msc you should be able to find a potential startup script, Autoruns will show whatever is run at startup/login.

    Christian

  • Hi,

    Looks like we have found the issue-there was a Group Policy which installed the firewall - but also installed the Sophos Patch. We have changed than and its all good :)

    Thank you for your valuable help.

    Out of interest in the CIDs for this build the SCF folder still exists-do we assume it is still supporting the Sophos Firewall even though the article suggests it isn't supported?

    Thanks Christian.

    Peter

  • Hello Peter,

    there was a Group Policy which installed
    thought as much.

    the SCF folder still exists-do we assume it is still supporting the Sophos Firewall
    SCF is "stable" - as far as I can see there haven't been changes for almost three years. But supported only in the sense that it's still here.
    There is naturally no new patch data for XP - at least for the OS, I still see some other data (Office, Firefox, ...) processed by the XP machines. While the last update to the Patch Agent (1.0.311.1) didn't cause problems and update to it are infrequent Sophos might just play it safe.

    Christian