Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 3113 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Worthless Device Control notifications. TONS!

Azurus

This has been happening since day one. I have tried to fix this with no success, but I think I may be doing something wrong. I've tried to just put up with it, but I'm getting pretty fed up at this point.

My job requires me monitor many things throughout the day, and Sophos Endpoint and Control is one of the things I get notifications for.

I have a folder in my inbox labeled "Sophos", and right now it has 1731 unread emails in it that are all worthless device control events having to do with CD-ROM or DVD????  Specifically they read...

A device control event occurred on the machine XXXXX when user XXXXXXXX was logged on.

Device control successfully restarted device: device=IDE\CDROMTSSTCORP_DVD-ROM_TS-H353B______________blah blah blah.

I get between 500 and over 1000 of these per day. They make it impossible for me to provide any worth to the actual USEFUL notifications, like when someone plugs in a USB device, etc.

I have tried to get rid of these messages using information located here but with no success: http://www.sophos.com/support/knowledgebase/article/35958.html

If someone would be so kind of help me with a solution to this issue, it would save me from making an angry call to support.

Thanks!

:12841


This thread was automatically locked due to age.
  • 0

    Hello Azurus,

    while Support has to listen (and to forward your complaints) I guess John Stringer or some member of his team will give you an answer here - so no need to make an angry call :smileywink:. In November John said: [Device Control by user] is unlikely to be in V10 (lots of other good stuff is!). But can't say whether what you want is among lots.

    As I see it there are two issues:

    1. The probably meaningless Device control successfully restarted device (can't remember having seen it) message
    2. The lack of control on what gets sent by email

    As for 2) only AV lets you choose among several categories, SCF and TP have no email alerts (AFAIK) and the others all-or-nothing. Don't know if individual error codes can be controlled for email messages as is possible for messages to the console. But even if it would mean using savconf.xml and the article says These instructions should only be used as a temporary workaround. In the longer term, the original issue should be fixed. Question is how granular the control should be or if the messages can be put in meaningful categories. Personally I don't care much about the failed to enable device messages (not even in the console) and I'd also not want to receive an email when block bridging blocks a wireless device. 

    Christian

    :12909
  • 0

    I agree, it's worth changing in ver. 10. Even as it stands now, I do like the Device Control feature. In my environment, USB thumb drives and cell phones are not allowed to be plugged into any equipment here whatsoever. Sophos is able to do a really good job blocking these devices, alerting me of who plugged it in, and where, and what type of device it was. I also like the ability to make exceptions based on the deviceID.

    But these notifications about "Successful device restarts" really should be turned off by default. THese should be things that if you do want, you could turn on by maybe adding a reg key or running a SQL query. I shouldn't have to run a SQL query to try to filter them off. I'm not sure who would want to know every time the device control is able to successful run, I'd only like to know if it fails.

    :12949
  • 0

    I tried running this query on the Sophos database, but so far, I can't tell if it's working yet.

    osql -S .\sophos -E -d SOPHOS45 -Q "insert into erroralertfilters(source,number)values('SAV',0x2052000F)"
    :12951
  • 0

    any movement on this topic?  we're in the same boat, and running 10.

    :25137
  • 0

    Brian,

    Nothing has really changed, but I seem to only get these messages when machines reboot at least now. It seems each time the Device Control service successfully starts an email gets sent. Seems pretty silly IMO.

    :25139