Sophos 7

(imported topic written by jcsUTSW)

Has anyone run across an analysis for Sophos 7?

I’ve been running verion 7 for months and in my BES Console it says either the service is not running or it’s not installed…

I’ve packaged Sophos and need to figure out if there is a client that is older than version 7…


(imported comment written by Leland_Jobe)

The current version of the BigFix Client Manager for Anti-Virus site has not been updated to “Officially” support version 7.x of the Sophos client. Official support will typically include the following:

  1. Aanalysis and reporting of key aspects of the client status, including Version, Status, Virus Update Status, etc.

  2. Reporting of these items in the Client Manager for A/V Dashboard.

  3. Additional fixlets for installing, updating the client and other components including dat files.

The current version of the Client Manager for A/V provides limited support for the Sophos 7.x components including the reporting capability (note caveats below) but does not provide support for updating virus definitions for Sophos 7.x.

For the 7.x clients the BigFix analysis titled, “Sophos Anti-Virus Client Information - 4.6x/6.x”, will report applicable and will report correctly the Client Version, Last Virus Definition Update Time, and Client Last Scan Time, however, the Client Current Status does not report correctly and may report “Not Running” when in fact the service is running correctly.

The Client Current Status property does not report correctly and should not be relied upon, details have been forwarded to the product team and updates will be posted as more details are confirmed. Note that this will also affect the client manager for anti-virus dashboard.

To determine the actual status of the Sophos client you may use the following relevance as a custom property within your BES environment:

if (operating system as string as lowercase starts with 
"win") then (

if  (exists key 
"HKLM\Software\Sophos\SAVService" of registry) then 

if (exists running service 
"SAVService") then 

"Not Running" 

"Not Installed") 

"Not Applicable"

Much thanks goes to Jason from UT Southwestern Medical Center in Dallas. He spent several hours with me on the phone to narrow down some strange behavior, to provide details to document the problem for our content folks, and in developing the work around. Thanks a bunch!


(imported comment written by PaulPhillabaum)

I have used this statement as a property to return the version of Sophos v7 running.

"DisplayVersion" of keys 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{034759DA-E21A-4795-BFB3-C66D17FAD183}" of registry

I haven’t found a relevance that will return the IDE/rollout info.