This article explains what to do when the Sophos AutoUpdate component can no longer function after a false positive in Sophos Antivirus.
Note: This only occurs if your anti-virus configuration was set to an option other than Deny access only.
First seen in
Sophos Anti-Virus for Windows 2000+
A false positive moves files from their original location or deletes them, which prevents Sophos AutoUpdate from functioning as intended.
What to do
A VBS script can be used to repair endpoints with their deleted or moved files.
- Download the script (available here).
- Extract the file to a folder of your choosing.
- Click Start and type Command Prompt in the search field. Right-click Command Prompt and then click Run as Administrator.
- Type the location/directory where you extracted the script and type Fixupdate.vbs and then hit Enter. e.g.
- You can also deploy the script with the deployment method of your choice. (Microsoft group policy, e.g. startup/shutdown scripts, Zenworks, PsExec, Altiris, etc.). Sophos has instructions for:
- Once the script has completed, check that the Sophos shield icon is displayed in the notification tray. If not, log off and back on to relaunch the icon. Alternatively, you can manually launch Almon.exe by going to Start > Run and typing:
For 32-bit systems:
For 64-bit systems:
C:\program files (x86)\Sophos\AutoUpdate\Almon.exe
Note: Alerts on the Console side will still need to be Acknowledged, and all output log files should be kept for reference until you are satisfied you have resolved all problems with the computer(s).
Feedback and contact
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.
This is invaluable to us to ensure that we continually strive to give our customers the best information possible.