Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 3525 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remove errors from Database

Lee7

Unfortunatly Sophos is messed up again and it is getting very agravating.

We have Sophos Enpoint Protection with Sophos Enterprise Console, 500+ computers.

1st Problem: About a month ago the Sophos Console keeps reporting that computers are not up to date, but when checking the computer itself, it IS up to date. You can resolve this issue by right-clicking on the computer and choosing update now. Its very annoying to have to do this multiple times a day.

2nd Problem: Sophos Dashboard ware reporting 34 "Computers with Errors", but when manually counting the computers there were only 7 actual computers with errors.

3rd Problem: A week ago we took the Sophos update server down for Maintenence. During this time most of the computers went to update and were unsuccessful at retrieving the updates from the primary location (Update server), now a week later with all computers up to date I am sitting here with a 94% error rate "Download of AutoUpdate Failed"

I need a response from Sophos on how to resolve these issues, if it was up to me I would just purge the entire database and start from scratch, unfortunatly we have clients that need us to maintain records for at least 90 days, so that would be an issue. Another solution would be to purge all errors from the database, unfortunatley the PurdgeDB tool seems useless for this task as I need the computers and all other information to remain, I strictly need to purge the errors from the database.

Thanks.

:35405


This thread was automatically locked due to age.
  • 0

    Hello Lee7,

    2nd Problem

    How did you "count manually"?

    The other two problems seem to be related - can't say what the cause could be but it looks like the clients fail to send the regular reports about them updating. Strange though that they apparently respond to an Update now request.

    What's the Last message time of the clients reporting Download of AutoUpdate Failed? Do they also correct their status after an Update now request (I'd check only on one or two first). Further possible checks if they are reporting in real-time are changing the AV policy and triggering a detection (using EICAR). If all this works as expected (and perhaps the update status is also corrected) then it's probably necessary to comb through the Router and Agent logs.

    Christian

    :35461
  • 0

    HI,

    I agree, it's odd that an "update now" action from SEC "fixes" these client computers.  ell at least kicks them into life.

    To me it suggests that the either the clients aren't checking for updates at all on their own or the schedule is too long?  What is the update schedule of the clients; 10 minutes?

    The client will check for updates 5 minutes after the AutoUpdate service starts and then based on the update interval.

    As for: "2nd Problem: Sophos Dashboard ware reporting 34 "Computers with Errors", but when manually counting the computers there were only 7 actual computers with errors."

    If you click on the link on the Dashboard to change the filter, is the number of computers listed correct/match up with the count? 

    Could it be NAC errors, that are the problem.  Have you ever deployed NAC to any of those clients?

    Regards,

    Jak

    :35467
  • 0

    Thanks for the quick reply guys.

    We are not using NAC or have used it in the past.

    The dashboard will report "X" Number of computers with errors, but when Viewing "All Computers At this level and below", then manually counting the computers with "Error" in the "Alerts and Errors" column, the number will be far less. I am not choosing a specific group when I do this, I have the main global Sub-Estate selected on the left.

    Our Update Policy is set to check for updates every 1440 minutes, I was told this was the default setting when I first got this position. Should this be 10 minutes?

    The "Download of Autoupdates failed" error was due to the ANTV server being down for maintenence, this the computers could not find the primary update source. The server is now back up and clients are now receiving updates, but I still have my dashboard telling me there are 90+ errors, forcing an "Update Now" does not clear these errors.

    :35477
  • 0

    HI,

    Well 1440 = 1/day, so setting the policy to be a lower value will help with the out of date for sure.  Every 30 minutes would be a start.

    Regards,

    Jak

    :35485