Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1926 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Synchronization and correct identification of clients without Sophos

milank

What checks does 'Sophos Synchronization' go through in determining that a client does not have Sophos installed before pushing out the installation? The reason I ask is: We have some systems that do not have any EXEs or DLLs associated with Sophos, but have Sophos directories. Not sure how they got into that state in the first place.

Those systems have Sophos Agent service in 'Running' state, and 'Sophos Anti-Virus' , 'Sophos Status Report' services in stopped state. Trying to run the later two services error out (as expected) with following message:

Could not start the Sophos Anti-Virus service on Local Computer. Error 2: The system cannot find the file specified"

Because these systems do not have a complete and working installation of Sophos, these should be correctly identified by the Synchronization or whatever process that checks the installation status. Because of the lack of accurate information resulting from these limitations, we are incorrectly interpreting systems that have Sophos services disabled due to users' action. 

Can someone shed some light into this? Thanks. 

:13933


This thread was automatically locked due to age.
Parents
  • 0

    There is no single indication of "problem clients" (yet) but it's not too hard to identify them:

    First - if a client doesn't appear as managed (i.e. it is greyed out) and there is no protection error indicator then likely it was "known" in the past. wasn't managed at this time and automatic protection hasn't be attempted (again). In this case attempt to manually Protect computers.

    Managed computers should appear as connected (i.e. without the red x) when they are turned on. SEC has no way to check whether a computer is turned on or not. In addition it doesn't indicate Whether a client's RMS  has attempted to communicate but has failed to log on or just hasn't contacted the server at all. As sometimes a client can appear as connected but no longer "talks" to the server it's a good idea to check the Last message received column (can be sorted) in the Computer Details tab. 

    Additionally SEC offers several filters to list clients with potential problems.

    HTH for a start. Feel free to ask if something is not clear

    Christian

    :14249
Reply
  • 0

    There is no single indication of "problem clients" (yet) but it's not too hard to identify them:

    First - if a client doesn't appear as managed (i.e. it is greyed out) and there is no protection error indicator then likely it was "known" in the past. wasn't managed at this time and automatic protection hasn't be attempted (again). In this case attempt to manually Protect computers.

    Managed computers should appear as connected (i.e. without the red x) when they are turned on. SEC has no way to check whether a computer is turned on or not. In addition it doesn't indicate Whether a client's RMS  has attempted to communicate but has failed to log on or just hasn't contacted the server at all. As sometimes a client can appear as connected but no longer "talks" to the server it's a good idea to check the Last message received column (can be sorted) in the Computer Details tab. 

    Additionally SEC offers several filters to list clients with potential problems.

    HTH for a start. Feel free to ask if something is not clear

    Christian

    :14249
Children
No Data
Cookie Information Banner