PLEASE READ Advisory: Kernel memory issue affecting multiple OS (aka F**CKWIT, KAISER, KPTI, Meltdown & Spectre) for the latest updates.
We'd love to hear about it! Click here to go to the product suggestion community
We have noticed an issue on two clients so far with the Sophos updater seemingly blocking internet traffic while it's running, without warning or apparent explanation to the client. We have to kill the updater process (ALUpdate.exe) to restore internet functionality. However, it's not all network traffic that's blocked - Outlook still works (connecting to Google Apps), but a normal webpage will not load.
For the two cases I've seen so far, one is Windows 7 Ent x64, and one is Windows 7 Ent x86. Both appear completely up-to-date without errors in the Enterprise Console.
Uninstalling and reinsalling will not fix this issue. However, if I uninstall and go through and delete every Sophos folder in Program Files, ProgramData, etc, then it will work again on install, but only for a few days and then the problem will happen again.
One is running the newest version of the client (10.0.9 VDL4.82G) and the other is running a fairly new version, and just hasn't talked to our update server in a few days (10.0.8 VDL4.81G)
Looking at the log on the server, I see an unknown error: 0000006a - Installation Caught Error. Searching this on Sophos' website yields nothing.
Any help is appreciated!
We might have to do some more troubleshooting...
On the PC Side:
Is this limited to IE, or does the same apply with Safari or Firefox?
Can you ping the websites?
What other programs are running on the machine that could influence this (Windows Essentials, ISA firewall, etc)
I would recommend checking the permissions on the sophos update cache folder on the machine (C:\ProgramData\Sophos\AutpUpdate\Cache)When it updates it puts the files in the there and then will install, but if there are permission issues on the folder it will lock it and may influence the service/process. (The permissions would explain why it works on install and fails thereafter)
On the Sophos Side:
What are the update settings configured to (is allow location roaming enabled, are you updating from Sophos Databank, or the server. How often is it updating, is it gong through a proxy - is there caching on the proxy, or do you see any connections out to Sophos on the fw, and are the advanced settings configured (Limit amount of bandwidth used)?
[perhaps increase or decrease the update duration, take off location roaming and advanced settings if configured, confirm connection issues to server if it is updating from the server]
We can have a look at the alc.log file and see if there are any errors with it failing to update.
Start with one change and see if it works, but i would highly recommend starting off with the permissions.
Check out these permission knowledgebase links:
Else, give Sophos a call,
They always willing to help :)
Sorry, my bad, i posted one link for linux and not for windows.
This is the correct link: