I posted this at the other sophos forum but they directed me here. Maybe some1 here can enlighten me.
Hi,
Could someone help me with the following problem.
We have a large network of computers that we like to keep as up to date as possible. For that we have created a logonscript that runs when the user logs in. This scripts checks multiple parameters and variables giving us an idea of the state of the computer.
One of the things we record is our sophos antivirus.
We connect via WMI to the correct namespace (securitycenter/securitycenter2) and read the basic information.
Running the script when the computer is booted results in a correct scan (sophos up to date and enabled) but when the script runs at logon, WMI keeps telling us sophos is disabled but up to date.
Both 32 as 64 bit systems and on different os.
Now i'm wondering, is this a problem with wmi giving us a false positive or is it sophos that doesn't start/write to WMI until after the user is logged on.
Any help on this matter is greatly appreciated.
Thanks
All our reports based on the data we get from the logon script are no longer compliant since it displays false positives.
This leads me to belive there are 2 possible answers.
- Sophos is enabled, but it doesn't tell WMI (that would suck)
- Sophos isn't enabled at all untill somtime after booting (sucks even more)
Tests with other AV products has not given any false positives yet so atm it leads me to belive this problem only occurs with sophos and could be potentially fixed.
Again, any info/help/insight would be appreciated
thx
This thread was automatically locked due to age.
