Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 3 subscribers
  • Views 11770 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to update Sophos Endpoint Protection

Sharlie

After setting my DNS to Google(8.8.8.8) I could finally install the endpoint protection through Sophos UTM.

Updating Endpoint Protection does not work.

Log in C:\ProgramData\Sophos\AutoUpdate\Logs\SophosUpdate.log shows:

2018-01-26T10:44:12.804Z [ 3668] WARN  WindowsProxyDiscoveryWrapper::GetProxyForUrl Failed to get the automatic proxy configuration. The error code was 12180.
2018-01-26T10:44:14.979Z [ 3668] ERROR SDDSDownloader::ReportSyncFailure Failed to read remote metadata.
2018-01-26T10:44:14.983Z [ 3668] INFO  UpdateLogic::SyncAndInstall Saving state.
2018-01-26T10:44:14.983Z [ 3668] INFO  StatePersister::Save Overwriting state file C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
2018-01-26T10:44:14.984Z [ 3668] INFO  UpdateLogic::SyncAndInstall Skipping product install as Sync failed.
2018-01-26T10:44:16.043Z [ 3668] INFO  IPCSender::Write IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>SDDSDownloadFailed</ID><StringID>107</StringID><Sender>SophosUpdate</Sender><Insert>cd2a5386-f08c-42b1-8d98-40240059e361</Insert><Insert>dci.sophosupd.com/.../ErrorMessage><ReadableMessage>ERROR:   Download of cd2a5386-f08c-42b1-8d98-40240059e361 failed from server dci.sophosupd.com/.../Config>
2018-01-26T10:44:16.043Z [ 3668] INFO  WinMain SophosUpdate has completed with the result 0.
2018-01-26T10:44:16.043Z [ 2516] INFO  IPCSender::ProcessSend IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>SDDSDownloadFailed</ID><StringID>107</StringID><Sender>SophosUpdate</Sender><Insert>cd2a5386-f08c-42b1-8d98-40240059e361</Insert><Insert>dci.sophosupd.com/.../ErrorMessage><ReadableMessage>ERROR:   Download of cd2a5386-f08c-42b1-8d98-40240059e361 failed from server http://dci.sophosupd.com/cloudupdate</ReadableMessage></Config>

 

To add, IDS is showing C&C botnet communication by C2/Zbot-A.

Guess I'll try the Sophos Virus Removal Tool? Windows Defender found nothing.



This thread was automatically locked due to age.
  • 0

    Hello Sharlie,

    this part of the log doesn't show the actual error when the download was attempted. Could you show the SophosUpdate.log at least from the start of the update cycle up to the failed download attempt?

    Christian

  • 0 in reply to QC

    Thank you for responding, please see below:

     

    2018-01-26T10:44:42.027Z [ 5536] INFO  StatePersister::Save Overwriting state file C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
    2018-01-26T11:29:27.117Z [ 1872] INFO  WinMain =========================
    2018-01-26T11:29:27.118Z [ 1872] INFO  WinMain SophosUpdate is starting.
    2018-01-26T11:29:27.118Z [ 1872] INFO  WinMain AutoUpdate version      : 5.1.1.1
    2018-01-26T11:29:27.118Z [ 1872] INFO  WinMain SophosUpdate version    : 5.1.1.1
    2018-01-26T11:29:27.118Z [ 1872] INFO  WinMain Build                   : 100004
    2018-01-26T11:29:27.118Z [ 1872] INFO  WinMain =========================
    2018-01-26T11:29:27.118Z [ 1872] INFO  Environment::Print Platform ID: WIN_10_X64
    2018-01-26T11:29:27.118Z [ 1872] INFO  Environment::Print Platform upgraded:0
    2018-01-26T11:29:27.118Z [ 1872] INFO  Environment::Print Subscription: cd2a5386-f08c-42b1-8d98-40240059e361 RECOMMENDED 1
    2018-01-26T11:29:27.118Z [ 1872] INFO  Environment::Print Features:
    2018-01-26T11:29:27.118Z [ 1872] INFO  WinMain Set process security
    2018-01-26T11:29:27.118Z [ 1872] INFO  WinMain Initialise COM.
    2018-01-26T11:29:27.118Z [ 1872] INFO  WinMain Load config.
    2018-01-26T11:29:27.118Z [ 1872] INFO  `anonymous-namespace'::ReadFileContents Slurping file of size 930 bytes.
    2018-01-26T11:29:27.119Z [ 1872] INFO  WinMain Create registry reporter.
    2018-01-26T11:29:27.119Z [ 1872] INFO  WinMain Create platform reporter.
    2018-01-26T11:29:27.119Z [ 1872] INFO  WinMain Load state.
    2018-01-26T11:29:27.119Z [ 1872] INFO  StatePersister::Load Loading state file C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
    2018-01-26T11:29:27.119Z [ 1872] INFO  WinMain Create progress reporter.
    2018-01-26T11:29:27.122Z [ 1872] INFO  WinMain Create language neutral logger.
    2018-01-26T11:29:27.122Z [ 1872] INFO  WinMain Create downloader.
    2018-01-26T11:29:27.123Z [ 1872] INFO  WinMain Create installer.
    2018-01-26T11:29:27.123Z [ 1872] INFO  WinMain Create adapter writer.
    2018-01-26T11:29:27.123Z [ 1872] INFO  IPCBase::IPCBase IPCBase::IPCBase: Connected to shared memory A32951C539924a12B3C8F2FDA5A268E4
    2018-01-26T11:29:27.123Z [ 1872] INFO  WinMain Create completion reporter.
    2018-01-26T11:29:27.123Z [ 1872] INFO  WinMain Create update logic.
    2018-01-26T11:29:27.123Z [ 9984] INFO  `anonymous-namespace'::SenderThreadFn::operator() Sender thread started.
    2018-01-26T11:29:27.123Z [ 1872] INFO  WinMain Performing update.
    2018-01-26T11:29:27.123Z [ 9984] INFO  IPCSender::ProcessSend IPCSender::ProcessSend started
    2018-01-26T11:29:27.123Z [ 1872] INFO  UpdateLogic::Update Reporting update start.
    2018-01-26T11:29:27.123Z [ 9984] INFO  IPCSender::ProcessSend IPCSender::ProcessSend: No messages in queue, starting to wait
    2018-01-26T11:29:27.126Z [ 1872] INFO  IPCSender::Write IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
    2018-01-26T11:29:27.126Z [ 9984] INFO  IPCSender::ProcessSend IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
    2018-01-26T11:29:27.126Z [ 9984] INFO  IPCSender::ProcessSend IPCSender::ProcessSend: No messages in queue, starting to wait
    2018-01-26T11:29:27.132Z [ 1872] INFO  UpdateLogic::SyncAndInstall Syncing products.
    2018-01-26T11:29:27.132Z [ 1872] INFO  SDDSDownloader::SyncInternal Adding Sophos Location: http://dci.sophosupd.com/cloudupdate
    2018-01-26T11:29:27.132Z [ 1872] INFO  SDDSDownloader::SyncInternal Adding Sophos Location: http://dci.sophosupd.net/cloudupdate
    2018-01-26T11:29:27.132Z [ 1872] INFO  SDDSDownloader::SyncInternal Username: V263JAZRP6
    2018-01-26T11:29:27.132Z [ 1872] INFO  SDDSDownloader::SyncInternal No manually configured proxy.
    2018-01-26T11:29:27.132Z [ 1872] INFO  WindowsProxyDiscoveryWrapper::GetDefaultProxyConfiguration WinHttp default proxy not set
    2018-01-26T11:29:27.134Z [ 1872] WARN  WindowsProxyDiscoveryWrapper::GetProxyForUrl Failed to get the automatic proxy configuration. The error code was 12180.
    2018-01-26T11:29:29.236Z [ 1872] ERROR SDDSDownloader::ReportSyncFailure Failed to read remote metadata.
    2018-01-26T11:29:29.239Z [ 1872] INFO  UpdateLogic::SyncAndInstall Saving state.
    2018-01-26T11:29:29.239Z [ 1872] INFO  StatePersister::Save Overwriting state file C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
    2018-01-26T11:29:29.242Z [ 1872] INFO  UpdateLogic::SyncAndInstall Skipping product install as Sync failed.
    2018-01-26T11:29:30.279Z [ 1872] INFO  IPCSender::Write IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>SDDSDownloadFailed</ID><StringID>107</StringID><Sender>SophosUpdate</Sender><Insert>cd2a5386-f08c-42b1-8d98-40240059e361</Insert><Insert>http://dci.sophosupd.com/cloudupdate</Insert></ErrorMessage><ReadableMessage>ERROR:   Download of cd2a5386-f08c-42b1-8d98-40240059e361 failed from server http://dci.sophosupd.com/cloudupdate</ReadableMessage></Config>
    2018-01-26T11:29:30.279Z [ 1872] INFO  WinMain SophosUpdate has completed with the result 0.
    2018-01-26T11:29:30.279Z [ 9984] INFO  IPCSender::ProcessSend IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>SDDSDownloadFailed</ID><StringID>107</StringID><Sender>SophosUpdate</Sender><Insert>cd2a5386-f08c-42b1-8d98-40240059e361</Insert><Insert>http://dci.sophosupd.com/cloudupdate</Insert></ErrorMessage><ReadableMessage>ERROR:   Download of cd2a5386-f08c-42b1-8d98-40240059e361 failed from server http://dci.sophosupd.com/cloudupdate</ReadableMessage></Config>
    2018-01-26T11:29:30.279Z [ 9984] INFO  IPCSender::ProcessSend IPCSender::ProcessSend: No messages in queue, starting to wait
    2018-01-26T11:29:31.279Z [ 9984] INFO  IPCSender::ProcessSend IPCSender::ProcessSend exiting
    2018-01-26T11:29:31.279Z [ 9984] INFO  `anonymous-namespace'::SenderThreadFn::operator() Sender thread finished.
    2018-01-26T11:29:31.279Z [ 1872] INFO  StatePersister::Save Overwriting state file C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml

  • 0 in reply to Sharlie

    Hello Sharlie,

    is Endpoint Protection completely installed or just AutoUpdate and MCS (assuming this is the UTM managed version)?
    It looks like the license can't be found for the Username. If you've used the the package you didn't enter a username, did you? It might be an error on the backend (the dci servers), customercare@sophos.com should be able to check this. 

    Christian

  • 0 in reply to QC

    I've downloaded the SophosMcsEndpoint_V3QP71F52ESQ18a9a.exe file through the UTM.
    I'll try emailing customercare@sophos.com, thank you.

  • 0 in reply to Sharlie

    As I have a Home license I'm not eligible for support through email.
    Anyone else have ideas?

    Edit: Same behavior occurs on a freshly installed Windows 10 VM and on a different internet connection.

    Endpoint Installer ends with something like "Installation will resume when internet connection is up." Updating fails as it cannot connect.

     

Unfiltered HTML