Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 16074 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Device Control Not Working

Syrinx2112

The device control section is not functioning or being recognised. I am running SEC 4.5.1 and AV 9.5.

I had created several test policies but none are working so deleted them and now using default policy. The SEC is installed on Windows Server 2003 R2 with SP2 and the clients are installed on Windows XP SP3.

The Computer Name column and Group column are the only fields that are populated.  There is no information in Device Control Scanning, Device Control Policy or Device Control Event Count.

Any help with this would be appreciated.

Thank You.

David

:10433


This thread was automatically locked due to age.
Parents
  • 0

    Hello David,

    in the Sophos Anti-Virus Install Log_yymmdd_hhmmss.txt from %Windir%\TEMP (note that only the last four are kept so you'd have to reprotect a client to get the full log) there should be a line like: INSTALLDIR="C:\Program Files\Sophos\Sophos Anti-Virus\" ... DEVICECONTROL=1. Check if the Sophos Device Control Service is present on the client. There should also be a folder named C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Device Control - if it's not then search the install log for errors.

    In the agent log in C:\Documents and Settings\All Users\Application Data\Sophos\Remote Management System\3\Agent\Logs you'll see what SAV tells the agent (and eventually SEC)  on a line starting with [timestamp XXXX I] SAV state observer received a status:. The line should contain the string dev:deviceControlStatus.

    I have seen and still see cases where this is missing even though the service is running. Most of the time it works again after one of the next reboots (or after reprotecting the client). It is known for quite some time and I've already  reported it with previous versions (apparently the root cause has not yet been identified). Thanks for the case ID, I'll also contact support [Edit: submitted as #2721426] 

    Christian 

    :10451
Reply
  • 0

    Hello David,

    in the Sophos Anti-Virus Install Log_yymmdd_hhmmss.txt from %Windir%\TEMP (note that only the last four are kept so you'd have to reprotect a client to get the full log) there should be a line like: INSTALLDIR="C:\Program Files\Sophos\Sophos Anti-Virus\" ... DEVICECONTROL=1. Check if the Sophos Device Control Service is present on the client. There should also be a folder named C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Device Control - if it's not then search the install log for errors.

    In the agent log in C:\Documents and Settings\All Users\Application Data\Sophos\Remote Management System\3\Agent\Logs you'll see what SAV tells the agent (and eventually SEC)  on a line starting with [timestamp XXXX I] SAV state observer received a status:. The line should contain the string dev:deviceControlStatus.

    I have seen and still see cases where this is missing even though the service is running. Most of the time it works again after one of the next reboots (or after reprotecting the client). It is known for quite some time and I've already  reported it with previous versions (apparently the root cause has not yet been identified). Thanks for the case ID, I'll also contact support [Edit: submitted as #2721426] 

    Christian 

    :10451
Children
No Data