This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Enterprise Console (5.2.1.197) not reporting in Windows 2008R2 (SBS2011) standard console "There are no antispyware products found" error for a few users on the network

I'm just wondering why there are a few users on the network that the Windows standard console is reporting as "there are no antispywareproducts found"

Sophos Enterprise Console isn't reporting any errors but the Windows console is reporting the above errors.. what gives?

I have all the latest patches and updates on the Windows server.

This error is only on 2 users (we have over 30 users that are not showing any errors, and "Sophos Anti-Virus" is coming up under "Instaled Softrware"

Thoughts?



This thread was automatically locked due to age.
Parents
  • Hello jp savoie,

    AFAIK it's the endpoints reporting to the Windows console, SEC is not involved here. Does the endpoint's Action Center also indicate missing protection?
    Occasionally and for whatever reason the status is not (correctly) communicated to the Action Center, if SEC says that all is well and the endpoint is communicating with SEC (a recent timestamp in the Last message time column, Endpoints view, tab Computer Details then there's (from an administration's POV - not necessarily management's or auditor's) no need to worry.

    Christian 

Reply
  • Hello jp savoie,

    AFAIK it's the endpoints reporting to the Windows console, SEC is not involved here. Does the endpoint's Action Center also indicate missing protection?
    Occasionally and for whatever reason the status is not (correctly) communicated to the Action Center, if SEC says that all is well and the endpoint is communicating with SEC (a recent timestamp in the Last message time column, Endpoints view, tab Computer Details then there's (from an administration's POV - not necessarily management's or auditor's) no need to worry.

    Christian 

Children
  • SEC is not indicating any missing protection.

    The affected computers are also communicating with SEC (recent time stamp in "last message received from computer")

    Management is in fact the reason for my inquiry... I would like to be able to fix it one way or another (even if this isn't something I should be worrying about).

    thanks.

  • Hello jp savoie,

    quite reasonable (especially in this environment) that you want consistent results. If I understand correctly it's two computers showing an incorrect status. Guess the local Action Center also indicates missing protection. AC has two categories - Virus protection and Spyware and unwanted software protection. Both missing? And "always" been reported as missing?
    From the Sophos side the Sophos Anti-Virus status reporter service (SAVAdminService.exe) is responsible for the communication - is Sophos even listed in the local Action Center? Does the AC notice when you stop the status reporter service? If the answers are 'no' then this is one of the rare cases where I'd suggest to try to fix it with a reinstall of Sophos, there could be an inconsistency in all this COM and registration stuff. BTW: Is Windows Defender installed and does AC list it?

    Christian

  • it was just the spyware that was showing as missing.

    it's inconsistent, and was never missing before.  Sophos Antivirus is listed for all the normal users (with no critical errors).

    Windows Defender is listed in the Summary for all the users.

     

    Anyways...this morning, the errors were actually gone (without doing anything on my end)

    in fact this afternoon (just now), I have a new critical error (on a different user, under Virus protection summary this time) that says "The client computer WMI datastore might be corrupted. Information for virus protection for the file system cannot be collected from the Security  Center".

    I'm just going to assume that it's just a buggy Microsoft console and nothing on the Sophos side.

    I appreciate your help!

     

     

     

     

     

  • Hello jp savoie,

    a buggy Microsoft console
    perhaps rather an issue or a glitch on the clients. Sometimes WMI gives inconsistent results not only for third-party components but also Microsoft's and even on-board Windows'.

    Christian