Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 4 subscribers
  • Views 976 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM AV update interval

provisional Identity

Hi, I apologize if I am asking this in the wrong place.

We have two UTM appliances that are connecting to the Sophos Enterprise console every two minutes (on alternating minutes) with the sophosupdatemgr account.  I imagine this is just the AV updater running in the background on the UTM OS.

Due to audit policies we are required to configure they are generating six events a minute due to these checks.  Is there a way to change the update frequency?  I was able to do this for everything else within the Enterprise Console update policies, but cannot find a way to do this on the UTMs themselves. 

I am a systems guy and am aware I could be completely wrong about all of this.  I have checked the two other devices that would be going through the firewall and verified their policies have the correct interval assigned. 

Thank you  



This thread was automatically locked due to age.
Parents
  • 0

    Hello Provisional,

    Thank you for contacting the Sophos Community.

    I am a bit lost on this query, but basically you would like to know if you can change the frequency which the UTM is checking with the Sophos Enterprise Console? You suspect that what is causing the constant checks is the AV updates? Can you please share a screenshot of what you are seeing in the console, just to get a better understanding.

    Also sophosupdatemgr is usually for SUM devices are we talking here about Sophos Update Manager (SUM) or standalone UTMs devices?

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Hi Emmanuel,

    I apologize for the confusing question. I do not have a full grasp on what is going on, hence the question.

    We have high auditing settings enabled on our Windows system that is hosting Sophos Enterprise Console. I am seeing a constant stream of events with sophosupdatemgr coming from the VPN IP. This could be the two VPN devices themselves accessing it, or something on the other side of the VPN. I checked the two devices on the other side of the VPN that could be doing this and see their AV update policy is set at a much lower frequency than I am seeing the events.

    Is it possible the Sophos UTM AWS devices are trying to get updates from the Windows server running Enterprise Console?

    Attached is the relevant part of one of the events and the panel from the Sophos UTM that made me think this was even a possibility.

    Thank you

     

Reply
  • 0 in reply to emmosophos

    Hi Emmanuel,

    I apologize for the confusing question. I do not have a full grasp on what is going on, hence the question.

    We have high auditing settings enabled on our Windows system that is hosting Sophos Enterprise Console. I am seeing a constant stream of events with sophosupdatemgr coming from the VPN IP. This could be the two VPN devices themselves accessing it, or something on the other side of the VPN. I checked the two devices on the other side of the VPN that could be doing this and see their AV update policy is set at a much lower frequency than I am seeing the events.

    Is it possible the Sophos UTM AWS devices are trying to get updates from the Windows server running Enterprise Console?

    Attached is the relevant part of one of the events and the panel from the Sophos UTM that made me think this was even a possibility.

    Thank you

     

Children
  • +1 in reply to provisional Identity

    Hello Provisional Identity,

    Thank you for the screenshot.

    So the UTM wouldn't check for updates for the AV, with Sophos Enterprise Console, it checks with our up2date servers or if configured to use SUM (Sophos UTM Manager) with SUM.  

    That specific option that you show in the screenshot was deprecated in Dec 2019. Also, I see you are running a quite old version of the UTM which is 9.6 I would recommend you upgrade to 9.7, once you update to 9.7 you won't see anymore the Antivirus option under Endpoint Protection or even see this option.

    Also, the Object Name reference a path that is used for the Sophos Update Manager which is where the SUM (Sophos Update Manager)  is installed on the computer where the Enterprise Console is installed.

    So I don't think the alerts you are seeing are coming from the UTM.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Okay, thank you very much for clarifying it for me.  I will need to talk to our network guy again.  

Unfiltered HTML