Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1924 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Synchronization and correct identification of clients without Sophos

milank

What checks does 'Sophos Synchronization' go through in determining that a client does not have Sophos installed before pushing out the installation? The reason I ask is: We have some systems that do not have any EXEs or DLLs associated with Sophos, but have Sophos directories. Not sure how they got into that state in the first place.

Those systems have Sophos Agent service in 'Running' state, and 'Sophos Anti-Virus' , 'Sophos Status Report' services in stopped state. Trying to run the later two services error out (as expected) with following message:

Could not start the Sophos Anti-Virus service on Local Computer. Error 2: The system cannot find the file specified"

Because these systems do not have a complete and working installation of Sophos, these should be correctly identified by the Synchronization or whatever process that checks the installation status. Because of the lack of accurate information resulting from these limitations, we are incorrectly interpreting systems that have Sophos services disabled due to users' action. 

Can someone shed some light into this? Thanks. 

:13933


This thread was automatically locked due to age.
Parents
  • 0

    Hello milank ,

    do you mean Synchronize with AD and automatic protection?

    There's no magic and no sophisticated technology involved. If a client "appears" in a sync'ed OU and was previously unknown to SEC one (and only one) attempt is made to install the software. Unknown means that the client has never reported to SEC and no attempt has been made to protect it. That is - if you move a client to a sync'ed OU and installation fails and you then remove it, delete it from SEC and then move it back into the OU protection will not be re-attempted (as it is already in the database but with the deleted flag so you just didn't see it). What is on the client isn't checked though and does not matter. Thus installation will be attempted on a client with the standalone version or a managed version from a different management server running.

    HTH

    Christian   

    :13957
Reply
  • 0

    Hello milank ,

    do you mean Synchronize with AD and automatic protection?

    There's no magic and no sophisticated technology involved. If a client "appears" in a sync'ed OU and was previously unknown to SEC one (and only one) attempt is made to install the software. Unknown means that the client has never reported to SEC and no attempt has been made to protect it. That is - if you move a client to a sync'ed OU and installation fails and you then remove it, delete it from SEC and then move it back into the OU protection will not be re-attempted (as it is already in the database but with the deleted flag so you just didn't see it). What is on the client isn't checked though and does not matter. Thus installation will be attempted on a client with the standalone version or a managed version from a different management server running.

    HTH

    Christian   

    :13957
Children
No Data