Sophos Intercept X Install or Update ends with HTTP Error 403 (May 6, 2022)

Stop - Pixabay[German]Brief information for administrators of a Sophos Intercept X endpoint solution. The vendor seems to be informing its customers about a serious problem. After a fresh installation of Sophos Intercept X Endpoint for Windows or an update, sus.sophosupd.com is no longer accessible, but reports an HTTP Error 403. In the meantime, Sophos has published a corresponding advisory (KB-000043980 dated May 6, 2022) about this problem. Here is some information about this issue.


Advertising

Sophos Intercept X Endpoint

Sophos Intercept X Endpoint  is a complete endpoint protection solution. According to the specifications, the product offers Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), an anti-ransomware feature and more. The product is expected to be used in corporate environments to secure endpoints.

Install/Update ends with HTTP Error 403

German blog reader Stefan V. just informed me via Facebook about an issues with Sophos Intercept X Endpoint (thanks for the hint) and wrote:

Hello, just received from Sophos via sms. Intercept X commits suicide

Nice paraphrase of the issue. Sophos has published an ADVISORY: New installations fail with HTTP Error 403 from https://sus.sophosupd.com/ (KB-000043980) with the following error description:

Issue

New Installation and/or Device updates fail with HTTP Error 403 from *ttps://sus.sophosupd.com/
This error is seen in C:\ProgramData\Sophos\AutoUpdate\SophosUpdate.log

022-05-04T07:10:28.803Z [10656: 9772] I 403 from https://sus.sophosupd.com/v3/9745d246-c789-44c8-8d39-24555b7d9703/151c12e7-04d6-490b-ba82-a19425c990be with proxy: <direct; no proxy>
112022-05-04T07:10:28.804Z [10656: 9772] W Error refreshing service config: will sync using stale SUS config: No reachable update service locations 
122022-05-04T07:10:28.810Z [10656: 9772] E No reachable update service locations

And C:\ProgramData\Sophos\CloudInstaller\CloudInstaller.log

2022-05-01T23:19:59.5312323Z INFO : 403 from https://sus.sophosupd.com/v3/d1cb1aee-737a-4892-a1f2-30812118b04a/cfb2de67-b963-459c-985e-a75bedf4ecb0 with proxy: <direct; no proxy> 
112022-05-01T23:19:59.5312323Z ERROR : Error: No reachable update service locations 
122022-05-01T23:19:59.5312323Z ERROR : DownloadCommand::onRun() failed with std::exception: SDDS3 sync failed

The bug affects Sophos Intercept X Endpoint for Windows, which occurs due to issues with the endpoint record in Sophos Central. Customers experiencing the issue during an installation can work around it by renaming the hostname of the device and retrying the installation. This will create a new endpoint record in Sophos Central.

Customers experiencing this error during updates can currently only fix the problem by reinstalling the product with a new hostname, Sophos wrote in its notice. It is only product updates that fail. Supplemental updates continue to work as intended, so protection is not currently affected.


Advertising


Cookies helps to fund this blog: Cookie settings
Advertising


##1

This entry was posted in issue, Security, Software, Update and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *