Wednesday, 12 August 2015

ZyXEL USG & Sophos EndPoint - FILE Invalid XML Version Action: Reject Both Severity: severe

I encountered frequent update failures with Sophos EndPoint recently which co-incided with the activation of Intrusion Detection and Prevention (IDP) service on my ZyXEL USG310 firewall.

Sophos EndPoint (version 10.3) displayed the following error on the PC (Windows 8.1):-

Updating failed Sophos Endpoint Security and Control has failed to download updates

Windows system tray Sophos Update Error notification
Sophos AutoUpdate log file displayed the following error:

 ERROR: Could not find a source for updated packages

Error found in Sophos AutoUpdate Log file

This particular PC had Sophos EndPoint configured to retrieve updates directly from the Sophos AutoUpdate servers on the web rather than from the local EndPoint update server. I immediately checked the EndPoint server is still picking up the updates to distribute to clients and it everything seemed normal so the issue appears to be on a client basis only.

I immediately checked the firewall logs as the activation of IDP on the ZyXEL USG310 was the last major change to the network.In the logs I found the following multiple errors that pointed to the destination address of the PC on the network and coincided with every update attempt ran in Sophos:-

Rule_id=1 SSI=N [type=Sig(1058608)] FILE Invalid XML Version Action: Reject Both Severity: severe

To resolve this issue, I looked to inactivate the particular IDP rule that appears to be blocking Sophos by going to the ZyXEL Configuration > UTM Profile > IDP menu and editing the active rule:-

I then hit Switch to Query View 

...and searched by Signature ID, referencing the ID (1058608) that was in the ZyXEL log entry

I then inactivated the entry in the query result, hit Save and OK and then reattempted an update in Sophos resulting in the usual updating status screen that completed successfully. 

The cause of this issue appears to be a conflict with the IDP rule in ZyXEL not liking one of the XML files required early in the Sophos EndPoint updates process - possibly an invalid file on the servers at Sophos? More details on the IDP error were provided on the ZyXEL box under Monitor > UTM Statistics > IDP on the link below:-


  1. I think when it comes to cyber-security, primarily if it is related to business documents or so, there must be really valuable electronic data room used. Data destruction could be very dangerous in the business world.

  2. I never thought that the game would fascinate me best game blackjack online this site is the best

  3. Casino Queen Hotel and Casino - MapyRO
    Find the 의왕 출장샵 nearest Casino 통영 출장마사지 Queen Hotel and Casino in Reno, Nevada. MapyRO 전주 출장마사지 users can 세종특별자치 출장샵 always make online driving directions via 광명 출장샵 the Google My Maps