Versions Compared

Version Old Version 3 New Version 4
Changes made by

Dennis H. Wiedeman

Dennis H. Wiedeman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Alerts and Errors -- These occur in the Status tab on the Console:
    • Errors -- There can be a variety of errors that can be observed.  <Right Click> on the system in the Console, an dselect View Computer Details to see the specific error shown below the basic system information.
    • Warning -- More often than not, these appear to indicate the local system needs to be rebooted for the updates that have been applied to take effect.  This is usually at first installation.  But, the warning indication will disappear once the system has been rebooted.
  • Scanning Errors -- These are indications from the local system as to the nature of the problem it had
    • The On-Access Driver Failed to Perform a User action on <Filename> -- This can happen on a system, but I'm not convinced it's a accurate report.  Emails that Administrators get from the system indicate that even though it doesn't show an item remediated, the local system may still be removing the item.  Double check this with someone who is on the sav@apollo.adcom.uci.edu email list to see whether or not the item has been resolved.  <Right Click> on the system, and Resolve Alerts and Errors by acknowledging the item.  If it is a recurring situation during the next on-demand scan, you can always deal with it at that time.
    • The Attempt to Move the Infected File <filename> failed.  The user does not have the rights to perform the action on the infected file [0xa0200006] -- This, too, may be an inaccurate assessment.  Check emails that the Sophos system sends to Adminstrators about how it dealt with this situation.  Chances are the problem was resolved, but the reporting system sent an error to the Console before the issue was resolved.  <Right Click> on the system, and Resolve Alerts and Errors by acknowledging the item.  If it is a recurring situation during the next on-demand scan, you can always deal with it at that time.
    • The Folder <Folder Name> Doesn't Exist -- This is "probably" a hold-over from items in the registry that have not been removed after the folder has been removed.  This happens, usually, from a bad uninstallation of software from the local system.  You can ignore this error and <Right Click> on the system, and Resolve Alerts and Errors by acknowledging the item.  These are not a big issue.
    •  File <filename> could not be removed [0xa0250029] -- This is most likely an error message that got generated before thelocal client software removed the file.  The best way to determine it is to contact one of the Sophos Administrators that get emails from the system.  That will confirm whether or not the error is an issue.
  • Update Errors -- The most common update errors that show in the Enterprise Console include:
    • Failed to install SAVXP: The MSI has failed p0x00000067] -- This is an indication of an installation error.  Try to reinstall the software on the local system.
    • Failed to install SAVXP: A previous version could not be uninstalled [0x0000067] -- This is usually an indication that the software has had problems in the installation process.  You may have to remote to the local system and try to manually uninstall any anti-virus software that remains on the system.  I've seen Symantec Anti-Virus cause this kind of a problem, where it's difficult for Sophos to uninstall it, so you have to manually uninstall.
    • Download of SAVXP failed from the server -- This is an indication of an installation problem.  Try to reinstall the software.
    • Download of Sophos AutoUpdate failed from the server -- This is an indication of an update problem.  <Right Click> on the system(s) that have this issue and Update Now.  You might have to remote to the local system and <Right Click> the Sophos shield in the System Tray and select Update Now.  The problem "should" disappear within a day or two, unless there is a problem with the install.
    • Restart needed for updates to take effect [0x0000006d] -- This is an extension of the Warning error you get in the Alerts and Errors section.  The problem should disappear after a reboot of the local system.  I usually don't worry about it, as Desktop Support may reboot the system after Microsoft patches get applied, or the user may reboot the system for their own reasons, thereby removing the error.
    • ERROR: Could not find a source for updated packes [0x00000071] -- This is an indication of a problem with updating.  Again, you can <Right Click> on the system(s) exhibiting this problem and Update Computer(s) Now.  An alternative would be to remote to the local system and <Right Click> on the Sophos shiedl in the System Tray and select Update Now.  That should force an update of the engine and signatures.