Fri 21-Dec-2012 16:29
We noticed some strange network traffic on our LAN, and after some searching we narrowed it down to the Orbit download manager (it uses external source to external destination addressess on our LAN).
So we decided this software is no longer allowed on the LAN and removed it from the authorized applications list in the enterprise console.
But the strange thing is.. the application is not blocked.. even after a reboot of the client (and the client's policies are up to date)
Could it be that the application is no longer recognized because of it's version?
- Orbit Downloader v22.214.171.124
Tue 08-Jan-2013 09:01
I want to recap on the basics incase someone else does read this, but im sure you have done the first steps.
Make sure the policy you have changed, has been applied to the group that the machine resides in.
(Right click on the group, View group policy - ensure it correlates to the correct policy)
Ensure that the applicaiton control policy has ticks in the right places (Scanning tab in the policy, if you want it to scan with the on access scanner or the scheduled scanner - not having the ticks in the places you want, will give different results)
Ensure that in Sophos on the machine, the application control option has not been turned off. (You will see this with the alert:differs from policy)
After that, confirm if the communication is working correctly to and from the machine.
There is a file, 'View Network Communications report' on the machine under Start | Programs | Sophos
This will provide informaiton on if the communication is working correctly.
Further than that i would recommend you contact sophos to confirm the versions.
You can submit it online, instead of phoning if you want.
Tue 08-Jan-2013 09:56
Thanks for the reply.
I know for sure the application control is working, because other applications are being blocked succesfully.
Did not know about the 'new' feature about "View network communications report", but that also seems ok.
I've just recently (yesterday) logged a query at sophos support about this issue and they requested me to run the sophos diagnose utility. Currently waiting for a reply about that..