I know you weren't asking me, but the trend here is: 1. Already running systems, been running for years. 2. Sophos System Protection Service (about 65-70% of the systems)
↧
Forum Post: RE: Some Sophos services are not running/missing
↧
Forum Post: RE: Sophos Endpoint Intercept X 2.0 impacting Performance - slow?
Hi Julian, We spread the release out across various groups, if you ask via support they can see that you get moved/are in, an early group. Regards, Stephen
↧
↧
Forum Post: RE: Some Sophos services are not running/missing
Jak if you meant me here's a sampling just from the top of the event log, each line is a different machine. Missing: Sophos System Protection Service Missing: Sophos AutoUpdate Service (and only 5 services even showing under "Security healt Missing: Sophos System Protection Service and bunch of "Failed to install sed64: 80004005" Not started: Sophos Network Threat Protection Missing: Sophos AutoUpdate Service Missing: Sophos System Protection Service and bunch of "Failed to install sed64: 80004005" So that's six just to start with without even digging into the "bad status" machines under devices where we have delights such as this one (all one machine): Not started: Sophos Anti-Virus Sophos MCS Client Not started: Sophos Device Control Service Sophos System Protection Service Sophos Web Control Service Sophos Network Threat Protection Not started: Sophos MCS Agent Missing: Sophos Web Intelligence Service Not started: Sophos File Scanner Service Sophos Anti-Virus Status Reporter Sophos AutoUpdate Service Sophos Safestore Service Sophos Endpoint Defense Sophos Clean Service And the event log for that machine shows: May 24, 2018 9:09 AM Failed to install savxp: uninstalling an older product failed. May 22, 2018 8:24 AM Failed to install savxp: uninstalling an older product failed. May 18, 2018 11:13 AM Failed to install savxp: uninstalling an older product failed. May 16, 2018 10:18 AM Failed to install savxp: uninstalling an older product failed. May 14, 2018 5:10 PM Failed to install savxp: uninstalling an older product failed. May 12, 2018 11:56 AM Failed to install savxp: uninstalling an older product failed. May 10, 2018 8:31 AM Failed to install savxp: uninstalling an older product failed. May 7, 2018 7:27 PM Failed to install savxp: uninstalling an older product failed. I get that no solution is perfect but this simply isn't acceptable when you're relying on a product to protect machines distributed around the world. "Bring it back because we need to rip it apart in safe mode just to uninstall it" doesn't fly when it's 12k miles away.
↧
Forum Post: RE: HELP! Dynamic disks or GPT disks are used on this machine. Please install again and choose Bitlocker Encryption. Error 5009
I don't know if this is appropriate here, but I have successfully converted from GPT to MBR without destroying data or re-installing Windows using Aomei Partition Manager. You have to pay for it, but it does work and has other features besides that make it worth the money. Perhaps this might save someone else some time if they happen by this thread.
↧
Forum Post: RE: Routing between Interfaces not working as expected - trying to split my Networks in Subnets
I created muliple Zones, because they should have separate IPs. But all new Zones are from Type "LAN": So it looks in esxi: For test I created a "Allow all from everywhere to everywhere" (without NAT) I testet the Rule with XG - the Packets should pass the Firewall: Real Test from Machine in Client-Net - Access on Server IP Port 80 - no Connection: (Gateway is 192.168.1.254 = Sophos Interface, IP came per DHCP) Curious: I can Ping 192.168.178.1 = esxi and 192.168.178.254 = Sophos Gateway in Server Network - but no other Machine in Server Network.
↧
↧
Forum Post: RE: Hollow Process - VeryPDF PDF2Vector Converter stopped by Intercept X
Hi Jelle, If you are unsure whether the program you are running is safe, I recommend you submit a sample to Sophos labs so that they can analyze it and provide more info: https://secure2.sophos.com/en-us/support/submit-a-sample.aspx Also, please have a look at the following article to open a support case: Intercept X: How to report false positives for further review of the issue.
↧
Forum Post: RE: Routing between Interfaces not working as expected - trying to split my Networks in Subnets
Sorry it took so long. Had to use google translate along with my firewall to understand what I was looking at. (I do not know german). A couple of things: Your WAN port with the Fritzbox is causing a double NAT. This could potentially break some things. Can the Fritzbox be put into Bridge mode? Start simple by defining IP networks and use the objects instead of Any. Since the firewall works from a top down scenario create a rule at the top with Markus Zone and Markus Subnet for source with destination LAN Zone and LAN Subnet with Service Any. Only have logging enabled. Test connectivity If it works add additional zones to the destinations with their subnets. You never mentioned if all of your zones are able to get out to the internet via the WAN and double NAT. Hope this helps -Ron
↧
Forum Post: RE: Some Sophos services are not running/missing
Thanks for the reply and given your comments, I would initially focus on the component: Sophos Endpoint Defense. This component also installs the Sophos System Protection service. Are you able to attach/find the "Sophos Endpoint Defense Setup (version) (date) (time).log" file from a couple of these failing computers? It may well be they are all suffering the same issue. If it is failing as part of running the Cloud installer, then it will be in %temp%. If it was working and AutoUpdate is installing it, it will be in \windows\temp\. Regards, Jak
↧
Forum Post: Upgrade UTM 220 devices to SG230 in HA mode
We currently have a set of UTM220 devices in a cluster. We recently received a pair of SG 230s to upgrade to since the UTM220 is end of life. What are some steps to follow in order to upgrade to the new units? Can anyone give a step by step or a summary of what needs to be done to have a "flawless" upgrade? Thank you in advance.
↧
↧
Forum Post: RE: Unable to add custom CA certificate for HTTPS scanning
Unfortunately our contract/license is expired with this appliance as we have planned to move to a different appliance/vendor, however that one is not ready to be rolled out quite yet; so that's why I wanted to try posting on the community forums instead of opening a ticket. For what it's worth, attached is a screenshot of the error; not much to it really. After trying to upload the cert/key, the error appears and the boxes to upload the files are cleared out.
↧
Forum Post: RE: Ultrasurf Chrome Plugin
Olá Pedro and welcome to the UTM Community! Please show a line or two from the Web Filtering log where Ultrasurf was allowed through. Also, insert pictures of the Edits of the sections in your configuration that you thougt would block Ultrasurf. Cheers - Bob
↧
Forum Post: What does "Block unrecognized SSL protocols" blocks?
Hi Community, I really try to find some info about this, but a persona ask me about what exactly this option do and I didn't found any clue yet. When it says that the unrecognized SSL protocols will be block, the XG will block SSL old protocols too? What exactly does this option blocks? I will appreciate any comment about this.
↧
Forum Post: RE: Server 2016 Remote Web Workplace and Remote Desktop Gateway using WAF
This post got Hi-Jacked. Lets get it back on track. Nico says the KB information works, as separate rules, but since the WAF module does not allow you to have multiple Business Rules for the same FQDN he is unable to use both the Remote Desktop Gateway and the Remote Desktop Web services. This wouldn't be an issue if the WAF allowed for Inbound Explicit Paths. The KB explicitly says: https://community.sophos.com/kb/en-us/126103 ***** Configure Firewall rules Two business application rules may be needed depending on your implementation of RDS. One rule for RDS Web Access and the other rule for the RDS Gateway. In some situations, both rules can be combined into one. ***** So the question is how do we combine these two rules when they have conflicting settings? Note: I am in the same boat here with Windows Server 2012 R2 which the KB was written for.
↧
↧
Forum Post: [Sophos Advisory] VPNFilter Malware
Hey Community, This Knowledge Base Article responds to concerns about the VPNFilter malware that has been attacking small office home office (SOHO) routers. Regards,
↧
Forum Post: [Sophos Advisory] VPNFilter Malware
Hey Community, This Knowledge Base Article responds to concerns about the VPNFilter malware that has been attacking small office home office (SOHO) routers. Regards,
↧
Forum Post: [Sophos Advisory] VPNFilter Malware
Hey Community, This Knowledge Base Article responds to concerns about the VPNFilter malware that has been attacking small office home office (SOHO) routers. Regards,
↧
Forum Post: STATS on seperate subnet via ipsec
Hi guys. Running STATS on a separate network connected via ipsec. I cannot ping/connect to the network from the router. What do I need to make this work? The networks do work. The route table doesn't list the other subnet, but that is to be expected.
↧
↧
Forum Post: RE: XG-multiple DHCP release/renews within 1-2seconds from same computers
I ran into something similar on an XG115 and an AP55C. Wireless clients on the Guest would have their IP renew ever 1 second. While Spoof Prevention was off, the DoS Flags were enabled and once I disabled them everything started working.
↧
Forum Post: RE: STATS on seperate subnet via ipsec
Hey HaydenKirk Could you please clarify the issue you are experiencing? What is STATS? Also what devices are connected via this IPsec VPN tunnel? Do you have ping enabled in your Local Service ACL's for the VPN/LAN zone? (System>Adminstration>Device Access) What is displayed when you type from the device console (CLI option #4) "console> system ipsec_route show" ?
↧
Forum Post: RE: STATS on seperate subnet via ipsec
Sorry, I meant STAS. Not sure how ping would help. I am trying to ping from the Sophos to devices in the remote subnet with no response. Nothing is shown on the ipsec route: console> system ipsec_route show tunnelname host/network netmask
↧