Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +7 person also asked this people also asked this
  • Locked Locked
  • Replies 22 replies
  • Subscribers 16 subscribers
  • Views 80439 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Policy non-compliance: Automatic Updates

jend7

Just recently received this event message from 25+ computers across the company (all Macs using High Sierra 10.13 or Mojave 10.14). Seems to affect randomly. I couldn't find any related posts in the community. Any help would be appreciated. Thanks!



This thread was automatically locked due to age.
  • 0 in reply to Gowtham Mani

    Hello Gowtham,

    I created ticket 8427383 as requested. However, the ticketing system has a 30MB file size limit and the output file of the SDU is just under 70MB. Seems you have two teams that are not communicating very well... So now we wait for support to respond to give me FTP credentials.

     

    Update - Support responded quickly and the file has been uploaded.

  • 0 in reply to jend7

    Hi jend7,

    Can you please provide the ticket number?

    And, did you get a chance to provide the SDU logs? 

    Thank you! 

  • 0 in reply to Karl Julson

    Hi Karl,

    Thank you very much. We have alerted our highest level engineering team about a possible issue, and they will be reviewing the cases and the logs. 

    I will update this thread later on, or as new information becomes available. 

     

    Regards,

  • 0

    We are experiencing the same issue, 13+ clients started reporting these alerts since 10/19/18 --- "Policy non-compliance: Automatic Updates", wondering how should we address these. Don't want to just hit acknowledge and pretend nothing happened.

  • 0 in reply to RC Cola

    Hi RC Cola,

    We are still investigating. The best thing to do at this time, if possible, would be to raise a support ticket and include a copy of the SDU logs of one of the affected devices. 

    We will update this thread as soon as new info becomes available.

    Thanks for your understanding. 

  • +1

    Hi Everyone,

    We have an official announcement on the reported issue. 

    On October 21, 2018, we released a policy update for Macs, which updated the strength of the updating password encryption. This has resulted in some Macs reporting Policy Non-Compliance: Updating, as the systems took in the new encryption. The systems have moved over to the updated policy automatically, so this alert in central can be acknowledged. For more details please refer the below KBA.

    Central Dashboard shows Policy Non-Compliance: Updating for Macs

  • 0 in reply to Gowtham Mani

    Personally I see this whole "just Acknowledge the alert" stance as an issue with Sophos, and I've only been using Central for a few days.

     

    It's pretty much like seeing an SSL cert and training people to just click through the warning, or a system raising False Positive alerts and the Service Desk just ignoring the genuine alerts because they are noise.

     

    How do we ensure that we're not just blindly acknowledging these alerts Central? What tools do we have at our disposal that can check the Central policy Versus that of the local end-point.

     

    Otherwise these Sophos alerts will also be considered "noise".

     

    Anyone care to chip in?

  • 0 in reply to Gowtham Mani

    Gowtham - This is poor response on Sophos's part. Sophos botched a roll out. The answer is simple, fix it. It may have been meant to have this in place when the new encryption was available but that failed. Remove it until Sophos either learns how to have it in place without causing invalid alerts or until the new encryption is in place.

     

    Also, your date is incorrect. The first reported instance of this alert in my Sophos Central was Oct 20th at 4:33 PM CDT (GMT -5). The alert does not post until 2 hour after the non-compliance was detected, that puts us at 2:33 PM CDT. Germany is 7 hours ahead of CDT so that would make it Oct 20th at 9:33 PM at the latest, which is still not Oct 21st.

  • 0 in reply to Gowtham Mani

    Hello
    Sorry but it sounds strange to me, as it could be that it is due to a problem because of something that was done on the date 21-10, if I have alerts with previous dates.

    Attached image

    regards

     

  • 0 in reply to Gowtham Mani

    All,

    Apologies for any inconveniences. If this article does not cover your issue, the best thing would be to review the below articles as a starting point:

    A more generic but helpful article about Policy Compliance issues (and their triggers) 
    How to troubleshoot policy compliance issues 

    Also, consider if any network changes (or policy changes) took place during those times.   

    If the above listed does not apply to your situation,  please  file a case with support  and include the SDU logs so that further analysis can be performed. 
    You may also want to mention this post so that they know what was tried, and a screenshot with the dates of your alerts. 

    If you have an open ticket, please send me a direct message and I will bring it to the attention of the engineers that created the article for the alert.

    Thank you! 

Unfiltered HTML
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?