Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 4979 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

All computers out of date on Enterprise Console 5.1

Norgenator

Hello,

Is there a place to adjust the latency when the computers display they are out of date on the Enterprise Console 5.1.0.1839?

This was fixed on a previous version of Enterprise Console (4.5.1.0). But the registry path \\EE\\ is not on 5.1.0.

I need the fix for the new version.. or maybe it is now a setting that I am missing. I have checked the forums and other tech sites for hours with no luck. Please help!

--

Below is the fix for the old version: 

Link to fix on previous version.

Fix for 4.5.1.0:

"It's a DWORD called ‘‘‘‘UpToDateLatencyMins’’’’ in the registry entry

[HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\EE\Management Tools]"

:25939


This thread was automatically locked due to age.
  • 0
    Hello Norgenator,

    can't check right now but I think it's still there - any chance you switched to a 64bit system on the server? Then you have to look on the \Software\SysWow6432 path (note that with 5.x Sophos is found under the 64 and 32 bit keys).

    Christian
    :25941
  • 0

    That's it! Wow... easy fix.

    Yes, I did install the 64bit ver. so this would make since, haha. I see the path that I need.

    "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Sophos\\EE\\Management Tools"

    THANK YOU!

    :25945
  • 0

    I do not see the DWORD that was found in the previous version called ‘‘‘‘UpToDateLatencyMins.’’’’

    Do I need to add this DWORD? Or is it called something else in 5.1?

    Thanks,

    Erich

    :25949
  • 0

    Hi,

    You can create the key, it doesn't exist by default.  

    The question I would have is are you masking another problem by adding it?  The following describes how it works to help you perhaps trace a problem.

    When SUM pulls down a new update, it pushes the update to the CID, E.g.: "\\server\sophosupdate\CIDS\S000\" and once it has updated all the CIDs it needs to it will send back a status message to the management server.  The verison information of this new "update" is then added to the database if the information has come from the authoritative SUM.  This information goes into the "Packages" table of the database with a rollout number of 99999999.  

    Note: Package versions reported by the clients that hasn't come from SUM data don't have a rollout number 999999999 in the packages table.  When machines show as "Unknown" as their up to date status it is because the client has reported a version SUM hasn't to the database.  This may be the case when the SUM status message is slower to reach the database than the clients but should self correct.

    The clients on their polling interval to the CID, pull down the new update, install it and the client sends back a status message. This message contains the same verison information as SUM put into the database for that package and the machine is flagged in the GUI as up to date as the clients, PackageID (computersanddeletedcomputers table) links to the latest Package in the Packages table as maintained by SUM.

    The following will help understand what might be going on:

    • What is the update interval of your clients (updating policy)?
    • What is the update interval of your SUM(s)?
    • How many SUMs do you have?
    • Is the "LastMessageTime" for the SUM machines recent when clients show as out of date?

    Regards,

    Jak

    :25951
  • 0

    Hi Jak,

    You were right. The registry key didn't help.

    I guess what my big problem is under "Protection" on the dashboard, it shows "Out-of-date computers." The problem is that this option shows the out of date computers too soon and I have to manually push "Update Computers Now" from Sophos constantly.

    We need to use this portion of Sophos for reports but at least two to three times a day, all the computers are showing out of date.. Is there a way to delay the process to check for out-of-date computers?

    Thanks for all the great help,

    Erich 

    :26113
  • 0
    Hello Erich,

    it's quite normal that under certain circumstances even in installations with a single SUM show the majority of computers as out of date. This shouldn't last longer than one or two client update intervals though and in no way necessitate constant action from SEC.
    It seems that either updating or reporting is delayed at "some point" for "some reason". It'd help if you could give the details Jak's mentioned (number of SUMs, hierarchy, update intervals etc.).

    Christian
    :26115
  • 0

    Hi Christian,

    I understand what you're saying, but I have had to manually push updates to these clients daily since last week. It seems that every morning around 1:30 AM Sophos reports that the computers are out of date. When I get to work in the morning, I have to manually push "Update Computers Now." It just doesn't seem like it is reporting right to me..

    Erich

    :26117
  • 0

    The following will help understand what might be going on:

    • What is the update interval of your clients (updating policy)? It is set for 1700 minutes and check box enabled for automatic updating.
    • What is the update interval of your SUM(s)?
    • How many SUMs do you have?
    • Is the "LastMessageTime" for the SUM machines recent when clients show as out of date?

     I apologize, The last three questions are hard to understand.. where can I get this information?

    Image and video hosting by TinyPic
    :26119
  • 0

    HI,

    How come the clients are only set to update every 28.3 hours, is that expected, is there a reason behind it?  Typically clients check for updates every 10 minutes.

    As for the other questions....

    You can find the SUM update schedule by switching to the Update Managers view in Enterprise Console and look at the configuration for the SUM(s).  There are 2 parts to consider, how often the SUM checks for supplemental data, which is "threat detection data" and how often it checks for new software packages.  By default SUM checks for "threat detection data" every 10 minutes and software every hour.

    Again, the number of Update Managers (SUMs) can be found in the Update Managers view in SEC.

    To get the last message time of the Update Managers (SUMs) , you can switch to the endpoint view in Enterprise Consol. Under the computers details tab, there is a last message time column.  So if you find the SUM in this list you'll see it, you'll also see it in the computer details for the machine.

    I would think reducing the update interval of the clients in the updating policy will help you though.

    Regards,

    Jak

    :26125
  • 0

    Hello,

    every 28.3 hours

    nice idea to convert it to something more manifest :smileyvery-happy:. Want to add that the maximum interval for SUM threat detection data updates is 1440 minutes (or 24 hours) while the GUI (policy in SEC, configure updating on the client) permits a value of 9999 for the schedule. Can't say if there's a maximum value for the Latency key which will be taken into account for calculating Up-to-date - might be. This would explain the display even if you have set it to 1700.

    Christian

    :26133