Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 4512 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

All Computers Always Out-Of-Date

J-Kelsey

Sophos Enterprise Console 4.5.1.0 with about 2700 clients.  All computers show as out of date, even though most of them updated about 3 hours ago.  When is a machine considered out of date?  Can that be set somewhere?

Thanks all.

:11611


This thread was automatically locked due to age.
  • 0

    Hi,

    The up to date state is quite complex.  Do the machines show as "not since" or "unknown" as there is quite a difference.

    This post and the other it references are worth a read:

    /search?q= 7481

    as they cover what is being compared to determine the up to date state.

    Regards,
    Jak

    :11615
  • 0

    Its always 'not since' and its usually within the last 3 hours.

    :11647
  • 0

    Adding this key resolved my issue.  I set the time to match my update interval.

    It's a DWORD called ‘‘‘‘UpToDateLatencyMins’’’’ in the registry entry

    [HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\EE\Management Tools]

    Thanks all!

    :11649
  • 0

    What's your updating interval? And does the not since ever disappear for the majority of your clients? Has it been like this since you installed SEC (when?) or did it recently start to behave like that?

    Christian

    :11651
  • 0

    Our interval is set to 12 hours.  After making the change and cycling the management service, the out-of-date count went from 1500 or so down to 27, which sounds more like it.  Its been 12 hours for quite some time, but my guess is that the server didnt get cycled until recently which then skewed all of the times.

    :11653
  • 0
    May I ask why it is set to 12 hours? The default value is 60 minutes - with the option to set it shorter. As IDEs are rolled out several times a day if necessary 12 hours is far from optimal. An idle check doesn't cost that much and a decent server should be able to handle 3000 clients checking every 15 minutes.
    Note that you can schedule the software updates (as opposed to threat detection) to off-peak hours.

    Christian
    :11659
  • 0

    We were seeing a huge performance hit with the shorter interval, espeically in our VMware View environment.  When the machines would do an update check, the systems would slow to a crawl, to the point where they weren't usable. 

    :11665
  • 0

    Hi J-Kelsey,

    I think you ought to raise a case with Support --there's hopefully a reasonable explanation for your performance problems, most likely something within your environment that is causing these performance spikes. We'd be more than happy to help you troubleshoot this. If you're using on-access HIPS scanning, you've probably got good defences on your machines, but as Christian says, ideally your clients should be downloading threat detection data updates hourly.

    To find out how to contact Support:

    http://www.sophos.com/support/queries/enterprise.html

    Many kind regards,

    Lil

    :11689
  • 0

    Does anyone know if there is a fix for the same problem with Sophos Enterprise Console 5.1?

    5.1 does not have the same registry values as the previous version. There is no "\\EE\\" section in the registry.

    ---Edited----

    My question has been answered HERE.

    Thanks QC!

    :25937
  • 0
    J-Kelsey wrote:

    Adding this key resolved my issue.  I set the time to match my update interval.

    It's a DWORD called ‘‘‘‘UpToDateLatencyMins’’’’ in the registry entry

    [HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\EE\Management Tools]

    Thanks all!

    Hello,

    I do not see the DWORD "UpToDateLatencyMins" in Enterprise Console 5.1? Do I need to add this value, or is the key called something else in the newer version?

    -Erich

    :25947