Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 4130 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Device control policy problem

prosys

Hi All,

The device control section is not functioning or being recognized. I am running SEC 4.5 and AV 9.5. I have created numerous policies to test and none are working. The SEC is installed on Windows Server 2003 R2 x64 with SP2 and the clients are installed on Windows XP SP3. Any info on this would be appreciated. Thanks

:4015


This thread was automatically locked due to age.
  • 0

    Hello prosys,

    is this a fresh installation of 9.5 or an upgrade?

    Is the Device Control section present in the client's GUI and what does SEC say when you view the Device Control tab (the Device Control Scanning column shouldn't be blank to begin with)?

    Christian

    :4020
  • 0

    I upgraded from 7.6 over the network. The device control section is not present in the clients GUI. It has Anti Virus and HIPS, Tamper Protection and Updating sections.  The Computer Name column and Group colum are the only fields that are populated.  There is no information in Device Control Scanning, Device Control Policy or Device Control Event Count. I should also mention that I have Device control scanning enabled in the policy.

    Thanks

    :4021
  • 0

    Silly question - did the clients reboot?

    Check the following locations: C:\Documents and Settings\All Users\Application Data\Sophos\Remote Management System\3\Agent\AdapterStorage\SAV - there should be a file named  DEVCAdapterConfig and under C:\Documents and Settings\All Users\Application Data\Sophos you should see a folder named Sophos Device Control.

    If they aren't try to reprotect one of the clients.

    Christian

    :4022
  • 0

    Hi Christian

    The client was rebooted and I installed the client twice. There is no file named DEVAdapterConfig in the specified folder or any folder called Sophos Device Control.

    I will completely remove Sophos from the machine, do a fresh install and report back.

    Thanks,

    :4023
  • 0

    I removed all sophos components in Add/Remove programs and deleted sophos registry entries on the client computer. I restarted the computer and protected it again. Restarted and still the same problem. Again there is no file named DEVAdapterConfig and no folder called Sophos Device Control. There is also no Device Control section in the GUI on the computer.

    I then removed Sophos from the computer and deleted registry entries again and restarted the computer. I added a new software subscription in the update manager and configured it to Sophos Anti-Virus 9.5 VDL4.55G on the SEC. In the distripution section I selected the correct update share and downloaded the latest updates for the update manager. In the updating policy for the endpoints I made sure the primary server address was correct and that the correct subscription was selected. I then checked that the correct updating poloicy was selected for the computer group and protected the computer again.

    Then after a restart of the protected computer there is still no change. There is no file named DEVAdapterConfig and no folder called Sophos Device Control. There is also no Device Control section in the GUI on the computer. I the SEC there is nothing listed under Data Control Scanning, Data Control Policy and Data Control Event Count

    :4043
  • 0

    Weeellll, whatever is causing it to fail is obviously persistent. Guess you should engage support.

    I have seen (and still see) similar problems on 9.0 - computers "forgetting" about DatC or DevC or RMS seemingly not aware of them. While the mentioned folders and files exist (indicating that the component has been active at some time) the corresponding adapter file is not updated and the policy has no effect (I've written about it already). As the problem either rectifies itself or goes away after reprotect it might or might not be the same issue. I have sent one or two SDU logs to support but the case has never been resolved.

    Are others experiencing similar problems?

    Christian

    :4045
  • 0

    Thanks for your response.

    I have only rolled it out onto three computers so far and all three are experiencing the same problem.

    :4047
  • 0

    Don't mention it!

    Three is not many, but as they have been upgraded it doesn't look like a "flawed" OS installation, something I've encountered recently - AutoUpdate refused to work after the first run, i.e. it installed correctly, installed the other components and then couldn't be talked into doing it's work again. 5 or 6 machines, all new, showed the same problem. The OS install had been "performed" (correctly of course) by the same person so I suggested that they should do a clean OS install on one of the machines. Surprise, surprise - no problem with Sophos then.

    Thanks, and please keep us informed.   

    Christian

    :4048