Sophos has released a new tool that facilitates the upgrade process of SafeGuard Configuration Protection (SGN CP), and circumvents issues that may arise in combination with Sophos Anti-Virus. The upgrade and uninstall process has been adapted accordingly, and is documented in the below mentioned knowledgebase articles.
Important: If you´re using SafeGuard Configuration Protection on clients that are protected by Sophos Anti-Virus, it is important to follow this new process and use the tool/script that we provide, in order to avoid losing the protection of the Firewall and Anti-Virus client.
Not following the new documentation can result in the following symptoms:
- Sophos Client Firewall fails to block data traffic and is unable to restart after a reboot
- Sophos Anti-Virus Client is unable to perform a scan
- The Sophos tray icon is no longer displayed.
First seen in
SafeGuard Configuration Protection 6.0
SafeGuard Configuration Protection 6.00.1
Sophos Anti-Virus for Windows 2000+
Operating systems
Windows XP
Windows Vista 32bit
Windows 7 32bit
64bit OS versions are not affected
Cause
The old upgrade process included the uninstallation of the SGN CP Client package (SGNCPClient.msi). During this process, the registry hive HKLM\SOFTWARE\Sophos is deleted entirely. The registry hive gets restored after a reboot but cannot be completely rebuilt.
What To Do
If you are using SGN CP 6.0 or 6.00.1 and Sophos Anti-Virus on client PCs and want to upgrade or uninstall SGN CP, follow the instructions in the following knowledgebase articles. Do not follow the process documented in the manual.
- Upgrade SafeGuard Configuration Protection: KBA 118085
- Uninstall SafeGuard Configuration Protection: KBA 118458
If these instructions have not been followed, and a client PC is already affected, you must remove Sophos Anti-Virus including AutoUpdate, Client Firewall, Patch Agent and Remote Management System modules from the computer and re-install again. Simply re-protecting prior to removing the modules will not work.