Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 4650 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

a0490003 - Attempt to access the on-access driver by unprivileged user (NT AUTHORITY\LOCAL SERVICE) was denied

Nok

We have about 100 of Computers (around 1/3 computer in my company) got this error in SEC since 5-May-2016.

The on-access is inactive now with all of this computers.... differs from policy / update to date =unknown

I have try update the SEC from 5.2.2  to version 5.4, however it's nothing changed.

On the client computer, I find that the Sophos Anti-Virus & Sophos Device Control Service service is stopped. If I try start it by manual, I cannot start it successfully too.

If I try to uninstall / reinstall the SAV in the client computer, there is a windows MSI error, the sophos autoupdate cannot be uninstall.

How can I fix this big issue ? Thanks!



This thread was automatically locked due to age.
  • 0

    I found a method to solve it.

    1) I get some hints from this post : c:\Program Files (x86)\Sophos\Sophos Anti-Virus are not complete. Then i copy the same files on working machine to affected machine and it's fixed.

    I follow this method, the service on the client pc is normal now, the SEC show normal status too.

    community.sophos.com/.../74105

    2) for the uninstall/reinstall issue, it related to this KB. There is a bug of MS KB3139923. after uninstall this patch on the clients pc, I can reinstall / uninstall the Sophos Autoupdate agian.

    www.sophos.com/.../62212.aspx

  • 0

    Hello Nok,

    uninstall / reinstall might be a solution (provided it works) but if more than a few endpoints are affected it's a last resort.

    Your issue looks similar to Error a0490001..., the article doesn't name a cause though (only a vague Various) and the suggested solutions are "manual". Obviously there's very likely a common cause. If it happened during an update this should be identifiable in the Installation logs. I'd also check the Windows Event log.

    As to the uninstall error - is it "just" AutoUpdate which refuses to be uninstalled, the other components did uninstall? What is the specific error?

    Christian

Unfiltered HTML