Guest User!

You are not Sophos Staff.

Thread Info
  • Locked Locked
  • Replies 296 replies
  • Subscribers 48 subscribers
  • Views 727749 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issue: Sophos Central Admin – US-West region - Delays with the enforcement of Central policies on managed endpoints.

Bianson

**Update 9** Root cause analysis KBA has been published: see knowledge base article for the latest.

**Update 8** As part of a routine database maintenance task customers may notice a few intermittent install and policy rendering failures. Please retry before contacting support. 7/17/2017 8:00 AM PST

**UPDATE 7** Some customers may notice a few intermittent install failures, please retry before contacting Sophos Support. 7/14/2017 2:00 PM PST

**UPDATE 6** Installations are being processed normally, service is restored. Please re-download installer from Central. 7/14/2017 9:00 AM PST

**UPDATE 5** Installations are now working as of July 13, 2017 19:00 UTC-5. See knowledge base article for the latest.

**UPDATE 4** New installs likely to still fail. http://centralstatus.sophos.com/#!/ has latest update. 

**UPDATE 3** System is now processing backlogs. Please see last updates here.

**UPDATE 2** Issue is ongoing, apologies. Impacts all areas within Central that rely on MCS communication between client and Central. 7/13/2017 8:00 AM PST

**UPDATE** Development has identified root cause and is working on a fix. 

Hello,

We are seeing delays with policy changes and enforcement in Sophos Central (US-West region) as well as installation failures due to inability of new endpoint installations to initially register. Our engineers are working to restore latency. Please note your endpoints remain protected. Updates will be provided on this thread.

KBA: https://community.sophos.com/kb/en-us/126477

Thank you,

Bob



This thread was automatically locked due to age.
Parents

  • I am getting the spinning wheel of death again on Central - are they overloaded again?

  • in reply to K_M

    I'd wager so.

    Like clock work, It's about 1:30pm US EST right now, and I can't register a device with CWG again...

     

    Edit: there it goes.

  • in reply to K_M

    Just had a 24 hour delay for a policy pushing to an end point. Applied it yesterday, it kicked in just now.

  • in reply to Christopher Curwood

     It should not take that long. If this happens again or is repeatable, please raise a case with the Sophos Support team right away. They will want to dig into this

  • in reply to Sure Win

    Hi Win,

    I received an email from Michael Anderson yesterday wherein he indicated they're still not certain the database and performance issues are resolved. Since another subsequent encryption policy push took 30 minutes (and earlier this year used to be within minutes) I don't see the point in opening a ticket.

  • in reply to Christopher Curwood

    Is anyone else getting new alerts over the past 7 days about "One or More Services are missing"? A tech that I've been working with said it appears to be a communication failure with the console but that Sophos isn't reporting anything. This is an active issue and I'm still having this happening daily.

    I have services (web intelligence, hitman pro, antivirus, etc) that will just be gone. The tech said that the client will call out to the console to check for any updates. That is successful and the console is replying back with the command to delete the old version of the services but then the download of the new version fails. Leaving me with multiple computers with missing services.

    This fix I was given is found at http://sophos.com/kb/121905. Other steps I've been doing that have worked if all else fails:

    1. Rename c:\windows\system32\drivers\hmpalert.sys to hmpalert.sys_OLD (If not there, continue on through the steps and it will be created. Or copy over file from this root folder.)
    2. Open a command prompt (ran as administrator)
    3. Enter cd " C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\hmpa64\"
    4. Enter hmpalert.exe /install /mode=sophos
    5. Force a manual update and check if Hitman.pro alert gets installed (You can do this by double-clicking the Sophos System Tray icon, Click About, Click 'Update Now').

  • in reply to Trevor Karppi

    Yes, I've also seen this but haven't had the time to investigate.

    Mine are all remote users and I've lost confidence in the portal providing accurate status of endpoints with all of the delays.

  • in reply to Trevor Karppi

    Yes we see this a lot too. It's happening frequently and we do not have time to investigate either. I am with Mike on this, I am not confident that this isn't related to their over-provisioning and performance issues.

  • in reply to Sure Win

    Hi Sure Win,

    I made a new policy on Friday with an exception due to false positive and applied to 1 machine. Today the machine is still blocking the false positive. Ticket 7548229 if you want to take a look and ensure your support team doesn't give me a slow, run-around experience.

  • in reply to Christopher Curwood

    Thanks  I'll take a look at case number 7548229 

  • in reply to Christopher Curwood

    Hi Christopher.  We also had a policy update problem last week.  We created a new policy on 8-25, but it did not begin working until 9-1.  Support was able to offer no explanation.  My theory is that their system is still very unstable and horribly overloaded.

  • in reply to Sure Win

    So in this case the policy was pushing but Sophos' intercept X product has a bug where you cannot make an exception. Sophos Intercept X incorrectly identifies Microsoft PowerQuery in Excel 2013 as an exploit. I created a new policy and added an exception for this exploit, but with the way they designed Intercept  it keeps getting blocked even with an exception (something about every 'event' of the exploit being blocked generating a unique identifier thereby making exclusions impossible).

    The issue with encryption policies not applying in a reasonable timeframe is still present however, as we are currently at the 30 minute mark from me adding a computer to an encryption policy and it not taking effect despite the client reporting a recent update timestamp in Central. I'm capturing everything with screenshots and will open a ticket.

Reply
  • in reply to Sure Win

    So in this case the policy was pushing but Sophos' intercept X product has a bug where you cannot make an exception. Sophos Intercept X incorrectly identifies Microsoft PowerQuery in Excel 2013 as an exploit. I created a new policy and added an exception for this exploit, but with the way they designed Intercept  it keeps getting blocked even with an exception (something about every 'event' of the exploit being blocked generating a unique identifier thereby making exclusions impossible).

    The issue with encryption policies not applying in a reasonable timeframe is still present however, as we are currently at the 30 minute mark from me adding a computer to an encryption policy and it not taking effect despite the client reporting a recent update timestamp in Central. I'm capturing everything with screenshots and will open a ticket.

Children
No Data
Unfiltered HTML
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?