This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Enpoint Protection UTM Edition isn't updating any more

Hi all,

since 31.08.2018 I don't get updates for Sophos Endpoint Protection any more. The update log shows the following errors:

Zeit: 28.09.2018 06:50:36
Meldung: AutoUpdate abgeschlossen
Modul: SophosUpdate
Prozess-ID: 11336
Thread-ID: 7384

Zeit: 28.09.2018 06:50:36
Meldung: Download-Phase abgeschlossen
Modul: Update
Prozess-ID: 11336
Thread-ID: 7384

Zeit: 28.09.2018 06:50:36
Meldung: FEHLER:   Endpoint Security and Control konnte nicht von Server Sophos heruntergeladen werden
Modul: Update
Prozess-ID: 11336
Thread-ID: 7384

Zeit: 28.09.2018 06:30:53
Meldung: Download von Produkt Endpoint Security and Control vom Server Sophos
Modul: Update
Prozess-ID: 11336
Thread-ID: 7384

Zeit: 28.09.2018 01:30:16
Meldung: ***************          Sophos AutoUpdate gestartet          ***************
Modul: SophosUpdate
Prozess-ID: 11336
Thread-ID: 7384

This issue is happening on 5 of 8 running systems. The agents are connected properly to the UTM. The license is valid until July 2020 and there 10 of 12 agents installed.

How can I solve this issue?



This thread was automatically locked due to age.
Parents Reply Children
  • Hello Christian,

    sorry, there's no ALUpdate log file in the folder %ProgramData%\Sophos\AutoUpdate\Logs\.

    The workaround I found seems to work. Actually there's no update but on all affected endpoints I could get the update running again without errors.

    Kind Regards

    TheExpert

  • Hi all,

    the issue is happening again and again. But now I don't have any clients which are getting new updates! The last working client I had did one successful update today and since then the update procedure shows the same error: "Meldung: FEHLER:   Endpoint Security and Control konnte nicht von Server Sophos heruntergeladen werden"

    The workaround I found a few weeks ago (see above) doesn't help to solve this issue any more.

    Does Sophos made changes to the update feature? Is Sophos Enpoint Protection UTM Edition still under support so that it will get updates? There are a lot of signs showing that Sophos isn't interested in suppporting this product any more. One sign is that there's still no new installation package which is compatible with Windows 10.

    It's a shame how Sophos as a big IT security firm is keeping its products actual and working. The UTM is very good system but in the past months there are no regular updates any more and issues are not fixed for months!

    Do you have any ideas how to get the endpoint protecton working regarding the updates? Or should I uninstall this software and switch to Microsoft Defender? Thank you.

    Kind Regards

    TheExpert

  • Hi, 

    I am not quite the fan of the UTM Endpoint because it is lacking some kind of extra protection layers like Intercept X. Maybe this is the perfect time to migrate your endpoint to Central? And to be honest, if you manage those clients on UTM Dashboard or central dashboard seems to be some kind of the same. 

    You should be able to migrate everything properly into Central without any issue. And you dont have to touch your SG. It is only the Endpoint client which can be migrated to Central. 

    __________________________________________________________________________________________________________________

  • Hi LuCar Toni,

    thank you for your feedback. I forgot to mention that I'm using the Home Edition of the UTM and I like the central management of the Endpoint Protection. I don't need the extra features. But it would be nice if the provided features are working as they should. But there's no Information, when the updates don't work. In the past there was an icon in the taskbar showing issues but now the icon shows no issues and events with hints when moving over the Sophos icon. Actually the hint only shows that the update was running. I have to open the endpoint console to see that the update isn't working. And after a few days the Windows security center shows an issue. This isn't that kind of of monitoring I prefer.

    Is Central free for home users? And is central solving my issues with the updates of Sophos Endpoint Protection? What's the root cause for not updating the endpoints any more?

    Thank you.

    Kind Regards

    TheExpert

  • The Central Home Version is called Sophos Home.

    https://home.sophos.com/

    It is free for Home Users and grant the same level of protection like Central Intercept X. 

    __________________________________________________________________________________________________________________

  • Hi LuCar Toni,

    thank you for this hint. I will have a look at this later.

    But what's the reason for the Endpoint Protection to not updating any more? I see in the UTM that there's traffic to sophosupd.com. It's about 50 MB for yesterday from every single client systems. So it looks like the updates are downloading but they won't be installed. Is there an issue with false-positive error messages?

    Kind Regards

    TheExpert

  • I do not know, because i simply do not cover those deep insight knowledge of endpoint. 

    Maybe  can help out? :)

    __________________________________________________________________________________________________________________

  • Hello TheExpert,

    sorry, for whatever reason I did not follow up in September. Haven't heard that AutoUpdate doesn't produce an ALUpdate log (don't think you searched for a log named just ALUpdate and disregarded those with names like ALUpdate20181112T111247.5573100.log). Or are there no files at all in \%ProgramData%\Sophos\AutoUpdate\Logs\?

    As to the so-called workaround: Bot knowing the details of the issue I can just speculate why it seemingly helps. When checking for updates AutoUpdate compares the contents of the Warehouse (comparing catalogs of hashes) with those available from the download server. When the download of a certain new/changed file constantly fails and you update the Warehouse with a complete copy no download will be required at the next check and consequently AutoUpdate will report success. Eventually there might again be again an error - depending on whether the download doesn't work at all or just for one or a few files the update will fail within a day or after a longer interval (that could even be weeks). Rinse. Repeat.

    Sophos isn't interested in supporting this product any more
    I'm not Sophos so I can't make a dependable statement. It's AFAIK still supported but no longer actively developed. UTM Endpoint or rather its communication mechanism MCS is based on the cloud version (Central). Providing the newer versions (Windows 10 should be supported, BTW, can't say what the issue with the installer package could be) would mean that the Central Admin management features have to be backported to the UTM.

    Christian

  • Hello QC,

    it's really strange: Yesterday I updated my ESX Hosts and so I had to failover my Sophos UTM HA cluster and to reboot the two UTM nodes one after another. And since the HA cluster is running in full HA mode again the update of Sophos Endpoint Protection is working again. And the Windows Security Center Icon shows that everything is OK now. But before the reboot I had no network issues or something like that. So I don't have an idea what's changed by the reboot of the UTM nodes.

    Another result of the reboot is that the SIP proxy feature isn't working as it did in the past. I deactivated the SIP Proxy of the UTM and configured dedicated firewall rules for the SIP and RTP communication between my VoIP devices. Now, the VoIP devices can communicate to each other again. But that's another story...

    Kind Regards

    TheExpert

  • Hi all,

    the update of Sophos Enpoint Protection UTM Edition seems to work but I'm not sure if it's getting actual pattern files. Windows Security Center shows an error regarding Sophos AV. The update log looks OK but for a long time I only sse the following:

    Zeit: 22.11.2018 20:43:50
    Meldung: AutoUpdate abgeschlossen
    Modul: SophosUpdate
    Prozess-ID: 12552
    Thread-ID: 8372

    Zeit: 22.11.2018 20:43:50
    Meldung: Installations-Phase abgeschlossen
    Modul: Install
    Prozess-ID: 12552
    Thread-ID: 8372

    Zeit: 22.11.2018 20:43:50
    Meldung: Installation von savxp übersprungen
    Modul: Install
    Prozess-ID: 12552
    Thread-ID: 8372

    Zeit: 22.11.2018 20:43:50
    Meldung: Installation von sau übersprungen
    Modul: Install
    Prozess-ID: 12552
    Thread-ID: 8372

    Zeit: 22.11.2018 20:43:50
    Meldung: Installation von mcsep übersprungen
    Modul: Install
    Prozess-ID: 12552
    Thread-ID: 8372

    Zeit: 22.11.2018 20:43:50
    Meldung: Download-Phase abgeschlossen
    Modul: Update
    Prozess-ID: 12552
    Thread-ID: 8372

    Zeit: 22.11.2018 20:43:42
    Meldung: Download von Produkt Endpoint Security and Control vom Server Sophos
    Modul: Update
    Prozess-ID: 12552
    Thread-ID: 8372

    Zeit: 22.11.2018 20:43:41
    Meldung: ***************          Sophos AutoUpdate gestartet          ***************
    Modul: SophosUpdate
    Prozess-ID: 12552
    Thread-ID: 8372

    How can I check if the pattern files are updated correctly?

    Kind Regards

    TheExpert