SteadyState 2.5 XP and Sophos Updates RRS feed

  • Question

  • Hello,

    I just recently started playing with SteadyState and it appears to be a great tool I can use to lock down my wireless laptop labs locally. Only a couple problems stopping me from deploying this.

    1.) How can I still have Sophos run its automatic updates on an account that is pretty much completely restricted from accessing anything except for RDP.

    2.) How can I have it still receive updates through WSUS on a locked down account.

    If anyone can shed some light on these two questions I will be forever in your debt ;)


    Friday, March 20, 2009 5:05 PM


All replies


    Hi abzinthe, I'd like to inform you that Sophos antivirus is not officially supported by Windows SteadyState currently. However, you can check the following thread and check if that helps:


    Sophos (AV) and Windows Steady State


    Also, you can refer to the following thread regarding script if you want to write your own script for other antivirus program:


    Script with schedule update at certain time and disk protection on and set to remove changes


    For WSUS issue, you can check the following thread for solution:


    Steady State 2.5 and WSUS


    Hope this helps!

    Sean Zhu - MSFT
    • Marked as answer by Sean Zhu -Moderator Wednesday, March 25, 2009 1:17 AM
    • Unmarked as answer by abzinthe Tuesday, March 31, 2009 1:03 PM
    • Marked as answer by abzinthe Wednesday, April 15, 2009 6:46 PM
    Monday, March 23, 2009 5:57 AM
  • (Credit to Adamzman :


    Edit C:\Program Files\Windows SteadyState\XML\SoftwareUpdates.XML in Notepad and add:

        name="Sophos AutoUpdate"
        detectionName="Installation Path"
        category="Anti-Virus"  />

        id="Panda Security"
        name="Panda Security"
        detectionPath="SOFTWARE\Panda Software\Panda Administrator 3.0\PLAgent"
        category="Anti-Virus"  />


    Then in C:\Program Files\Windows SteadyState\Scripts make a new file in Notepad, saved as SophosVirusUpdate.vbs, and paste in the following:

    ' ***
    ' *** ------------------------------------------------------------------------------
    ' *** Filename:  SophosVirusUpdate.vbs
    ' *** ------------------------------------------------------------------------------
    ' *** Description: Forefront Client Security Signature Update
    ' *** ------------------------------------------------------------------------------
    ' *** Version:  1.0
    ' *** Notes:  Used by Windows Disk Protection
    ' *** ------------------------------------------------------------------------------
    ' *** Script by Adam HSSD SoJ 01/07/2008
    ' *** ------------------------------------------------------------------------------
    ' ***

    ' ~~~
    ' ~~~ Force variables to be declared
    ' ~~~
    Option Explicit

    ' ~~~
    ' ~~~ Turn on error handling
    ' ~~~
    On Error Resume Next

    ' ~~~
    ' ~~~ Declare variables and constants
    ' ~~~
    Dim sSophosPath, oShell
    Dim nRet

    ' ~~~ Create objects
    Set oShell = CreateObject("WScript.Shell")

    ' ~~~ Set application path
    sSophosPath = oShell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate\Installation Path")

    ' ~~~ Download Virus Signature
    nRet = oShell.Run("""" & sSophosPath & "ALUpdate.exe""", 0, True)

    • Proposed as answer by Darkness2k Wednesday, March 25, 2009 12:44 PM
    • Marked as answer by abzinthe Wednesday, March 25, 2009 2:25 PM
    • Unmarked as answer by abzinthe Tuesday, March 31, 2009 1:03 PM
    • Unproposed as answer by abzinthe Thursday, April 9, 2009 2:42 PM
    Wednesday, March 25, 2009 12:43 PM
  • I will give it a shot thanks a bunch!!

    Wednesday, March 25, 2009 2:25 PM
  • So I worked through the instructions but I cannot seem to verify that the update is going through. I manually forced an update through Sophos Enterprise console but it isn't showing in the console that it is up-to-date. So I tried to re-install Sophos through the console (While logged into the restricted account) and got the following error:

    "The installation did not start.  The computer may have been shutdown,renamed, or disconnected, or a required service may not be running."

    Also it automatically created a Sophos user account called Sophos%ComputerName%  and I verified that this is the account used for the download of Sophos Updates. However you cannot modifiy anything on this account.

    I have another error in my logs saying "There was a problem while establishing a connection with the server. Details: LogonUser (Sophos%ComputerName%) Failed a Windows API call returned error: 1326

    No luck so far :(

    Friday, March 27, 2009 3:28 PM
  • This issue has not been resolved. Very annoying and frustrating when I take my time to post and check up on it everyday only to find no answers. I tested out this so called solution and replied back that it didn't work yet it's still marked as the answer? There are other posts concerning this issue which were left at the same point as mine, Person tried the suggestion it didn't work so he posted back looking for more input and got nothing. /rantoff

    Tuesday, March 31, 2009 1:02 PM
  • Bump for any new information about this.

    I contacted Sophos and the said they will gather some information on the topic and let me know. I will share that information with everyone else when I get it.


    Thursday, April 9, 2009 2:42 PM
  • Hi,

    I'm not sure why Sophos is trying to use this alternate user account.  Regardless of what its purpose, anything Sophos does using this account won't be saved unless Windows Disk Protection is set to save changes permanently or save changes until a specific date.

    SteadyState runs all updates from the SteadyState service, so they run under the system account.  When SteadyState enters update mode, it sets Windows Disk Protection to commit mode so that the updates will be saved permanently.  Because it's in commit mode, it disables all user accounts to prevent unintended changes from being committed along with the updates.
    Rob Elmer
    Development Lead
    Windows SteadyState
    Saturday, April 11, 2009 3:32 AM
  • Thanks for the info Rob that certainly will help me figure this out. I did get a reply back from Sophos but it was the same information that I had gotten off of these forums. I will continue plugging away trying different things in my spare time.

    Monday, April 13, 2009 5:30 PM
  • So I think I finally got this working!!!

    I completely uninstalled Sophos and Steadystate then I reinstalled Steadystate put the vb script and XML file I got from a Sophos techie in there appropriate places. Then I re-installed Sophos and verified through the Enterprise Console that it successfully updated! I have some other testing scenerios to run through but I think I am all set.

    Thanks to EVERYONE who responded it definitely helped.

    Wednesday, April 15, 2009 4:06 PM