SATC - Mostly Not Working

For those of you interested in this "problem" that I have described, there is not yet a resolution.

It's been established by Sophos Support that it is legitimate and the issue has been replicated by the support organization. It is now in the hands of the software developers to come up with a solution.

I'll post further information concerning this as I get it.

Regards,

Gary

Hello.

A costumer has had this exact same problem on one of his servers, however on another server it was working. We then noticed that on the server that was working, he still had an older version of the thin client agent, CATC 2.0.5.4, installed before he did the upgrade from his Cyberroam firewall to the Sophos XG.

We then completely uninstalled SATC 2.6 from the server with problems and downloaded the older client from the Cyberroam page:

https://www.cyberoam.com/cyberoamclients.html

(select "Thin Client", and when uninstalling SATC ensure that there arent any leftovers inside the Sophos folder in Program Files folder)

It started detecting the logon and logoff events correctly then. This was on Windows 2012 R2 Server, by the way.

To finish off, it was also necessary to:

1) On the Domain Controller where STAS is installed, add an IP exception to any terminal server (where you install SATC/CATC) for logon and logoff events

2) Disable UAC on the terminal servers that have SATC/CACT, and to REALLY do it on Windows Server 2012 or newer, you have to edit the registry as stated in:

social.technet.microsoft.com/.../13953.windows-server-2012-deactivating-uac.aspx

Quoting:

"The same approach is still available in Windows Server 2012, though UAC is still active after you selected "Never notify".

You have the option to turn off UAC via registry by changing the DWORD "EnableLUA" from 1 to 0 in "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system".

You will get a notification that a reboot is required. After the reboot, UAC is disabled."

So I would like to suggest Sophos:

1) To use this information to try to solve the problem in a newer version of SATC (comparing CATC 2.5 with SATC 2.6)

2) To update the knowledge base in https://community.sophos.com/kb/en-us/125218 with the updated steps to disable UAC on Windows 2012 and newer

3) To fix the screenshot links on https://community.sophos.com/kb/en-us/125218 since they are all broken

To sum up:

1) SATC 2.6 doesn't work (at least on Windows 2012 R2) but CACT 2.5 works (with Sophos XG, fully updated)

2) You need to properly disable UAC on the terminal server(s)

3) You need to place the proper exceptions for the terminal server(s) on STAS

I hope this helps.

Hello Rodrigo,

I will try this later today. I have no doubt that it will work.
I will report back to this forum once I've undertaken the install of CATC 2.5 .

Thanks!

Regards,

Gary

Hi Rodrigo,

This works exactly as it should.

Thanks for the very detailed solution and your efforts in communicating it so clearly!

Once Sophos Devs manage to repair SATC and close my support case,  I'll post back to this thread and let everyone know.

Regards,

Gary Gunderson

Hi Gary,

The issue is reported under the JIRA NC-16959. There is no ETA on the fix from the Developer and the workaround is to use an older client. We are in process to launch a new version of SATC which will be made available soon.

Thanks

sachingurung said:

Hi Gary,

The issue is reported under the JIRA NC-16959. There is no ETA on the fix from the Developer

Thanks

 

Thanks sachingurung. In Sophos, when do you think to update us on JIRA ETA issues ? Around there are many JIRA from you where "ETA is not defined yet". Why? Under Astaro, we were updated on the Bug status in less than 7 days.