Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 2305 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Differs from policy

ash

Hey there,

I've just done a new install of Sophos 9 with console 4 .. which all went good.

When we started migrating existing machines across to the new server I noticed a lot of them now show that the "Application control policy" now differs. All other policies seem to be fine.

Anyone have any ideas as to why this policy is showing these errors?

:200


This thread was automatically locked due to age.
  • 0

    Hi,

    In order to identify the parts of the policy that differ in greater detail, I suggest enabling more verbose logging on the Sophos Agent.  To do so, please follow the article here which describes how to set the log level:
    http://www.sophos.com/support/knowledgebase/article/30496.html
    When you restart the Sophos Agent service, wait a few seconds and then check the latest log file of the potential 4 found in:

    C:\program data\Sophos\Remote Management System\3\Agent\Logs\Agent-<timestamp>.log
    Or the equivalent for your OS version.

    In that file you can find the policy and configuration sections and in detail what is different between the two.  Please try setting the policy the same as the configuration as a test to see if the machine then reports to comply in Enterprise Console.

    Thanks.

    :201
  • 0

    So, does a "Differs from policy" error mean that it does not comply with the policy?

    I always thought that it meant that it did not have the same version of the policy as the server (as in v3 on the machine but v4 on the server or something similar)

    :218
  • 0

    “Differs from policy” is a state calculated at the client and the outcome sent back to the Sophos Management Server.   It is calculated on the client for 2 reasons, to save the overhead of transmitting the full configuration of the client back to the server and to remove the need for the server to perform the relatively expensive comparison.


    As an example for a managed client, when you configure the updating policy and send it to the endpoint, it is sent via the Remote Management System (RMS) and ends up at the client in the directory: “C:\ProgramData\Sophos\Remote Management System\3\Agent\AdapterStorage\ALC\” as the file SAUPolicy.  Similarly you will find the policy of all other managed components in their respective directories under this location.


    These files make up the policy and in order to assess if the machines complies or “Differs from Policy”, the local configuration of each component is compared and the results sent back to the management server in a status message.

    Thanks.

    :219
  • 0

    It all makes so much sense all of a sudden .. it's like the skies have cleared.

    Thanks Elmo!

    :220
  • 0

    Is this the same for Sophos 9.5? I have a client with the "Differs from Policy".. I stopped the agent service, added the registry key, restarted the service, and I don't have that path or anything like it under the Sophos program files..

    :20123
  • 0

    Hello Tscott,

    you mean you can't find the agent logs? On XP they are in %ALLUSERSPROFILE %\Application Data \Sophos\Remote Management System\3\Agent\Logs\

    HTH

    Christian

    :20133