Event Id 593
Monday, November 09, 2009 4:41 PM 0 Sign in to vote My guess as to why we don’t see more complaints here is the same as mentioned by others before. Many may have already downgraded back to version 7 as posted previously by myself and others as the fix, and are now just awaiting word that Sophos has corrected the issue. All Rights Reserved. Logon IDs: Match the logon ID of the corresponding event 528 or 540. have a peek here
If you need technical support please post a question to our community. Can I ask, did you lot upgrade from V3 of the Enterprise console to 4 or do a fresh install? In the case of successful object opens, Accesses documents the types of access the user/program succeeded in obtaining on the object. New Handle ID: When a program opens an object it obtains a handle to the file which it uses in subsequent operations on the object.
Event Id 593
I don’t blame them one bit. Join the IT Network or Login. I think I should be able to recoup all the revenue we have lost due to lost productivity! Marked as answer by Briser Thursday, November 05, 2009 10:09 AM Friday,
I get unspecified error mesage in event viewer. The issue appears to be isolated to Windows XP machines running Sophos 9. Isn’t it nice to know that the care so much, and are looking out for their customers. read more...
This event causes the PCs to freeze for around 5 minutes. Windows Event Id 4688 their quality control just isn't where it needs to be. Monday, November 09, 2009 2:10 PM 0 Sign in to vote None of my standard XP machines with the crashing issue use Office 2007 or Outlook 2007, there is nothing in any way http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows%20Operating%20System&ProdVer=5.0&EvtID=592&EvtSrc=Security&LCID=1033 Thursday, October 29, 2009 11:03 AM 0 Sign in to vote Hi Zack, it would appear that a regkey change provided by Sophos has fixed the issue (fingers crossed), I will
tech support isn't outsourced, so don't be afraid to call / e-mail if you run into problems. W3 only. Alternatively for licensed products open a support ticket. Monday, February 01, 2010 9:34 PM 0 Sign in to vote i have received a downgrade path from sophos until version 9 is fixed.
Windows Event Id 4688
A reboot after removal is recommended. https://community.spiceworks.com/windows_event/show/7077-savonaccesscontrol-592 We still have legacy updating enabled and clients who still run version 7.6.2 do not have the issue. Event Id 593 Also i can confirm this does not affect Windows 7, i have a test bed and this hasn't happened once on any of them, another good reason why W7 is good Token Elevation Type Infrastructure Maintenance?
The key to this seeing this kind of activity is to compare the executable name in a recent event 592/4688 to executable names in a whitelist - and thereby recognizing new navigate here What worries me is that we beta tested this software for Sophos and had no problems like this, so since then and now the release candidate has gone awry somehow? The accesses listed in this field directly correspond to the permission available on the corresponding type of object. The problem was impacting both desktops and laptops equally.
Sorry on my bad English! Primary fields: When user opens an object on local system these fields will accurately identify the user. I replied that it would be difficult to do since I have already rolled my entire network back to V7 (except the vista and windows 7 machines, which aren’t impacted) John-already-in-use Check This Out So it isn’t perfect, but it could be a work around for you… just a thought… As for Sophos, I still haven’t heard anything and am presuming we’re no closer to
I think after this, I’ll wait for a few more updates to the new version, just to make sure the bugs are worked out. I have my entire network on v9 now and the issues with XP locking up are gone. Friday, October 30, 2009 2:16 PM 0 Sign in to vote Yep, it seems the BOPSTrace was the first thing they got us to do but no joy, they then asked
REMSAV Instructions (2000/XP/2003/Vista/2008): 1) Download and install the Microsoft Clean-up Utility from: http://support.microsoft.com/default.aspx?scid=kb;en-us;290301 2) Rename the file remsav-all-212.txt to remsav-all-212.bat. 3) Double click on remsav-all-212.bat, when prompted reboot the computer.
It worked well enough. About Advertising Privacy Terms Help Sitemap × Join millions of IT pros like you Log in to Spiceworks Reset community password Agree to Terms of Service Connect with Or Sign up You can subscribe to the v7 package in Sophos Update Manager and download that, then point the updating policy to this location to attempt a downgrade of these installations. All XPSP3, Office 2007 (but no Outlook).
I don’t think it is an MS update because rolling back to Sophos 7 cures the problem. No freezes so far but it's too soon to be sure. Alternatively, you can run the following REMSAV utility on a client machine to fully uninstall Sophos, then re-install from a v7 CID. this contact form No issues there.
Do you use a company wide WSUS solution and have you recently installed the update: KB971513, something to do with adding some support feature for Windows 7 to XP. also if you using the sophos server you might want to think about if maybe a fault of the server itself. So far only XP has been affected, Vista, Server 2003 and Windows 7 have no issues. New Process ID: allows you to link this event to other events such as object accesses.
Good job. Logon ID can be used to find related object accessand other events that have the same Logon ID including the event 528 and 540 logon events. This looks quite bad from a Sophos front, they have released a new package without testing it properly, surely not? Wednesday, November 04, 2009 11:53 PM 0 Sign in to vote I had a long hard think about this last night, woke up about 4am after having a bizarre dream where i was
This annoys me very much, as most of you say my confidence now in Sophos is broken and i will be looking for a different provider next year, unfortunately I've only just renewed. Nothing like costing an employee a full days worth of work. Since the only way to bring them back was the power button, I had several that had many lost file chains on the disk as a result of several power downs. Tuesday, November 03, 2009 9:17 PM 0 Sign in to vote I just wanted to reply to notesguru99.
Open the registry editor (Start | Run | Type: regedit.exe | Press return) Expand the left hand tree to the following key: XP or 2003 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVOnAccessControl Vista+ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVOnAccess Right click on Thursday, November 05, 2009 9:46 AM 0 Sign in to vote Hi Optiplan, I think the downgrade using the Server console was the correct answer (as opposed to downgrading from a network Event 560 is logged for all Windows objects where auditing is enabled except for Active Directory objects. Thursday, October 29, 2009 11:35 AM 0 Sign in to vote Hi, Same problem here, but also getting other event ID's...566, 85.
Keeping an eye on these servers is a tedious, time-consuming process. Thursday, November 05, 2009 10:14 AM 0 Sign in to vote Hi, I'm sorry to hear that you have all been suffering with this issue in SAV9, the issue is being