Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 8955 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Message Relay function

Azwan

Hi All,

As per subject above appreciate if someone can guide or explanation regarding message relay e.g message relay frequent udate or how it relay endpoint message once receive. 

Reason is customer informed that  console status didn't tally/reported back to console, example trying to performed device exemption on console once user plugin USB device and blocked however consolde didn't receive the message .

Restarting services below are also didn't have any effect when try to exempt device as mention above. Thanks

-----------------------------------------

Stop the "Agent" service
Stop the "Sophos Message Router" service

C:\ProgramData\Sophos\Remote Management System\3\Router\Envelopes
Delete all msg files present

C:\ProgramData\Sophos\Remote Management System\3\Router
Delete 'table_router.txt'

Start the "Agent" service
Start the "Sophos Message Router" service

---------------------------------------------------------

Console:

Windows Win2008

Sophos Enterprise Console v5

MSSQL 2008 R2

8192-8193,8194 open

Relay server:

Windows 2003

8192-8193,8194 open

:26995


This thread was automatically locked due to age.
Parents
  • 0

    Good. Before combing the logs I'd verify that an alert created on the client is passed to the console in a timely manner and that a request similarly travels in the opposite direction. My favourite - assuming the clients complies with the AV policy - is turning on-access scanning off using the local GUI. This should be reflected in the console shortly after. If not, there's a delay in the upstream communication. Once you see Differs from policy request compliance with AV policy - shouldn't take too long until the effect is seen on the client and within a short time in the console (the interval depends on the traffic but should usually be less than a minute). If this doesn't work as described - at which point does it fail (e.g. a few minutes after requesting policy compliance the client still hasn't on-access turned on)?

    Christian

    :27011
Reply
  • 0

    Good. Before combing the logs I'd verify that an alert created on the client is passed to the console in a timely manner and that a request similarly travels in the opposite direction. My favourite - assuming the clients complies with the AV policy - is turning on-access scanning off using the local GUI. This should be reflected in the console shortly after. If not, there's a delay in the upstream communication. Once you see Differs from policy request compliance with AV policy - shouldn't take too long until the effect is seen on the client and within a short time in the console (the interval depends on the traffic but should usually be less than a minute). If this doesn't work as described - at which point does it fail (e.g. a few minutes after requesting policy compliance the client still hasn't on-access turned on)?

    Christian

    :27011
Children
No Data