Sophos Enpoint Protection UTM Edition isn't updating any more

Hello TheExpert,

more details should be in the ALUpdate log in %ProgramData%\Sophos\AutoUpdate\Logs\. Please see here on how to identify one update cycle if you need to post a snippet of the log (more than one cycle is redundant, less might make it hard to determine the actual problem).

Christian

Hello Christian,

sorry, there's no ALUpdate log file in the folder %ProgramData%\Sophos\AutoUpdate\Logs\.

The workaround I found seems to work. Actually there's no update but on all affected endpoints I could get the update running again without errors.

Hello QC,

yes, I know that if there are no updates the update will be skipped, but even today the patterns still aren't updated! The UTM shows "outdated" on the Endpoint Protection dashboard. And the Windows Security Center shows "Maßnahmen erforderlich" ("Action required") for Sophos Anti-Virus. There are no more details.

I tried to check the file inje-dsf.ide (see your link) but I can't find this file. There are a lot of other *.ide files and their file dates are from 12.11.2018 and earlier! I think after more than 2 weeks there have to be new pattern updates available. Or am I wrong?

In fact, UTM Endpoint is on its way out and will not be supported after 31 Dec 2019.  Commercial customers (I know about North America and only suspect that this is worldwide) will learn in the coming week that no UTM Endpoint renewals will be sold after the end of this month, 31 Dec 2018.  Paid subscriptions for UTM Endpoint can be transitioned at any time to CEP - see How to migrate from UTM Endpoint Protection to Sophos Central Endpoint Protection.

Just as Toni said above, the preferred solution for home users is Sophos Home which is superior to UTM Endpoint as he explains.  If at first you don't succeed, you might need the batch file below to remove UTM Endpoint (works for Win 7).  Would the first home user that tries this transition please report back here with any difficulties and if removal of UTM Endpoint was necessary.

 To uninstall the Sophos 10/11 in Windows 7 64-bit:

 @Echo Off
 net stop "Sophos AutoUpdate Service"
 net stop "Sophos Anti-Virus"
 net stop "Sophos Anti-Virus status reporter"
 net stop "Sophos Device Control Service"
 net stop "Sophos MCS Agent"
 net stop "Sophos MCS Client"
 net stop "Sophos Web Control Service"
 net stop "Sophos Web Intelligence Update"
 net stop "swi_service"
 net stop "swi_update_64"
REM Sophos Management Communications system - DELETE for V11 - KEEP for V10 -
 MsiExec.exe /X{A1DC5EF8-DD20-45E8-ABBD-F529A24D477B} /qn REBOOT=SUPPRESS /PASSIVE /L*v %windir%\Temp\Uninstall_SAV11_Log.txt
REM Sophos Management Communications system - DELETE for V10 - KEEP for V11 -
 MsiExec.exe /X{1FFD3F20-5D24-4C9A-B9F6-A207A53CF179}
REM Sophos Anti-Virus
 MsiExec.exe /X{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4} /qn REBOOT=SUPPRESS /PASSIVE /L*v %windir%\Temp\Uninstall_SAV11_Log.txt
REM Sophos AutoUpdate
 MsiExec.exe /X{15C418EB-7675-42be-B2B3-281952DA014D} /qn REBOOT=SUPPRESS /PASSIVE /L*v %windir%\Temp\Uninstall_SAV11_Log.txt

Same for Windows 32-bit except "swi_update" instead of "swi_update_64"

Cheers - Bob

Hi BAlfson,

thank you for your information. But this isn't a solution of my issue. Even if the software won't be supported after 31 Dec 2019 it should get pattern updates until this time! And my question is now why it doesn't get pattern updates anymore and how could I check and solve for getting the updates again?

For the furtue I don't think that I will use Sophos Home because it doesn't fit my requirements. But for now I want to use the Sophos UTM Endpoint Protection and will migrate to another solution in the next months.

Hello TheExpert,

the GUI's updating log doesn't give much insight, especially when updating from Sophos.
Furthermore, as said, the log from 22.11.2018 doesn't show download errors. Please check the more verbose ALUpdate2018.... log (%ProgramData%\Sophos\AutoUpdate\Logs\), this should have some hint what's going on (if you post only part of it please make sure it includes a complete cycle).

Christian

You might fix this behavior by clicking on [Reset Registration Token] on the 'Advanced' tab of 'Computer Management'.  If that doesn't work, uninstall and re-install Endpoint.

Any luck with any of that?

Cheers - Bob

Hello Christian,

again, as written earlier, there's no ALUpdate... log file in the folder %ProgramData%\Sophos\AutoUpdate\Logs\.

Hi BAlfson,

you mean the Reset Registration Token at the UTM? Then I have to reset the registration of all the Sophos agents and I'm not sure if this will help because the update procedure itsself is working and communicates with the Server without any error messages. But I will try this and will give you feedback.

But the re-installation of the Endpoint isn't a really nice idea. The installation package doesn't install the Endpoint properly on Windows 10. When I have to uninstall Sophos Endpoint Protection then I will let it uninstalled and switch to Microsoft Defender. The last AV test results aren't bad.

The UTM Endpoint will go End of Life next year.

https://community.sophos.com/kb/en-us/133049

You should be able to simply "Overinstalling" the Central Home Endpoint. https://community.sophos.com/kb/en-us/133049

Hello TheExpert,

hm, what's in this folder? Just the ALC.log - is its timestamp recent?

Christian

Hello QC,

yes, only the file ALC.log and the timestamp is recent.

Hello QC,

yes, only the file ALC.log and the timestamp is recent.