Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 9315 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Too Many DLPAlert Emails

TEWhite

We are using Sophose Enterprise Console 5.1.0.1839 and we keep receiving DLPAlert emails with the following subject lines:

1. The number of out-of-date computers has exceeded the critical level.

2. The number of computers with errors has exceeded the critical level.

3. The number of computers that differ from group policies has exceeded the critical level.

These emails do us no good. We only have about 40 computers in our organization and it only takes a couple of computers to set off these alerts. We have looked for ways to adjust the configurations of these alerts to be more useful, but have found none.

Any ideas?

:38559


This thread was automatically locked due to age.
Parents
  • 0

    Hello TEWhite,

    We're pretty sure these errors are caused when Sophos updates are interrupted

    pretty is no absolutely :smileywink: and I fail to see what kind of interruption that could be - perhaps a network hiccup, I've also seen it when an active VPN connection firewalls local network access at the moment, but these should be rare. Agreed that most of these are transient and resolve themselves shortly after. And in case of persisting problems you should notice the out-of-date status anyway.

    I won't recommend suppressing this error but have a look at the following threads: Error Message Suppression in Enterprise Console and SEC 4.5.1.0 - Blacklisting/Suppressing Error Codes. There are two procedures mentioned: filtering on the endpoint and filtering in SEC. Dunno if the former is possible at all for AutoUpdate errors so you'd have to try if it works with the ErrorAlertFilters table. In your case the values would be 'ALC' for Source and 113 for Number.

    HTH

    Christian

    :38847
Reply
  • 0

    Hello TEWhite,

    We're pretty sure these errors are caused when Sophos updates are interrupted

    pretty is no absolutely :smileywink: and I fail to see what kind of interruption that could be - perhaps a network hiccup, I've also seen it when an active VPN connection firewalls local network access at the moment, but these should be rare. Agreed that most of these are transient and resolve themselves shortly after. And in case of persisting problems you should notice the out-of-date status anyway.

    I won't recommend suppressing this error but have a look at the following threads: Error Message Suppression in Enterprise Console and SEC 4.5.1.0 - Blacklisting/Suppressing Error Codes. There are two procedures mentioned: filtering on the endpoint and filtering in SEC. Dunno if the former is possible at all for AutoUpdate errors so you'd have to try if it works with the ErrorAlertFilters table. In your case the values would be 'ALC' for Source and 113 for Number.

    HTH

    Christian

    :38847
Children
No Data