This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Policy update frequency

If I have 2 users with different endpoint web filtering policies, who both log into the same pc. How quickly does the sophos policy change when the second user logs in? And is there any way to improve the speed of change



This thread was automatically locked due to age.
  • Hi Richard,

    Thanks for reaching out to the Sophos Community Forum.

    I was able to locate some additional information on this in the following article. Let me know if this helps. 
    - Understand and troubleshoot policy compliance of managed devices

    Although the policy is authored in Sophos Central, it is up to the client to check in to Sophos Central to look for updates to the policy at regular intervals.....Typically, this is less than 15 minutes but can be longer if the policy is user-based and activated by a new user signing into a system.

    Regarding the Web Control Policy specifically, I'd suggest trying an Incognito browser if User 1's policy appears to still be applied. In some cases, I have found that the browser will cache the "Block" page and continue showing it even after receiving the new policy.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • The user policies aren't cached locally for each user so as the new user is recognised a policy request from Sophos Central is required. 

    I assume a new status is sent due to the new user, which results in a new policy render in Central for that user.  Then either the client polls for the new config, which I believe is 120 seconds. The config of MCS Client can be read with this one-line PS command::

    [xml]$mcs=gc 'C:\ProgramData\Sophos\Management Communications System\Endpoint\Config\Config.xml';$mcs.Configuration.McsClient

    There is also push notifications, so assume in that case, the polling is a fallback and the policy should be picked up quicker by the client.  There is a push notification section in the above policy.

    $mcs.Configuration.McsClient.pushServers

    Worth noting, MCSClient can also back-off from time to time under-certain conditions, you can see how often that might be happening by running:

    $(gc 'C:\ProgramData\Sophos\Management Communications System\Endpoint\Logs\McsClient.log') | Select-String "\[backoff\]"