/
Computers With Errors

Computers With Errors

Owned by Dennis H. Wiedeman
Last updated: Mar 10, 2011Version comment

There is a function in the Dashboard that allows you to view Computers with Errors.  The following is a brief discussion of some of the more likely scenarios you will see in the Status window for system with errors:

  • Alerts and Errors -- These occur in the Status tab on the Console:
    • Errors -- There can be a variety of errors that can be observed.  <Right Click> on the system in the Console, an dselect View Computer Details to see the specific error shown below the basic system information.
    • Warning -- More often than not, these appear to indicate the local system needs to be rebooted for the updates that have been applied to take effect.  This is usually at first installation.  But, the warning indication will disappear once the system has been rebooted.
  • Scanning Errors -- These are indications from the local system as to the nature of the problem it had
    • The On-Access Driver Failed to Perform a User action on <Filename> -- This can happen on a system, but I'm not convinced it's a accurate report.  Emails that Administrators get from the system indicate that even though it doesn't show an item remediated, the local system may still be removing the item.  Double check this with someone who is on the sav@apollo.adcom.uci.edu email list to see whether or not the item has been resolved.  <Right Click> on the system, and Resolve Alerts and Errors by acknowledging the item.  If it is a recurring situation during the next on-demand scan, you can always deal with it at that time.
    • The Attempt to Move the Infected File <filename> failed.  The user does not have the rights to perform the action on the infected file [adcom:0xa0200006] -- This, too, may be an inaccurate assessment.  Check emails that the Sophos system sends to Adminstrators about how it dealt with this situation.  Chances are the problem was resolved, but the reporting system sent an error to the Console before the issue was resolved.  <Right Click> on the system, and Resolve Alerts and Errors by acknowledging the item.  If it is a recurring situation during the next on-demand scan, you can always deal with it at that time.
    • The Folder <Folder Name> Doesn't Exist -- This is "probably" a hold-over from items in the registry that have not been removed after the folder has been removed.  This happens, usually, from a bad uninstallation of software from the local system.  You can ignore this error and <Right Click> on the system, and Resolve Alerts and Errors by acknowledging the item.  These are not a big issue.
    •  File <filename> could not be removed [adcom:0xa0250029] -- This is most likely an error message that got generated before thelocal client software removed the file.  The best way to determine it is to contact one of the Sophos Administrators that get emails from the system.  That will confirm whether or not the error is an issue.
  • Update Errors -- The most common update errors that show in the Enterprise Console include:
    • Failed to install SAVXP: The MSI has failed p0x00000067] -- This is an indication of an installation error.  Try to reinstall the software on the local system.
    • Failed to install SAVXP: A previous version could not be uninstalled [adcom:0x0000067] -- This is usually an indication that the software has had problems in the installation process.  You may have to remote to the local system and try to manually uninstall any anti-virus software that remains on the system.  I've seen Symantec Anti-Virus cause this kind of a problem, where it's difficult for Sophos to uninstall it, so you have to manually uninstall.
    • Download of SAVXP failed from the server -- This is an indication of an installation problem.  Try to reinstall the software.
    • Download of Sophos AutoUpdate failed from the server -- This is an indication of an update problem.  <Right Click> on the system(s) that have this issue and Update Now.  You might have to remote to the local system and <Right Click> the Sophos shield in the System Tray and select Update Now.  The problem "should" disappear within a day or two, unless there is a problem with the install.
    • Restart needed for updates to take effect [adcom:0x0000006d] -- This is an extension of the Warning error you get in the Alerts and Errors section.  The problem should disappear after a reboot of the local system.  I usually don't worry about it, as Desktop Support may reboot the system after Microsoft patches get applied, or the user may reboot the system for their own reasons, thereby removing the error.
    • ERROR: Could not find a source for updated packes [adcom:0x00000071] -- This is an indication of a problem with updating.  Again, you can <Right Click> on the system(s) exhibiting this problem and Update Computer(s) Now.  An alternative would be to remote to the local system and <Right Click> on the Sophos shiedl in the System Tray and select Update Now.  That should force an update of the engine and signatures.
  • Enterprise Console Won't Clear Updating Alerts From "Computers with Errors"
    • Create a new Group called "Test" (I created one called Compliance Policy)
    • Create a new Updating Policy, giving it a false address for the Primary Update Server (I created one called Compliance Policy)
    • Drag and drop the policy onto the new "Test" Group
    • Move computers into the Test Group that are showing alerts that can't be removed from the Computers with Errors section (make notes of the original scanning groups they came out of, or you'll not know what original gropu they came out of and will not know when they will need to do their scanning later)
    • <Right Click> the "Test" Group and select "Comply with | Group Updating Policy" -- The computers will try to update their update policy but will fail because the update source does not exist.  This will write another error record into the SQL database.
    • Move the computers back into their original groups (I hope you wrote down the original groups they belong in)
    • Force them to comply with the updating policy by selecting "Comply with | Group Updating Policy"
    • The computers "should" update successfully to their original scanning policy