Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 1695 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC 4.5.1.0 - Blacklisting/Suppressing Error Codes

BrickMan

Is there any effective way of doing this ?

This old KB article from 2005 (http://www.sophos.com/support/knowledgebase/article/13872.html ) is exactly what I am trying to do - but it doesn't appear to work, or maybe that it no longer works in 4.5.1.0 and EndPoint 9.5 ???

I export my existing SAV config with ;

exportconfig -type sav -output savconf.xml

Then I proceed to edit the file with the appropriate blacklist entries and then move the savconf to the appropriate distribution folder and run ;

configcid \\<servername>\<our path>\sxxx\savscfxp

It says that it updated the entries for savconf.xml and there are no problems reported, it completes successfully.

Then if I export the config again, the entries are not in the newly exported .XML file which leads me to believe that the changes were actually never stored to begin with. The errors still show up in the console as well, and these are errors that are just 'noise' and we do not want to see.

Anyone ???

:22835


This thread was automatically locked due to age.
Parents
  • 0

    Hello BrickMan,

    Then if I export the config again, the entries are not in the newly exported .XML file

    When you export and modify a policy the change is not reflected in the database. For one thing, the CID (where you put the .xml) is not read back. And what should happen if you take one policy and create two different versions for two CIDs? I think - don't know for sure - you should see that the configuration has been processed on the client in machine.xml (in the \Sophos\Sophos Anti-Virus\config\ directory) under the tag <eeConsumer> .

    As the section you modify is not configurable by SEC you also have no "complies" indicator. OTOH if you make some modification under <onAccessScan> you will get a "differs from policy".

    As for the ErrorAlertFilters table, I'm trying to find out its status - as I mentioned long ago I'm quite sure I've seen it once in a knowledgebase article, it's still there and contains a few entries.

    Christian

    :22843
Reply
  • 0

    Hello BrickMan,

    Then if I export the config again, the entries are not in the newly exported .XML file

    When you export and modify a policy the change is not reflected in the database. For one thing, the CID (where you put the .xml) is not read back. And what should happen if you take one policy and create two different versions for two CIDs? I think - don't know for sure - you should see that the configuration has been processed on the client in machine.xml (in the \Sophos\Sophos Anti-Virus\config\ directory) under the tag <eeConsumer> .

    As the section you modify is not configurable by SEC you also have no "complies" indicator. OTOH if you make some modification under <onAccessScan> you will get a "differs from policy".

    As for the ErrorAlertFilters table, I'm trying to find out its status - as I mentioned long ago I'm quite sure I've seen it once in a knowledgebase article, it's still there and contains a few entries.

    Christian

    :22843
Children
No Data