Ofline
52027 days on xHamster
66678M profile views
98771K subscribers
73095 comments left

Sophos policy not updating

Computers running Sophos Pure Message can check for updates every 15 minutes.

Computers that are not running Sophos Pure Message will update every 60 minutes.

It's unclear if the antivirus solution left firms open to malware attacks or lessened the security of systems, but certainly would have caused problems for enterprises as the malware removal system is somewhat different to home users' systems.

Sophos UTM is an excellent secure web gateway capable of filtering and cleaning web traffic, but it also has a special trick when it comes to protecting endpoint computers both on and off premises.

(*Note here* this is not the same as Web Control – this is very basic malicious site blocking only) The Web Control feature enables you to extend similar web protection to users when they are roaming, not just when they are on premises.

The differences between Endpoint Web Control and the full Web Protection feature are explained further below.

Scan for PUA: If enabled, the on-access scanning will include a check for potentially unwanted applications (PUAs).

If this option is enabled, and Sophos does not already hold a sample of the file, the file will be submitted automatically.

Suspicious behavior (HIPSClosed): If enabled, all system processes are watched for signs of active malware, such as suspicious writes to the registry, file copy actions, or buffer overflow techniques. Web protection: If enabled, the website URLs are looked up in the Sophos online database of infected websites.

Sophos live protection: If the antivirus scan on an endpoint computer has identified a file as suspicious, but cannot further identify it as either clean or malicious based on the Sophos threat identity (IDE) files stored on the computer, certain file data (such as its checksum and other attributes) is sent to Sophos to assist with further analysis.

Send sample file: If a file is considered suspicious, but cannot be positively identified as malicious based on the file data alone, you can allow Sophos to request a sample of the file.

Sophos apologized in a blog post and pointed to a knowledge base article, which included steps to help mitigate the non-existent 'outbreak': If you have Live Protection enabled, you should stop seeing these detections eventually as the files are now marked 'clean' in the Live Protection cloud.

Please or register to post comments
If spammers comment on your content, only you can see and manage such comments Delete all
There is a known issue whereby introducing an extra space white character into the username field of the updating policy can cause the policy to differ. Open the updating policy associated with the group of computers that are. 
08-Nov-2018 05:11
Reply
Apr 7, 2017. TIP You can use the Policy Evaluation Tool PET to check if your existing Updating policies are using recommended settings or not. For more information see article Sophos Enterprise Console - Sophos Policy Evaluation Tool. 
08-Nov-2018 05:15
Reply
Aug 15, 2016. AutoUpdate is not currently configured. What To Do. If the endpoint is centrally managed ensure the computer is in a group with a correct updating policy. If the endpoint is not centrally managed open the Endpoint Security and Control application from the Sophos shield and select 'Configure Updating'. 
08-Nov-2018 05:18
Reply
I have an updating policy defined which works fine for several machines, but on one particular machine, it gets stuck in the console for updating policy at. I looked at C\ProgramData\Sophos\AutoUpdate\Config\file, and it contains the following. it contains a proxy port, which it shouldn't, and I am not sure how this. 
08-Nov-2018 05:24
Reply
Days ago. Policies can only applied to users or devices if the Sophos Management Communication System MCS component is installed and functioning on the endpoint. Checking the Last Active timestamp of the device in Sophos Central is a good indicator if MCS is functioning correctly. This status is updated a. 
08-Nov-2018 05:29
Reply
Sophos support is useless, keep getting some dude in broken english that thinks my issue is that the clients cannot see the server, that is not the case. They see the server fine, but are not updating. We moved from one sophos server to a new sophos server and migrated all our clients and clients show the. 
08-Nov-2018 05:33
Reply
Aug 11, 2017. For instance, computers like laptops that are sometimes not connected to the internal network. The following sections are. On the Groups pane, right-click on the group that contains the endpoints you want to update from Sophos then choose View/Edit Group Policy Details. Select the newly created policy. 
08-Nov-2018 05:38
Reply
Jun 5, 2017. Sophos Enterprise Console SEC is not supported; PET found non-recommended settings in your policies. The PET evaluates a number of Enterprise Console Policies against the Sophos best practice recommendations, outputs the results and alerts you to any policies that may require updating. The tool. 
08-Nov-2018 05:43
Reply
Policy updates if the policy is changed, a group is switched from one policy to another, or if a user manually triggers a policy update with "Comply with policy". In a situation where an Endpoint is being restored from an image with an older policy, SEC will never send an update message if it is not triggered. 
08-Nov-2018 05:47
Reply