Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 5113 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Update Manager in SEC failed from 8 to 11PM and over 600 endpoints are stuck with alupdate.exe trying to download updates

Performant Financial Corporation

Last night there was about about a 3 hour window where the new 10.6.3 recommended update could not be download.  During this time, over 50% of our endpoints were also failing to update.  Now there are over 600 endpoints that are stuck updating.  The Sophos update logs on the endpoints show "Downloading product xxxx from server" as the last entry over 12 hours ago.  alupdate.exe is still running in the task manager and if I right click Sophos and choose "Update Now" nothing happens.  It's as if an update last night has locked up and now alupdate.exe thinks it's still updating indefinitely.  

SEC shows over 600 endpoints out-of-date now.  To make things worse, reboots are failing because Windows itself can't end the process and so the only way to resolve this is to force power off the machine and boot up again.

Is there a trick to tell alupdate.exe to stop processing the update.  This seems like a bug.  Never happened before until the new update was downloaded last night.  Once rebooted, endpoints are fine.



This thread was automatically locked due to age.
  • 0

    HI,

    Are you saying that in this state you are unable to kill alupdate.exe via Task Manager?

    What about Process Explorer / pskill?

    Regards,

    Jak

  • 0 in reply to jak

    Unfortunately Yes.  alupdate.exe cannot be killed via the Task Manager, taskkill in cmd prompt, Process Explorer, or pskill.  I tried all options I could think of and nothing could kill it.  The machines that had this process stuck like this eventually rebooted overnight but some still required a hard shutdown.  This is the first time I've seen Sophos have a problem like this.  So far, it has not happened again.

Unfiltered HTML