Sophos Anti-Virus for Windows 2000+: Scheduled updates are not working for the Sophos client

  • Article ID: 112686
  • Updated: 11 Mar 2013

Issue

Scheduled and manual updates are unable to run on a endpoint computer. When right-clicking the Sophos shield and selecting 'Update Now' the ALUpdate.exe process does not load.

As ALUpdate.exe does not load nothing will be logged to the Sophos Autoupdate ALC.log. The following symptoms occur:

  • Alupdate.exe process does not start when right-clicking on the Sophos shield and choosing 'update now'.
  • Scheduled updates to the Sophos client do not run.
  • Updates only work when manually running alupdate.exe.
  • Nothing is logged in the Sophos Autoupdate logs.

Known to apply to the following Sophos product(s) and version(s)

Sophos Anti-Virus for Windows 2000+

Cause

The behaviour has been seen from two causes:

  • The Microsoft Windows operating system is not seeing that the local System account is a member of the Distributed COM Users group. This prevents the DCOM Object Sophos Autoupdate Service from launching as System and therefore prevents the updating process from occurring.

  • The are two paths listed for the TMP and TEMP System variables within the windows operating system. This causes complications for the ALSVC.exe to launch the alupdate.exe and therefore aborts.

What To Do

  • To test that this is the problem with DCOM, please do the following:
    1. Go to Start | Run and type in dcomcnfg
    2. Select Component Services | Computers | My Computer | DCOM Config.
    3. Find the object 'Sophos Autoupdate Service'.
    4. Right click on this object and select properties.
    5. To go the 'Identity' tab.
    6. Select 'This user' and enter your Administrator account details.
    7. Click OK.
    8. Go to Start | Run and type in services.msc
    9. Restart the Sophos Autoupdate Service.
    10. Log off the machine, and then log on again.
    11. Run an update (right-click the Sophos Shield in the System Tray).
  • If the update executes, you have now confirmed the issue. Please follow the steps below to resolve:
    1. Repeat the steps above, at 6 this time select 'The system account (services only)' option to reset as per the default.
    2. Go to Start | Control Panel | Administrative Tools | Computer Management | Local Users and Groups | Groups.
    3. Open the 'Distributed COM Users' group (if the group is not mentioned here, it can be found in under the 'Builtin' container in your Active Directory).
    4. Add the account 'System' to the above group.
    5. Click OK.
    6. You should now be able to run updates correctly.
  • To verify if there is an issue with the system variables, please do the following:
    1. Enter on the keyboard enter WINKEY + Pause / Break key to open the System Properties window.
    2. Select the Advanced Tab or Advanced Settings.
    3. Select Environment Variables.
    4. Under the System Variables, select TMP and TEMP from the list and confirm the path shown.
    5. The default path should be C:\Windows\Temp for both variables.
  • To remove multiple paths from these variables, please follow:
    1. If there is another path added, please select the variable and click 'Edit'.
    2. Then remove the non default path from the variable and click 'Ok'.
    3. Click 'Ok' on the previous windows until the System Properties window is closed.
    4. Please restart this endpoint to complete the changes.
    5. Once restarted the updates should now run successfully.


 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments