This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SUM Still Wont Update!! Shh/Updater-B False positives

After my whole network getting False Positives, and reading pages of post

My SUM still wont update after doing the following

Option 1

  1. Add the following exclusions to the' Anti-Virus and HIPS' policy

    C:\Documents and Settings\All Users\Application Data\Sophos\
    C:\Program Files\Sophos\
    C:\Program Files (x86)\Sophos\
    C:\programdata\sophos\

  2. Select Groups in SEC and select 'Update Now'
  3. Once all groups have been updated remove the exclusions

Option 2

  1. Centrally disable On-Access scanning via policy in SEC
  2. Select Groups in SEC and select 'Update Now'
  3. Once a group has updated re-enable On-Access scanning via policy in SEC

its getting very annoying, all my users are getting a very annoying windows installer window popping up every half hour or so, which causes grief to our dedicated application users, all the log files are full with MsiInstaller Warnings & Errors about

Product: Sophos AutoUpdate -- Internal Error 2324. 6, C:\Program Files\Sophos\AutoUpdate\ps.crl

HELP!!!!

:31093


This thread was automatically locked due to age.
  • Hello,

    I HAVE EXACTLY THE SAME BIG PROBLEM!!!!

    Any Helps from SUPPORT?

    thanks!

    :31149
  • I followed the exact same steps, and have the same internal 2324 error, the computers showing this error also keep trying to update and fail.

    If I try to reprotect them i get the error code 0000000a Uninstall of Sophos AutoUpdate failed.

    Also the following message shows up in the eventlog:  Detection of product ''{15C418EB-7675-42BE-B2B3-281952DA014D}', feature 'Main' failed during request for component '{ADECE077-A75A-4668-819F-AEBB42F82CDC}

    :31155
  • Hi itdave,

    After apply exclusion from SEC have you tried clear the quarantine list and restart sophos service?

    :31233
  • Hi,

     Stop the on access scanning on all PCs and copy the following files from a known good PC with Sophos then paste them into the same directories on the affected PCs (I'm having to do this will many of my customer this morning). :(

    C:\Program Files\Sophos\AutoUpdate\

    inetconn.dll

    swlocale.dll

    If it still doesn't work, check the local event logs and see if any other DLLs are missing from the client!

    Hope this helps.

    :31243
  • Actually, there are many more random files missing from the Autoupdate folder, I'm having to do it PC by PC comparing the folder to see what's been purged by Sophos.

    :31267
  • Hi itdave,

    Have you tried to clear quarantine list before or after apply exclusion for Sophos directory once confirmed policy comply and restart Sophos service and verified Sophos folder/file didn't detect as virus/spyware ater exclusion?.

    Correct me if i'm wrong I just assume if exlude folder/file without clear the list will not worked since Sophos already detect as spyware/virus before exclusion policy applied.

    :31297
  • I was able to fix this condition by removing the ps.crl and starting ALMon.exe.

    Under C:\Program Files\Sophos\AutoUpdate

    I renamed ps.crl (instead of deleting it).

    Started ALMon.exe

    The installer started and successfully reinstalled the needed files, including a new copy of ps.crl

    The Sophos shield was now in the system tray.

    A right click and "Update Now" installed the updated files.

    System is back up and running normally now.

    Hope it works for you!

    /R

    :31579
  • Deleting the ps.crl file worked for me on the firts server I tried but not the second one. Would be good to find an automated fix for this update problem.

    :32643
  • Have you tried this tool, it should help on a SUM that has been affected by this issue.http://www.sophos.com/en-us/support/knowledgebase/118329.aspx 

    Hth, failing that try the support numbers as they may have less callers as its Sunday US time.

    :32645
  • This seems to be workign to resolve my SUM issues. one question: How long should I expect to see "downloading binaries", as listed in that article. I am at 10 hours since the install.

    "You may see a “Downloading binaries” message in the 'Download status' column on the Sophos Enterprise Console, this should clear itself in time."

    :32695