Sophos updating policy not set
I'm not getting any more notices but I'm scratching my head as to how I'm gonna update these pc's now lol I ended up turning off on-access scanning and they instantly updated from the live security service.
Bandwidth peaked at about 60 Megs there for 5 minutes while they all snagged it.
SUM unable to update If SUM is unable to update it is probable that files in the warehouse are failing to be decoded as they are being falsely detected as Shh/Updater-B.
To workaround this issue and successfully download the IDE file that fixes this issue follow these steps: What's worse is that the files it killed are not quarantined but moved to an infected folder...
Looks like tomorrow is going to be a looooong fucking day of reinstalling sophos clients. I've been using them for about 6 years and this is really the only problem I've had, albeit a huge one.doesn't seem to be that bad once I got to looking at it, they're instructing you to just push out a policy turning off on-access scanning on the clients, then forcing an update, then re-enabling scanning. Probably looking at a healthy chunk of this afternoon, too.
Be sure to turn off tamper protection as well - it appears to interfere iwth the repairs. I'm not sure how they are going to fix this, Sophos has quarantined it's own update executables, so even if they do push out a new definition file, the clients aren't going to be able to download it.
In the case that the management or client computer was restarted after the file had downloaded you will have to reinstall all update services"Since I had move or delete files instead of quarantine turned on the file got moved into a a folder with about 200 other instances of the updater....which apparently are different for the update manager and client machines (even though the file sizes were all the same).
My theory is that when I copied the update manager back over, it caused a sync issue and would not repair/update my warehouse or CID store.
1200 seats over about 30 non connected domains where we may need to dig through sophos logs to fix... One issue - this ONLY works if you have "Deny access only" as your option for "What to do if cleanup fails." If you have "delete" or any variation of "move," well, you're in for a bad day.
Check out the thread, but you will need to find a way to replace those files from autoupdater that were removed.