Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

Livequery64 failed to update

Hi,

We started having this issue with some workstations and laptops,  



Added tags
[edited by: Gladys at 1:45 PM (GMT -8) on 1 Jan 2024]
  • Thank you for reaching out to the community forum.

    Can you check if you're seeing the below error on the Livequery install logs "StartService failed with error 1053" which can be found in your %temp%

    If so? kindly follow the below steps and let us know. 

    Verify the current permissions on the C:\ProgramData (%ALLUSERSPROFILE%) using the Windows tool cacls.exe using the following syntax: cacls "%ALLUSERSPROFILE%" /C
    The following example shows missing special permissions for the BUILTIN\Users identity on C:\ProgramData, which would cause the issue to occur:

    C:\ProgramData CREATOR OWNER:(OI)(CI)(IO)F

    NT AUTHORITY\SYSTEM:(OI)(CI)F
    BUILTIN\Administrators:(OI)(CI)F
    BUILTIN\Users:(OI)(CI)R

    The following example shows existing default special permissions for the BUILTIN\Users identity on C:\ProgramData, which wouldn't cause the issue to occur:

    C:\ProgramData NT AUTHORITY\SYSTEM:(OI)(CI)F

    BUILTIN\Administrators:(OI)(CI)F
    CREATOR OWNER:(OI)(CI)(IO)F
    BUILTIN\Users:(OI)(CI)R
    BUILTIN\Users:(CI)(special access:)
    FILE_WRITE_DATA
    FILE_APPEND_DATA
    FILE_WRITE_EA
    FILE_WRITE_ATTRIBUTES

    This is often caused by a Group Policy Object that overwrites the default special permissions, removing the "special access" permissions for BUILTIN\Users, which eventually leads to the install/update failure.

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids