This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Extended Anti-Virus support for Windows XP/2003

I'm under the understanding that these subscriptions are only for specific updates that Sophos may release for Windows XP and Server 2003. These machines will still receive virus definition updates as per normal without being applied to a group / update policy / subscription for Windows XP & Server 2003 extended support.

Is this true? We have remote sites which all have there own group, and update policy, and use the "Recommended" subscription. These remote sites use there own update managers as well.

Most of the remote sites have some XP and Server 2003 machines, if I was to create one group for the XP machines, then these machines won't be using there designated update manager.

I'm not sure how to proceed, creating a group for every site, we have over 60 might be a bit messy, and would add a lot more groups and update policies.

Any advice would be appreciated.

 



This thread was automatically locked due to age.
Parents
  • Hello Thomas Newman,

    depends on how long you intend to run XP/2003 but first a question: You've posted here in the UTM section but do you use the UTM managed version or the on-premise SESC as you mention designated update managers?

    Christian

  • We use on-premise SESC, as we have update managers for each site. What I'm worried about is the XP and Server 2003 machines not getting there updates. If there not in a group that has the extended support subscription, will they still get the Sophos updates?

  • Hello Thomas Newman,

    I'm not Sophos so I can't say how it will behave until it's definitely retired. The Extended Support article isn't absolutely clear, it says that the extended subscription is based on 10.6.3, the not so few remaining XP/2003 I have did upgrade to 10.7.6 though. So guess they will continue receive IDE updates for at least some months (but as the article says they will not be supported meaning Support will not accept support requests/queries for them). And 10.7.6 will perhaps be available as a fixed package until the end of this year.

    As I don't have an Extended Support subscription I can't say if the package is indeed based on 10.6.3. Anyway at present end-of-support is scheduled for end of March 2019. Thus the question is how long will these legacy machines still be around? And how mission-critical are they?
    As you have to re-protect your endpoints with the special package you must either create the required CIDs (is done automatically when you add a subscription to a SUM) and groups or use it for all your endpoints (and thus forgo the newer features for "the rest"). Again: I have no experience with the package so I can't say if 10.7.x would automatically downgrade to it - components added after 10.6.3 would remain on the machines in an unmanaged state and you'll likely get updating errors as well.

    Christian   

  • We have purchased extended support as we have a large number of "legacy" machines ( I know, I know :) ) and i came across this article 

     

    https://community.sophos.com/kb/en-us/125237

     

    It isn't totally clear how you get 10.6.3 to be installed? I have just built a blank test XP machine and the version installed is 10.7. I can't seem to find a clear way of putting 10.6.3 on it. The machine is a in a dedicated XP OU and the subscription is pointing to Windows XP and 2003 Support.

  • Hello Peter,

    as the image on the article shows

    the Extended Support package appears as additional "platform". As I don't have it I can't say which version(s) should be available in the Version drop-down. You might be fooled by the wording of the article though - it says (emphasis mine) a new package (based on the 10.6.3 release), it doesn't say it is 10.6.3.
    IIRC there hasn't been a SESC 10.7.1 (10.7.1 briefly existed as Central Preview) so this seems to be correct.

    Christian

  • Hi Christian,

    Thanks and well spotted. Its a bit of a odd choice of wording.

    It says that XP no longer has the option of the Firewall anymore-however our existing XP machines still are showing as protected with it Are they really or not?

    Confused!

  • Hello Peter,

    if SEC gives you the firewall option when you try to use Protect then it's still there. Again quoting from the article with emphasis by me: Extended Anti-Virus support for Windows XP/2003 does not include .... The strict formal interpretation would be that for Extended Support (Support in the sense that you will get help - not that it won't work in principle - with issues on the endpoint) only if these components have been removed. In practice it means that it's not guaranteed that these two will work and naturally you won't get any help with them. ... these two components [...] will remain [...] but fail to update. If this occurs .... Can't say whether the If is a synonym for When or deliberate, given that XP machines still update with 10.7.6, that SCF hasn't received any updates since 10.6.4 and Patch only a minor one I assume that it means that although it isn't planned they could be withdrawn at any time and when this happens you'll encounter the errors.
    My interpretation, just my interpretation. In short and other words: The core components (SAV proper, AutoUpdate, and RMS) will be updated as necessary, they won't touch the rest but reserve the right to withdraw SCF and Patch before the end of Extended Support.

    Christian

  • Hi Christian,

    Thanks. I have just checked and looks like you can install a Windows XP "Sophos" Firewall when I tried to protect the test endpoint. I am guessing that support for this will be withdrawn at anytime so its just a waiting game...

    Peter

  • Hello Peter,

    just saw that the Extended Support package is supposedly version 10.7.2.4. Did you see 10.7.1 in ViewBootstrap Locations ...?

    Christian

  • Hi,

    Good spot, just checked and we have this in our main SUM

     

  • An update on this.

    We moved a existing XP machine into the test OU and Sophos done and update and "downgraded" the version to the supported extended support version. Great.

    I removed the Patch as per the article

    https://community.sophos.com/kb/en-us/125237

    (I did however leave the firewall on).

    After a short while the update happened and it appears that it failed. Looking into alc.log it looks like it attempts to download the patch?

Reply Children
  • Hello Peter,

    so apparently Patch is no longer in the CID but SCF is.
    Patch should UnregisterWithAutoUpdate upon uninstall. It seems it hasn't done so. AutoUpdate considers it for downloading/installing if the following key is present: HKLM\Software\Sophos\AutoUpdate\Products\{C58B1255-C24E-43d6-B2EB-9FB302B42E99}. As said, AFAIK uninstalling should take care of it. Is HKLM\Software\Sophos\Sophos Patch Agent also still there (though I think it doesn't make a difference).

    Christian

  • Morning,

    Hi that key is still present for both you mentioned. Should I delete them both?

    The patch has definitely been removed from Add/Remove Programs. 

    Thanks

    Peter

  • Hello Peter,

    can't say why they are still there (unless I misunderstand the Unregister), it's safe to remove them  - and necessary to remove at least the Products subkey so that AutoUpdate no longer considers Patch.

    Christian

  • Hi Christian,

    I have done that, but the error still persists after a reboot and an update

    It has also recreated the keys I deleted :(

  • Hello Peter,

    this is strange - could you post the latest update cycle from the ALUpdate log? Not sure where AutoUpdate has its logs in XP, IIRC either Program Files\Sophos\AutoUpdate or All Users\Application Data\.....

    Christian

  • Hi,

    Glad its not just me finding it odd!

    See attached.

    Many thanks for your help so far

    Peter

    Trace(2018-Apr-20 12:12:13): =========================
    Trace(2018-Apr-20 12:12:13): ALUpdate is starting.
    Trace(2018-Apr-20 12:12:13): AutoUpdate version: 5.7
    Trace(2018-Apr-20 12:12:13): Build             : 204324
    Trace(2018-Apr-20 12:12:13): Command line      : -ScheduledUpdate  -NoGUI -RootPath "C:\Program Files\Sophos\AutoUpdate"
    Trace(2018-Apr-20 12:12:13): =========================
    Trace(2018-Apr-20 12:12:13): Process security set successfully
    Trace(2018-Apr-20 12:12:13): Product iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} has been added.
    Trace(2018-Apr-20 12:12:13): Product iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} is  available from Sophos.
    Trace(2018-Apr-20 12:12:13): Product iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} is not  the Spam Rules package.
    Trace(2018-Apr-20 12:12:13): Product iProductData.{D752FAB9-5883-4b36-8740-61565B6BAD29} has not been added.
    Trace(2018-Apr-20 12:12:13): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} has been added.
    Trace(2018-Apr-20 12:12:13): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} is  available from Sophos.
    Trace(2018-Apr-20 12:12:13): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} is not  the Spam Rules package.
    Trace(2018-Apr-20 12:12:13): Product subscription is disabled: iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} action value is:0
    Trace(2018-Apr-20 12:12:13): Product iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} has not been added.
    Trace(2018-Apr-20 12:12:13): Product iProductData.{3B758ED7-87C1-4e89-BDE1-F49DFF1249F6} has not been added.
    Trace(2018-Apr-20 12:12:13): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} has been added.
    Trace(2018-Apr-20 12:12:13): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is  available from Sophos.
    Trace(2018-Apr-20 12:12:13): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is  the Spam Rules package.
    Trace(2018-Apr-20 12:12:13): Computer is a not possible cluster
    Trace(2018-Apr-20 12:12:13): PureMessageDetector::AreSpamRulesRequired - Could not open registry on Software\Sophos\MMEx\Config\Global
    Trace(2018-Apr-20 12:12:13): ConfigurationImpl, considering PMSR 2.6: PureMessage not installed, PMSR package will not be updated without a subscription
    Trace(2018-Apr-20 12:12:13): Considering subscribed products.
    Trace(2018-Apr-20 12:12:13): Considering product {4DB41E90-DC56-41DC-B91E-9B8E537489A8}
    Trace(2018-Apr-20 12:12:13): Product {4DB41E90-DC56-41DC-B91E-9B8E537489A8} is not already subscribed.
    Trace(2018-Apr-20 12:12:13): Product {4DB41E90-DC56-41DC-B91E-9B8E537489A8} was added to the list.
    Trace(2018-Apr-20 12:12:13): Considering product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8}
    Trace(2018-Apr-20 12:12:13): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} is not already subscribed.
    Trace(2018-Apr-20 12:12:13): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} was added to the list.
    Trace(2018-Apr-20 12:12:13): Considering product {C58B1255-C24E-43d6-B2EB-9FB302B42E99}
    Trace(2018-Apr-20 12:12:13): Product {C58B1255-C24E-43d6-B2EB-9FB302B42E99} is not already subscribed.
    Trace(2018-Apr-20 12:12:13): Product {C58B1255-C24E-43d6-B2EB-9FB302B42E99} is Patch
    Trace(2018-Apr-20 12:12:13): Product {C58B1255-C24E-43d6-B2EB-9FB302B42E99} was added to the list.
    Trace(2018-Apr-20 12:12:13): Could not read registry entry containing Sophos address - using hardcoded value.
    Trace(2018-Apr-20 12:12:13): GenerateCustomerID: complete
    Trace(2018-Apr-20 12:12:13): Computer is a not possible cluster
    Trace(2018-Apr-20 12:12:13): PureMessageDetector::AreSpamRulesRequired - Could not open registry on Software\Sophos\MMEx\Config\Global
    Trace(2018-Apr-20 12:12:13): IPCBase::IPCBase: Connected to shared memory A32951C539924a12B3C8F2FDA5A268E4
    Trace(2018-Apr-20 12:12:13): IPCSender::ProcessSend started
    Trace(2018-Apr-20 12:12:13): IPCSender::ProcessSend: No messages in queue, starting to wait
    Trace(2018-Apr-20 12:12:13): RMSMessageHandler: ALUpdateStart
    Trace(2018-Apr-20 12:12:13): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
    Trace(2018-Apr-20 12:12:13): IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
    Trace(2018-Apr-20 12:12:13): IPCSender::ProcessSend: No messages in queue, starting to wait
    Trace(2018-Apr-20 12:12:13): ALUpdate(AutoUpdate.Started): 
    Trace(2018-Apr-20 12:12:13): UpdateCoordinator::UpdateNow: Entering
    Trace(2018-Apr-20 12:12:13): PopulateCache: Entering
    Trace(2018-Apr-20 12:12:13): UpdateCoordinator::UpdateNow: current platform is WIN_XP
    Trace(2018-Apr-20 12:12:13): ProductFactory::Create: SimpleProduct: {390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92}
    Trace(2018-Apr-20 12:12:13): ProductFactory::Create: SimpleProduct: {E17FE03B-0501-4aaa-BC69-0129D965F311}
    Trace(2018-Apr-20 12:12:13): ProductFactory::Create: SimpleProduct: {4DB41E90-DC56-41DC-B91E-9B8E537489A8}
    Trace(2018-Apr-20 12:12:13): ProductFactory::Create: SAU Product
    Trace(2018-Apr-20 12:12:13): CIDMapFile::Create C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\cache\spa.map
    Trace(2018-Apr-20 12:12:13): ProductFactory::Create: SimpleProduct: {C58B1255-C24E-43d6-B2EB-9FB302B42E99}
    Trace(2018-Apr-20 12:12:13): RelativeCidUpdateSourceLocator::AugmentUpdateSources: Entering
    Trace(2018-Apr-20 12:12:13): Processing CID update location: \\oursophosserver\SophosUpdate\CIDs\S016\SAVSCFXP\
    Trace(2018-Apr-20 12:12:13): Skipping SDDS2 update location: Sophos
    Trace(2018-Apr-20 12:12:13): RelativeCidUpdateSourceLocator::AugmentUpdateSources: Finished. Number of new locations added: 0
    Trace(2018-Apr-20 12:12:13): UpdateCoordinator::UpdateNow: About to Sync list of products
    Trace(2018-Apr-20 12:12:13): UpdateLocationFacade::SyncProduct: Last Update Mechanism = CID
    Trace(2018-Apr-20 12:12:13): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Started: 
    Trace(2018-Apr-20 12:12:13): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, creating update location
    Trace(2018-Apr-20 12:12:13): Calling package_source_init
    Trace(2018-Apr-20 12:12:13): TrySyncProduct, Calling BeginSync
    Trace(2018-Apr-20 12:12:13): Logging on network access user
    Trace(2018-Apr-20 12:12:13): Attempting to make a connection to remote machine \\oursophosserver\SophosUpdate\CIDs\S016\SAVSCFXP\
    Trace(2018-Apr-20 12:12:13): Connection to remote machine \\oursophosserver\SophosUpdate\CIDs\S016\SAVSCFXP\ successful
    Trace(2018-Apr-20 12:12:13): Custom certificate already present.
    Trace(2018-Apr-20 12:12:13): CalculateChecksum. Processing file C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\cache\escdp.dat
    Trace(2018-Apr-20 12:12:13): Remote connection over UNC.
    Trace(2018-Apr-20 12:12:13): Read file master.upd (Remote).
    Trace(2018-Apr-20 12:12:13): Synchronised file root.upd (Local).
    Trace(2018-Apr-20 12:12:13): Synchronised file escdp.dat (Local).
    Trace(2018-Apr-20 12:12:13): No file expired_credential.dat.
    Trace(2018-Apr-20 12:12:13): CalculateChecksum. Processing file C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\cache\ProductID.dat
    Trace(2018-Apr-20 12:12:13): Synchronised file ProductID.dat (Local).
    Trace(2018-Apr-20 12:12:13): ParseCustomerIDFile: completed: 0
    Trace(2018-Apr-20 12:12:13): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Calling SyncProduct with {390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92}
    Trace(2018-Apr-20 12:12:13): CIDUpdateLocation::SyncProduct - Updating Product: RMSNT
    Trace(2018-Apr-20 12:12:13): CIDUpdate(SyncProduct.Start): RMSNT, \\oursophosserver\SophosUpdate\CIDs\S016\SAVSCFXP\
    Trace(2018-Apr-20 12:12:13): Checksum found in master.upd matches cached cidsync.upd : 2da5d46f. Skipping download
    Trace(2018-Apr-20 12:12:13): CIDUpdate(PrimarySuccess): 
    Trace(2018-Apr-20 12:12:14): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, SyncProduct returned - 1
    Trace(2018-Apr-20 12:12:14): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Ended - 1
    Trace(2018-Apr-20 12:12:14): UpdateLocationFacade::SyncProduct: Last Update Mechanism = CID
    Trace(2018-Apr-20 12:12:14): CIDUpdateLocation::SyncProduct - Updating Product: SAVXP
    Trace(2018-Apr-20 12:12:14): CIDUpdate(SyncProduct.Start): SAVXP, \\oursophosserver\SophosUpdate\CIDs\S016\SAVSCFXP\
    Trace(2018-Apr-20 12:12:14): Checksum found in master.upd matches cached cidsync.upd : 96bcd9b4. Skipping download
    Trace(2018-Apr-20 12:12:14): CIDUpdate(PrimarySuccess): 
    Trace(2018-Apr-20 12:12:15): UpdateLocationFacade::SyncProduct: Last Update Mechanism = CID
    Trace(2018-Apr-20 12:12:15): CIDUpdateLocation::SyncProduct - Updating Product: Sophos Client Firewall
    Trace(2018-Apr-20 12:12:15): CIDUpdate(SyncProduct.Start): Sophos Client Firewall, \\oursophosserver\SophosUpdate\CIDs\S016\SAVSCFXP\
    Trace(2018-Apr-20 12:12:15): Checksum found in master.upd matches cached cidsync.upd : 233866c. Skipping download
    Trace(2018-Apr-20 12:12:15): CIDUpdate(PrimarySuccess): 
    Trace(2018-Apr-20 12:12:16): UpdateLocationFacade::SyncProduct: Last Update Mechanism = CID
    Trace(2018-Apr-20 12:12:16): CIDUpdateLocation::SyncProduct - Updating Product: Sophos AutoUpdate
    Trace(2018-Apr-20 12:12:16): CIDUpdate(SyncProduct.Start): Sophos AutoUpdate, \\oursophosserver\SophosUpdate\CIDs\S016\SAVSCFXP\
    Trace(2018-Apr-20 12:12:16): Checksum found in master.upd matches cached cidsync.upd : fcd5700. Skipping download
    Trace(2018-Apr-20 12:12:16): CIDUpdate(PrimarySuccess): 
    Trace(2018-Apr-20 12:12:16): CIDUpdateLocation::Prepare... entered
    Trace(2018-Apr-20 12:12:17): CheckManifest completed successfully
    Trace(2018-Apr-20 12:12:17): CustomFileMap::CustomFileMap.  CachePath = C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\cache
    Trace(2018-Apr-20 12:12:17): CustomFileMap::Read: Subfolder = sau productID = {9BF40A4E-23AE-48be-9974-5A1F261DBEE8}
    Trace(2018-Apr-20 12:12:17): CustomFileMap::Read: File path = C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\cache\sau.custom
    Trace(2018-Apr-20 12:12:17): CustomFileMap::Read: File exists and appears valid.
    Trace(2018-Apr-20 12:12:17): UpdateLocationFacade::SyncProduct: Last Update Mechanism = CID
    Trace(2018-Apr-20 12:12:17): CIDUpdateLocation::SyncProduct - Updating Product: Sophos Patch Agent
    Trace(2018-Apr-20 12:12:17): CIDUpdate(SyncProduct.Start): Sophos Patch Agent, \\oursophosserver\SophosUpdate\CIDs\S016\SAVSCFXP\
    Trace(2018-Apr-20 12:12:17): CIDUpdateLocation::Sync - Updating from local CID: \\oursophosserver\SophosUpdate\CIDs\S016\SAVSCFXP\spa
    Trace(2018-Apr-20 12:12:17): CIDSync(CidSyncMessage): 
    Trace(2018-Apr-20 12:12:17): CIDSyncCallback, SynchronisationTerminated - Code = -2147024809
    Trace(2018-Apr-20 12:12:17): CIDSyncCallback, SynchronisationTerminated - MapFile = C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\cache\spa.map
    Trace(2018-Apr-20 12:12:17): CIDSync(CidSyncMessage): \\oursophosserver\SophosUpdate\CIDs\S016\SAVSCFXP\spa,  
    Trace(2018-Apr-20 12:12:17): CIDUpdateLocation::SyncProduct: Failed to update product (Sophos Patch Agent) from "\\oursophosserver\SophosUpdate\CIDs\S016\SAVSCFXP\", Error is :CIDSYNC_E_SRCNOTFOUND (Source not found.)
    Trace(2018-Apr-20 12:12:17): CIDUpdate(CIDDownloadFailed): 
    Trace(2018-Apr-20 12:12:18): CIDUpdateLocation::Prepare... entered
    Trace(2018-Apr-20 12:12:18): CheckManifest completed successfully
    Trace(2018-Apr-20 12:12:18): CustomFileMap::CustomFileMap.  CachePath = C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\cache
    Trace(2018-Apr-20 12:12:18): CustomFileMap::Read: Subfolder = sau productID = {9BF40A4E-23AE-48be-9974-5A1F261DBEE8}
    Trace(2018-Apr-20 12:12:18): CustomFileMap::Read: File path = C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\cache\sau.custom
    Trace(2018-Apr-20 12:12:18): CustomFileMap::Read: File exists and appears valid.
    Trace(2018-Apr-20 12:12:18): ALUpdate(ProductUnavailable): Sophos Patch Agent, Sophos
    Trace(2018-Apr-20 12:12:18): ALUpdate(DownloadEnded): 
    Trace(2018-Apr-20 12:12:18): UpdateCoordinator::UpdateNow: About to Action list of products
    Trace(2018-Apr-20 12:12:18): SimpleProduct::DoAction isLater==false skipAction==false isUninstall==false m_lastUpdateSucceeded==true numfilestocahce 1 Actiontype SetupNot preinstalled product 
    Trace(2018-Apr-20 12:12:18): Null update
    Trace(2018-Apr-20 12:12:18): ALUpdate(Action.Skipped): RMSNT
    Trace(2018-Apr-20 12:12:18): CIDUpdateLocation::OnNullUpdate...
    Trace(2018-Apr-20 12:12:18): CustomFileMap::CustomFileMap.  CachePath = C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\cache
    Trace(2018-Apr-20 12:12:18): CustomFileMap::Read: Subfolder = rms productID = {390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92}
    Trace(2018-Apr-20 12:12:18): CustomFileMap::Read: File path = C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\cache\rms.custom
    Trace(2018-Apr-20 12:12:18): CustomFileMap::Read: File exists and appears valid.
    Trace(2018-Apr-20 12:12:18): CIDUpdateLocation::OnNullUpdate complete.
    Trace(2018-Apr-20 12:12:18): Updating plugin cache for RMSNT
    Trace(2018-Apr-20 12:12:19): Successfully updated plugin cache for RMSNT
    Trace(2018-Apr-20 12:12:19): SimpleProduct::DoAction isLater==false skipAction==false isUninstall==false m_lastUpdateSucceeded==true numfilestocahce 1 Actiontype SetupNot preinstalled product 
    Trace(2018-Apr-20 12:12:19): Null update
    Trace(2018-Apr-20 12:12:19): ALUpdate(Action.Skipped): SAVXP
    Trace(2018-Apr-20 12:12:19): CIDUpdateLocation::OnNullUpdate...
    Trace(2018-Apr-20 12:12:19): CustomFileMap::CustomFileMap.  CachePath = C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\cache
    Trace(2018-Apr-20 12:12:19): CustomFileMap::Read: Subfolder = savxp productID = {E17FE03B-0501-4aaa-BC69-0129D965F311}
    Trace(2018-Apr-20 12:12:19): CustomFileMap::Read: File path = C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\cache\savxp.custom
    Trace(2018-Apr-20 12:12:19): CustomFileMap::Read: File exists and appears valid.
    Trace(2018-Apr-20 12:12:19): CIDUpdateLocation::OnNullUpdate complete.
    Trace(2018-Apr-20 12:12:19): Updating plugin cache for SAVXP
    Trace(2018-Apr-20 12:12:19): Successfully updated plugin cache for SAVXP
    Trace(2018-Apr-20 12:12:19): SimpleProduct::DoAction isLater==false skipAction==false isUninstall==false m_lastUpdateSucceeded==true numfilestocahce 1 Actiontype SetupNot preinstalled product 
    Trace(2018-Apr-20 12:12:19): Null update
    Trace(2018-Apr-20 12:12:19): ALUpdate(Action.Skipped): Sophos Client Firewall
    Trace(2018-Apr-20 12:12:19): CIDUpdateLocation::OnNullUpdate...
    Trace(2018-Apr-20 12:12:19): CustomFileMap::CustomFileMap.  CachePath = C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\cache
    Trace(2018-Apr-20 12:12:19): CustomFileMap::Read: Subfolder = scf productID = {4DB41E90-DC56-41DC-B91E-9B8E537489A8}
    Trace(2018-Apr-20 12:12:19): CustomFileMap::Read: File path = C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\cache\scf.custom
    Trace(2018-Apr-20 12:12:19): CustomFileMap::Read: File exists and appears valid.
    Trace(2018-Apr-20 12:12:19): CIDUpdateLocation::OnNullUpdate complete.
    Trace(2018-Apr-20 12:12:19): Updating plugin cache for Sophos Client Firewall
    Trace(2018-Apr-20 12:12:19): Successfully updated plugin cache for Sophos Client Firewall
    Trace(2018-Apr-20 12:12:19): SimpleProduct::DoAction isLater==false skipAction==false isUninstall==false m_lastUpdateSucceeded==true numfilestocahce 1 Actiontype SetupNot preinstalled product 
    Trace(2018-Apr-20 12:12:19): Null update
    Trace(2018-Apr-20 12:12:19): ALUpdate(Action.Skipped): Sophos AutoUpdate
    Trace(2018-Apr-20 12:12:19): Updating subscription information from product ID data.
    Trace(2018-Apr-20 12:12:19): Rigid name: E3D9A230-334F-44DC-8FF6-B4AF383B4FD9
    Trace(2018-Apr-20 12:12:19): Version: 10.7.2.4.3692.1
    Trace(2018-Apr-20 12:12:19): CIDUpdateLocation::OnNullUpdate...
    Trace(2018-Apr-20 12:12:19): CustomFileMap::CustomFileMap.  CachePath = C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\cache
    Trace(2018-Apr-20 12:12:19): CustomFileMap::Read: Subfolder = sau productID = {9BF40A4E-23AE-48be-9974-5A1F261DBEE8}
    Trace(2018-Apr-20 12:12:19): CustomFileMap::Read: File path = C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\cache\sau.custom
    Trace(2018-Apr-20 12:12:19): CustomFileMap::Read: File exists and appears valid.
    Trace(2018-Apr-20 12:12:19): CIDUpdateLocation::OnNullUpdate complete.
    Trace(2018-Apr-20 12:12:19): Updating plugin cache for Sophos AutoUpdate
    Trace(2018-Apr-20 12:12:19): Successfully updated plugin cache for Sophos AutoUpdate
    Trace(2018-Apr-20 12:12:19): SimpleProduct::DoAction isLater==false skipAction==true isUninstall==false m_lastUpdateSucceeded==false numfilestocahce 1 Actiontype SetupNot preinstalled product 
    Trace(2018-Apr-20 12:12:19): DoAction Skipping
    Trace(2018-Apr-20 12:12:20): RMSMessageHandler: ALUpdateEnd
    Trace(2018-Apr-20 12:12:20): Sending message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>CIDDownloadFailed</ID><StringID>107</StringID><Sender>CIDUpdate</Sender><Insert>Sophos Patch Agent</Insert><Insert>\\oursophosserver\SophosUpdate\CIDs\S016\SAVSCFXP\</Insert></ErrorMessage><ReadableMessage>ERROR:   Download of Sophos Patch Agent failed from server \\oursophosserver\SophosUpdate\CIDs\S016\SAVSCFXP\</ReadableMessage></Config>
    Trace(2018-Apr-20 12:12:20): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>CIDDownloadFailed</ID><StringID>107</StringID><Sender>CIDUpdate</Sender><Insert>Sophos Patch Agent</Insert><Insert>\\oursophosserver\SophosUpdate\CIDs\S016\SAVSCFXP\</Insert></ErrorMessage><ReadableMessage>ERROR:   Download of Sophos Patch Agent failed from server \\oursophosserver\SophosUpdate\CIDs\S016\SAVSCFXP\</ReadableMessage></Config>
    Trace(2018-Apr-20 12:12:20): IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>CIDDownloadFailed</ID><StringID>107</StringID><Sender>CIDUpdate</Sender><Insert>Sophos Patch Agent</Insert><Insert>\\oursophosserver\SophosUpdate\CIDs\S016\SAVSCFXP\</Insert></ErrorMessage><ReadableMessage>ERROR:   Download of Sophos Patch Agent failed from server \\oursophosserver\SophosUpdate\CIDs\S016\SAVSCFXP\</ReadableMessage></Config>
    Trace(2018-Apr-20 12:12:20): IPCSender::ProcessSend: No messages in queue, starting to wait
    Trace(2018-Apr-20 12:12:21): IPCSender::ProcessSend exiting
    Trace(2018-Apr-20 12:12:21): ALUpdate finished

  • Hello Peter,

    Considering product {C58B1255-C24E-43d6-B2EB-9FB302B42E99}
    suggests the key is still present. The other two products are SCF and AutoUpdate, BTW. I've just removed the key (actually the one for spa64) from a machine, AutoUpdate did not attempt to download Patch (even though it was still installed). After adding it back in AutoUpdate went through download/install. Just did it to confirm that the behaviour hasn't changed. The only explanation I can come up with is that they key is still there ...

    Christian
     

  • Hi Christian,

    I deleted both keys again and confirmed with a colleague that they had gone. Confirmed.

    Rebooted, update done, failed on the Patch as before and registry keys recreated. 

    Very odd.

    Pete 

  • Hell Peter,

    no idea what should recreate them, after deletion and reboot (which isn't necessary BTW) on the first update AutoUpdate did or did not consider Patch?
    IMO the quickest way to determine what's going on is using Process Monitor, filtering registry accesses where the path contains this GUID - this should tell you who or what is recreating said key. I can say this isn't normal, did it more than one time - you delete the key, AutoUpdate leaves Patch alone.

    Christian