Troubleshooting Sophos Anti-Virus for Microsoft Windows 2000/XP/2003/Vista

Troubleshooting Sophos Anti-Virus for Microsoft Windows 2000/XP/2003/Vista

Contents

• Introduction
• Pre-requisites reminder
• Troubleshooting
• Installation problems
• Updating problems
• Updating has never worked since installing (applies to University PCs)
• Updating has never worked since installing (applies to home PCs)
• Updating has worked but has now stopped
• Checking the update logs
• Windows XP Security Center reports that Sophos is out of date, but it isn't really
• Virus and PUA removal advice

Introduction

This document gives instructions for troubleshooting Sophos Anti-virus software onto a PC running Microsoft Windows 2000/XP/2003/Vista.

Pre-requisites reminder

Before you troubleshoot the Sophos Anti-Virus package, there are some factors which you need to be reminded of:

1. Microsoft Windows 2000 PCs should have Service Pack 4 or later installed in order to run Sophos Anti-Virus. You can obtain the latest Windows 2000 Service Pack via the Microsoft Windows Update site.
2. Microsoft Windows XP PCs should have Service Pack 2 or later installed in order to run Sophos Anti-Virus. You can obtain the latest Windows XP Service Pack via the Microsoft Windows Update site.
3. Ensure that all Microsoft Windows critical updates have been installed; this should be done from the Microsoft Update website or from the campus Microsoft update server (your local IT supporter will have arranged this for you). We recommend that you set your computer to automatically install Microsoft updates. Details on this are available from the PC Security web pages.
4. All PCs must have their existing anti-virus software removed prior to installing Sophos Anti-Virus. This can be done through the Add/Remove Programs control panel (click on Start, select Control Panel and then Add/Remove Programs).
5. Sophos Anti-Virus must be installed as a user with an Administrator account. You can check this from all operating systems other than Windows XP Home in the User Accounts control panel (click on Start, select Control Panel and then User Accounts). If you are running Windows Vista you should install Sophos as the user called "Administrator" rather than your own account, even if you are a member of the Administrators group.

Troubleshooting

If things go wrong, please check the common problems listed below to see if they apply to you.

Installation Problems

1. If, during the install, you get an error reporting insufficient user rights you must ensure that the account you are installing with is a full Administrator account, not a User or Power User. If you are running Windows Vista you should install Sophos as the user called "Administrator" rather than your own account, even if you are a member of the Administrators group.
2. If, after the install, you get an error about having insufficient privileges you must ensure that the account you are currently logged in with is a member of the SophosPowerUser group on your computer.

For computers on campus, you probably log on to the computer with your University username and password. You will need to add the username RDG-HOME\your_University_username to the command listed below. Please do not enter your username as "your_university_username"; replace this with your actual username.
For computers at home you will probably use an account you created yourself when you set up the computer, for example "John Smith". This is the username you should add to the command listed below.
To add the appropriate username:

1. Hold down your keyboard's <Windows Key> (usually between <Ctrl> and <Alt>) and press <R>. A window will pop up. Now let go of both keys.
2. In the Run window that appears type:

net localgroup SophosPowerUser "username" /ADD
where username is your username you use to log in to the PC (the double quotes are required if your non-University username has spaces in it).
If this is on a computer on the campus network and you login with your University username, remember to prefix your username with RDG-HOME\, i.e.
RDG-HOME\your_University_username (to show that it's a campus domain username rather than a local PC username):

1. Press <Enter> and type exit <Enter> to close the window. Now you should be able to run Sophos.

Updating Problems

If the Sophos updates fail and a white cross in a red circle appears in the corner of your Sophos shield , you should first do a manual update by right-clicking on the shield icon. If that also fails, you should check the common problems below.

Updating Has Never Worked Since Installing (Applies to University PCs)

Personal firewall software, if used (especially the Windows Firewall enabled by default with Microsoft Windows XP Service Pack 2) can interfere with the management system used for University PCs. University PCs need to have File and Print Sharing enabled and the Sophos Management System added to the firewall settings and in addition Simple File Sharing should be disabled. Instructions on how to do this follow.
To correctly add File and Print Sharing to the Windows Firewall for campus PCs:

1. Open the Windows Firewall Control Panel:
2. If you are using the Category View:
   Click on Start and select Control Panel, then Security Center and then Windows Firewall
3. If you are using Classic View:
   Click on Start and select Control Panel and then Windows Firewall
4. Ensure that On (recommended) is selected and click on the Exceptions tab
5. Tick the File and Printer Sharing entry
6. Click the Edit button, then the Change Scope... button
7. Set it to a Custom list of: 134.225.0.0/255.255.0.0 and press OK twice (i.e. the campus network).
8. Next, click the Add Program... button and add C:\Program Files\Sophos\Remote Management System\RouterNT.exe.

To disable Simple File Sharing for campus PCs:

1. Click on Start and select My Computer
2. In the new window that appears, click on the Tools menu and select Folder Options...
3. Click on the View tab
4. Scroll to the bottom of the list of the Advanced settings and un-tick Use Simple File Sharing (Recommended)

Updating Has Never Worked Since Installing (applies to home PCs)

Home update failures are invariably due to one of the following factors in order of likelihood (assuming that the PC is otherwise running correctly and your other software is updating correctly):

1. The Sophos update location has been typed incorrectly (check it with the settings on the previous page).
2. Your username or password has been typed incorrectly (check it, and ensure that CAPS LOCK is off).
3. Your home PC isn't connected to the Internet (probably not the case if you're reading this page online).
4. Your home PC is connected to the Internet, but your firewall is blocking the Sophos update connection (unlikely, as Sophos uses the same connection as you're now using to read this web page).
5. Your home PC is using a wireless connection and the connection hasn't been established yet.

Updating Has Worked But Has Now Stopped

1. (Applies to Private PCs)

The PC is not connected to the network (e.g. readingConnect or your ISP).Ensure that you are on-line and then do a manual update.

1. (Applies to Private PCs)

If you have changed your University password, Sophos will not be able to connect to the update server.You will need to change the password used by Sophos to connect to the server.

1. Right-click on the Sophos shield in the System Tray (normally bottom-right of the screen) and select Configure updating...
2. Click on the Primary server tab
3. Enter your new University password in the Password and Confirm password boxes

Checking The Update Logs (applies to all PCs)

If none of the above solutions result in an update, you should check the Sophos log file which gives details of the updating process. To view the log file:

1. Right-click on your Sophos shield and select Configure updating...
2. Select the Logging tab and click on the View Log File button:

1. This file will give an error message telling you why you cannot update (usually that it cannot find update location for Sophos version 6 and for Sophos version 7). If the listed error message makes no sense to you, you should copy and paste this error message in full when emailing ITS-Help.

Windows XP Security Center reports that Sophos is out of date, but it isn't (applies to non-domain and home PCs)

This is a "false alarm" message which is a problem acknowledged by Sophos on their support website:

The problem arises because the Security Centre assumes that the virus definitions are stored as a single package which will be updated at least every 34 days. Sophos no longer use this method and instead provide a multi-package database, adding packages as needed. This means that the original package which is being monitored by Microsoft never gets updated and so the XP Security Center complains even though Sophos really is up-to-date.

Virus and PUA removal advice

We recommend that you periodically run a full scan of your computer, immediately after updating Sophos with the latest virus definitions. You may do this either from within the Sophos application itself as a "scheduled task" if you wish to do this overnight or when the PC is unattended, or you may do this immediately by right-clicking on "My Computer" and selecting "Scan with Sophos Anti-Virus" from the menu.
N.B. If Sophos detects a "Potentially Unwanted Application" which you wish to remove, then you must run a full scan of your computer before you will be able to remove it. This is to allow Sophos to ensure that it has detected all traces of the application so that no remnants are left behind.