Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 6 subscribers
  • Views 4891 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Check Point Endpoint Security On Demand

cursedmagician

I occassionally connect to a client site when at home and generally prefer to use my Mac, however they have installed Check Point Endpoint Security On Demand which happily recognizes that SOPHOS is installed on my Mac but proceeds to report "Portal administrator requires you to have Sophos Anti-Virus for Mac OS X running and updated within the last 2 weeks. sophos: DAT file is too old.". I've run "Update Now" from the menu which indicated the Antivirus is up to date and also run a Full Scan of my local drives none of which has helped. Does anyone else have any experience with this software and correcting this issue?

:1000917


This thread was automatically locked due to age.
Parents
  • 0

    Hello cursedmagician,

    usual questions first: Did you successfully connect to the site using your Mac when they had Check Point already running and did you have an AV then? Or did CP permit access when you had no AV (which I doubt) but now it complains?

    Obviously it correctly detects Sophos but then it seems to have troubles when trying to determine if it is current. Sophos for Mac uses two .dat files located in /Library/Sophos Anti-Virus/VDL: vdl.dat, which is updated monthly, contains among other things an index for the definitions database files (.vdb) and  svext.dat.  If I'm correct, the latter's timestamp is the time of the last update whereas vdl.dat has the date it was issued.    

    So I'd check the dates - I assume that svext.dat is fairly recent and this shouldn't be the one CP complains about. vdl.dat dates Oct 21st and is therefore older than 2 weeks. Now - I'd just try to change the date forward (if it needs to be the created date you'll have to find an appropriate utility, touch won't do it) to see what CP thinks then. This won't break Sophos so it's worth a try. If CP accepts it this way the "2 weeks" rule is nonsensical because this file will be older than 2 weeks half of the time.

    Christian   

    :1000965
Reply
  • 0

    Hello cursedmagician,

    usual questions first: Did you successfully connect to the site using your Mac when they had Check Point already running and did you have an AV then? Or did CP permit access when you had no AV (which I doubt) but now it complains?

    Obviously it correctly detects Sophos but then it seems to have troubles when trying to determine if it is current. Sophos for Mac uses two .dat files located in /Library/Sophos Anti-Virus/VDL: vdl.dat, which is updated monthly, contains among other things an index for the definitions database files (.vdb) and  svext.dat.  If I'm correct, the latter's timestamp is the time of the last update whereas vdl.dat has the date it was issued.    

    So I'd check the dates - I assume that svext.dat is fairly recent and this shouldn't be the one CP complains about. vdl.dat dates Oct 21st and is therefore older than 2 weeks. Now - I'd just try to change the date forward (if it needs to be the created date you'll have to find an appropriate utility, touch won't do it) to see what CP thinks then. This won't break Sophos so it's worth a try. If CP accepts it this way the "2 weeks" rule is nonsensical because this file will be older than 2 weeks half of the time.

    Christian   

    :1000965
Children
No Data