Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1924 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Synchronization and correct identification of clients without Sophos

milank

What checks does 'Sophos Synchronization' go through in determining that a client does not have Sophos installed before pushing out the installation? The reason I ask is: We have some systems that do not have any EXEs or DLLs associated with Sophos, but have Sophos directories. Not sure how they got into that state in the first place.

Those systems have Sophos Agent service in 'Running' state, and 'Sophos Anti-Virus' , 'Sophos Status Report' services in stopped state. Trying to run the later two services error out (as expected) with following message:

Could not start the Sophos Anti-Virus service on Local Computer. Error 2: The system cannot find the file specified"

Because these systems do not have a complete and working installation of Sophos, these should be correctly identified by the Synchronization or whatever process that checks the installation status. Because of the lack of accurate information resulting from these limitations, we are incorrectly interpreting systems that have Sophos services disabled due to users' action. 

Can someone shed some light into this? Thanks. 

:13933


This thread was automatically locked due to age.
Parents
  • 0

    ok. It helped to know that Synchronization does not attempt to push the installation more than once.

    In that case, what is Sophos' recommended method  to identify, and deal with systems that have corrupted or non-functioning installation? Is there a detection mechanism that distinguishes what systems have Sophos installed and are operational vs what don't, other than the 'policy compliance' and 'Update details' that are specific to signature update and policy compliance progress status? Thanks.

    :14217
Reply
  • 0

    ok. It helped to know that Synchronization does not attempt to push the installation more than once.

    In that case, what is Sophos' recommended method  to identify, and deal with systems that have corrupted or non-functioning installation? Is there a detection mechanism that distinguishes what systems have Sophos installed and are operational vs what don't, other than the 'policy compliance' and 'Update details' that are specific to signature update and policy compliance progress status? Thanks.

    :14217
Children
No Data