Friday, 19 November 2010

Sophos fire wall in SBE (Sophos Endpoint Security and Control)

I have had a problem in the in last few days where Sophos Client Firewall has stopped our Netscreen client VPN working on client PC’s running windows XP sp3.

We have contacted Sophos for support, as always deny any problem and have now sent some diagnostics to see where our software has gone wrong.

We have use Sophos SBE for nearly 3 years and as yet not had to many problems.

Does any one have any ideas why Sohos Client Firewall should suddenly stop VPN traffic on all our remote workers?
At the moment we don't have a lot of good things to say about Sophos UK Support.

Will keep you updated if we find a solution, we are looking a installing a different firewall to get us thru until Sophos sends a fix.

Well the response from Sophos has been poor, I get a feeling that they think their product would not cause any problems. Sophos fire wall installed Netscreen client VPN will not connect Sophos firewall unistalled it does. Currently using Zone alarm as a stop gap. Our remote workers are not remote workers without a secure VPN!

So why does Sophos firewall Kill Netscreen VPN?

Have decided to remove the Sophos Client Firewall (SCF)

Now unable to unistall the Client Firewall by add remove programs or msiexec.exe /qn+ /x {12C00299-B8B4-40D3-9663-66ABEA3198AB} /norestart
Sophos Support sent Script to remove Sophos products i.e. the SCF (Sophos Client Firewall)

Have now run the Sophos product removal tool to get rid of the fire wall (SCF) guess what I still have a broken firewall and antivirus. Autoupdate and Remote manager have gone.

So back to Sophos. I am not to sure what Sophos will do next, if their script can't do the job how can you get rid of Sophos. We have already rebuilt a couple of machines to get folks working.

Will be 7 days since the call was logged with Sophos Support.

Still have a Sophos Firewall (SCF) we can’t uninstall or remove Sophos have said that they are still working on the case.

I have now gone for the rebuild option to remove Sophos products.

We are still waiting for some help on the VPN issue. I have asked if the call has been escalated and how the escalation system works, no response to that question.

Has any body had a similar experience with Sophos support?

Our contract is due next year may be a time for a change.

Remote workers still not working remotely.

Well a week since a call was logged with  sophos, no solutions from Sophos. Still unable to force an uninstall of the Sophos Firewall. No feed back on teh VPN software issue.

I think the chap who is handling the call appearsto be none technical he seems unable to undertand basic IT. My current thoughts about Sophos UK support is very poor, Sophos have provided little feed back. I think Sophos Support are waiting for us to get fed up or fix the issue our selves.

My advice is if you want a supported Antivirus product don't get Sophos Firewall, as yet the support we have had has been very poor. I guess if we were a multi national with many desks the support from Sophos would have been better.

Well time to go no feed back today from Sophos Support, how hard can it be to provide advise on how to remove your own software.

2 Weeks since calling Sophos Support and I have resolved the issue my self

I think I have sorted the Sophos Vs Netscreen client VPN software problem.

Sophos Firewall creates some additional drivers when it detects the older version of Netscren VPN. These drivers can cause a blue screen (file reporting error SCFINT.SYS), if the XP machine blue screens go into Safe mode and stop the Sophos Fireall Services.

Restart normally.

Uninstall the Netscreen VPN client.

If you had to stop the Sophos Firewall services then restart them, and restart.

Hopefully will now restart.

To fix install the latest version of Netscreen Client VPN for your operating system.

Test to see if the VPN connection now works.

If all is well after a few Sophos updates you have fixed the issue.

As far as Sophos having a Sophos removal tool, it appears they don’t apart from add and remove programs.

I have been sent various things by email including and array of .reg files to remove reg keys.

I guess if you install Sophos software you are stuck with it until you rebuild.

Thursday, 4 November 2010

Microsoft POC Jumpstart!

I now have the  "Microsoft POC Jumpstart Kit" and am getting ready to start looking at windows 2008 and windows 7 deployment.

Have you tried to login to the POC server PoCserver Administrator account with the provided password and failed?

If you have a UK Keyboard replace the @ with”, and you should be able to login.

Provided *@*******
Use *”*******

I have installed Virtual PC 2007 sp1 on my windows XP pro desktop and the .VHD loaded fine.

I am now looking forward to getting a test environment setup to test some of the deployment options for windows 7 desktop.

There seems plenty of tools on the Microsoft site, some only for SA (Software Assurance) customers.

Tuesday, 2 November 2010

Looking in side ImageX and WIM files

Remember a .wim file can contain more than one image (not a traditional block by block image) the number refers to the image in the wim.

These are just a few examples

Imagex /mountrw (read and write)
Imagex /unmount

/dir View files and directories inside .wim
/info shows xml description for the .wim

View Image information
C:\test>imagex /info test.wim 1

ImageX Tool for Windows
Copyright (C) Microsoft Corp. All rights reserved.
WIM Information:

GUID: {6eb66319-64a2-4205-b6e8-93357963508c}

Image Count: 1

Compression: LZX

Part Number: 1/1

Boot Index: 1

Attributes: 0x8

Relative path junction

Available Image Choices:


More stuff

The number 1 specifies which image to look at.
Directory of all files and directories in selected WIM image
C:\test>imagex /dir test.wim 1

Returns a directory listing of all files.

Mount WIM file Image and view contents
C:\test>imagex /mountrw test.wim 1 c:\test\mount

ImageX Tool for Windows
Copyright (C) Microsoft Corp. All rights reserved.

Mounting (RW): [C:\test\test.wim, 1] ->


Successfully mounted image (RW).

C:\test>cd mount

Volume in drive C has no label.

Volume Serial Number is B0CB-1560

Directory of C:\test\mount

19/01/2008 12:05 0 File(s) 0 bytes

Program Files

19/01/2008 12:05
23/01/2008 19:04

5 Dir(s) 27,895,529,472 bytes free
Unmount .wim

C:\test>imagex /unmount c:\test\mount

ImageX Tool for Windows

Copyright (C) Microsoft Corp. All rights reserved.

Unmounting: [c:\test\mount]...

Successfully unmounted image.

Microsoft Technet for further information on .wim files