John_g Posted April 7, 2011 Share Posted April 7, 2011 Hi everyone, I need some time to figure out, why me Sophos Endpoint Security and Control version 9.5 failed to start after some time with an error which does not give really a hint to the problem. ------------------------------------------------------- Involved software Operating System: Windows 7 Enterprise 64Bit Sophos Endpoint Security and Control version 9.5 CCleaner v3.05.1409 ------------------------------------------------------- Searching the registry for errors, CCleaner lists the following RegKey: ActiveX/COM Fehler LocalServer32\C:\PROGRA~1\Sophos\SOPHOS~1\SAVSER~1.EXE HKCR\CLSID\{D2B7A809-15DC-40B4-A1E1-C61EA97191DB} Removing that key leads to the problem, that Sophos Endpoint Security and Control version 9.5 cannot be started again. The error message is (in German): ------------------------------------------------------- Sie sind kein Mitglied einer Sophos-Gruppe. Um diese Anwendung starten zu k?nnen, m?ssen Sie ein Mitglied der Gruppe SophosAdministrator, SophosPowerUser oder SophosUser sein. Wenden Sie sich an den Administrator. ------------------------------------------------------- The error mesage is definitely wrong, because the user is still a member of the group SophosAdministrator as it is done from Sophos Setup. Never the less looking into the Eventviewer from windows I finally found a hint to the problem (in German): ------------------------------------------------------- Durch die Berechtigungseinstellungen (Computerstandard) wird der SID (S-1-5-19) f?r Benutzer NT-AUTORIT?T\LOKALER DIENST von Adresse LocalHost (unter Verwendung von LRPC) keine Berechtigung zum Aktivierung (Lokal) f?r die COM-Serveranwendung mit CLSID {D2B7A809-15DC-40B4-A1E1-C61EA97191DB} und APPID Nicht verf?gbar gew?hrt. Die Sicherheitsberechtigung kann mit dem Verwaltungsprogramm f?r Komponentendienste ge?ndert werden. ------------------------------------------------------- This error occurs every minute and points to the RegKey {D2B7A809-15DC-40B4-A1E1-C61EA97191DB} which is part of Sophos. To get Sophos running again I had to uninstall it from the system, make a restart and after that a new installation. Simply running the Installer over an existing installation did _not_ fix the problem for me! Solution: A temporary work around is to make an exception for this key in CCleaner, so that it is not removed. A better solution would be to fix that in next version of CCleaner. Hopefully this is helpful for other users, too. Kind regards John Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted April 7, 2011 Moderators Share Posted April 7, 2011 Thanks John for the detailed report. The devs read all posts so your post will help them. Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
Guest MrT Posted April 7, 2011 Share Posted April 7, 2011 Thanks, we'll look into this. Link to comment Share on other sites More sharing options...
Alan_B Posted April 22, 2011 Share Posted April 22, 2011 Hi everyone, I need some time to figure out, why me Sophos Endpoint Security and Control version 9.5 failed to start after some time with an error which does not give really a hint to the problem. To get Sophos running again I had to uninstall it from the system, make a restart Hopefully this is helpful for other users, too. Kind regards John I accept that CCleaner has been involved in the problem, and it may be quickly fixed by user convenience, BUT I think it would be far more useful to Sophos users if you notified Sophos and any User Forums of this gross lapse in Sophos security protection. I think it is ludicrous of Sophos to have their customer's protection depend upon a registry key which they fail to protect. If CCleaner can in ignorance remove or damage that key using normal user privilege, then any malware that gets on the P.C. will eliminate the opposition without breaking sweat. I have till now had great respect for Sophos, but this seems to indicate that their security depends upon obscurity, which is bad when the enemy knows the system. I believe this problem is not unique to CCleaner, there are various Antivirus products that deliberately conceal their need of vital keys and files, so that malware will not recognise and strike them down, but it allows CCleaner and related products to innocently remove them as junk. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now