Large Download Notification for April

Hi,

Here is some info, that might help someone.

The number of Sxxx entries is related to the number of subscriptions you have.  In addition to that, the DWORD entry:

HKLM\SOFTWARE\Sophos\EE\Management Tools\SubscriptionShortTagCounter

keeps track of the Sxxx numbers.  So it is possible to predict the Sxxx number creates by adding a new subscription.

If you add and then delete a subscription, the number will not be re-used, it is for this reason there may be gaps in the numbering. S001, S004, etc...

When changing an existing subscription, even though the update location remains the same for the endpoints, the updating policies that reference that subscription, the RevID of the updating policy changes, causing the updating policy to be re-sent.  

Obvioulsy for computers that are online, the clients are notified of the policy change and come and fetch the message instantly.  So the state goes to "Awaiting policy transfer" and then shortly after the status message goes back from the client for that RevID to the policy, e.g. Res="Same" can be seen in the agent log.

For computers that are offline when this happens, the computers will switch to and stay in the state of "Awaiting policy transfer".  The outstanding set-configuration message will stay on the server (in the envelopes directory) until the clients comes back online and checks in for outstanding messages.  If the client does not come back online withing 4 days of the policy being created then the message on the server will be deleted by the server router (The TTL will expire the message) and the client will stay in "Awaiting policy transfer" to remind the admin to perform a manual comply with policy.

If you wish to change that 4 days TTL you can as per: http://www.sophos.com/en-us/support/knowledgebase/113417.aspx

Regards,

Jak

Hi,

Here is some info, that might help someone.

The number of Sxxx entries is related to the number of subscriptions you have.  In addition to that, the DWORD entry:

HKLM\SOFTWARE\Sophos\EE\Management Tools\SubscriptionShortTagCounter

keeps track of the Sxxx numbers.  So it is possible to predict the Sxxx number creates by adding a new subscription.

If you add and then delete a subscription, the number will not be re-used, it is for this reason there may be gaps in the numbering. S001, S004, etc...

When changing an existing subscription, even though the update location remains the same for the endpoints, the updating policies that reference that subscription, the RevID of the updating policy changes, causing the updating policy to be re-sent.  

Obvioulsy for computers that are online, the clients are notified of the policy change and come and fetch the message instantly.  So the state goes to "Awaiting policy transfer" and then shortly after the status message goes back from the client for that RevID to the policy, e.g. Res="Same" can be seen in the agent log.

For computers that are offline when this happens, the computers will switch to and stay in the state of "Awaiting policy transfer".  The outstanding set-configuration message will stay on the server (in the envelopes directory) until the clients comes back online and checks in for outstanding messages.  If the client does not come back online withing 4 days of the policy being created then the message on the server will be deleted by the server router (The TTL will expire the message) and the client will stay in "Awaiting policy transfer" to remind the admin to perform a manual comply with policy.

If you wish to change that 4 days TTL you can as per: http://www.sophos.com/en-us/support/knowledgebase/113417.aspx

Regards,

Jak