Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 0 subscribers
  • Views 40456 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Client machine not showing status on SEC

toddh

Hey,

Server: MS Server 2003 32-bit

SEC: v5.0.0.8

Client: v10.0.3

Client OS: Windows 7 Pro 64-bit

I have a client machine that for some reason is not showing a status for the following categories:

Up to date

On-access

Application Control on-access

Data control scanning

Device control scanning

Tamper protection

It is showing status for the following categories:

Firewall

Patch assessment

I can't seem to pinpoint what is causing the issue.

I have had problems with the same client in the past but have somehow been successful in getting the status to show up again. This time around I am unable to get the status to come. I have tried reinstalling the client software with no luck.

I have followed the advice given in this post: No Status for On-access

I know there is communication between the client and the SEC because when I stop the "Sophos Message Router" service on the client machine the status of the client's machine shows offline on the SEC.

Is there anything further that I can do to try and figure out why the status keeps dropping out on this client machine?

Cheers

:24407


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    It does sound like the problem lies with the SAVAdpater (The link between SAV and the RMS, specifically the Sophos Agent service).  The SAVAdapter is resposible for gathering all the info you are missing.

    You could just check that "NT AUTHORITY\System" is a member of the local "SophosAdministrator " group on the client.  As the Adapter needs to call into SAV to get the info.  If not added, add and then restart the Sophos Agent service to trigger a status message to SEC.

    If not., you can increase the logging of the Management Agent (LogLevel 2 ) as per: http://www.sophos.com/support/knowledgebase/article/30496.html

    Then restart the agent you should see the following lines::

    T Entering void AdapterManager::LoadAdapter( std::string& SAV, std::string& C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdapter.dll)

    D SAVXP Adapter: SavAdapter created

    D SAVXP Adapter: ... Loading configuration

    T SAVXP Adapter: Policy::ReapplyStoredPolicy(): from APPCAdapterConfig

    etc..

    Basically, all the lines that start "SAVXP Adapter: ",  maybe you can make this log avaialble on a file sharing site such.

    Regards,

    Jak

    :24419
Reply
  • 0

    Hi,

    It does sound like the problem lies with the SAVAdpater (The link between SAV and the RMS, specifically the Sophos Agent service).  The SAVAdapter is resposible for gathering all the info you are missing.

    You could just check that "NT AUTHORITY\System" is a member of the local "SophosAdministrator " group on the client.  As the Adapter needs to call into SAV to get the info.  If not added, add and then restart the Sophos Agent service to trigger a status message to SEC.

    If not., you can increase the logging of the Management Agent (LogLevel 2 ) as per: http://www.sophos.com/support/knowledgebase/article/30496.html

    Then restart the agent you should see the following lines::

    T Entering void AdapterManager::LoadAdapter( std::string& SAV, std::string& C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdapter.dll)

    D SAVXP Adapter: SavAdapter created

    D SAVXP Adapter: ... Loading configuration

    T SAVXP Adapter: Policy::ReapplyStoredPolicy(): from APPCAdapterConfig

    etc..

    Basically, all the lines that start "SAVXP Adapter: ",  maybe you can make this log avaialble on a file sharing site such.

    Regards,

    Jak

    :24419
Children
No Data
Unfiltered HTML