New Sophos Support Phone Numbers in Effect July 1st, 2023

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 2 replies
  • Subscribers 10 subscribers
  • Views 2655 views
  • Users 0 members are here
Options
Suggested

Policy update frequency

Richard Hamblin

If I have 2 users with different endpoint web filtering policies, who both log into the same pc. How quickly does the sophos policy change when the second user logs in? And is there any way to improve the speed of change



Added tags
[edited by: GlennSen at 12:06 AM (GMT -7) on 13 Mar 2023]
Parents
  • +1

    The user policies aren't cached locally for each user so as the new user is recognised a policy request from Sophos Central is required. 

    I assume a new status is sent due to the new user, which results in a new policy render in Central for that user.  Then either the client polls for the new config, which I believe is 120 seconds. The config of MCS Client can be read with this one-line PS command::

    [xml]$mcs=gc 'C:\ProgramData\Sophos\Management Communications System\Endpoint\Config\Config.xml';$mcs.Configuration.McsClient

    There is also push notifications, so assume in that case, the polling is a fallback and the policy should be picked up quicker by the client.  There is a push notification section in the above policy.

    $mcs.Configuration.McsClient.pushServers

    Worth noting, MCSClient can also back-off from time to time under-certain conditions, you can see how often that might be happening by running:

    $(gc 'C:\ProgramData\Sophos\Management Communications System\Endpoint\Logs\McsClient.log') | Select-String "\[backoff\]"

Reply
  • +1

    The user policies aren't cached locally for each user so as the new user is recognised a policy request from Sophos Central is required. 

    I assume a new status is sent due to the new user, which results in a new policy render in Central for that user.  Then either the client polls for the new config, which I believe is 120 seconds. The config of MCS Client can be read with this one-line PS command::

    [xml]$mcs=gc 'C:\ProgramData\Sophos\Management Communications System\Endpoint\Config\Config.xml';$mcs.Configuration.McsClient

    There is also push notifications, so assume in that case, the polling is a fallback and the policy should be picked up quicker by the client.  There is a push notification section in the above policy.

    $mcs.Configuration.McsClient.pushServers

    Worth noting, MCSClient can also back-off from time to time under-certain conditions, you can see how often that might be happening by running:

    $(gc 'C:\ProgramData\Sophos\Management Communications System\Endpoint\Logs\McsClient.log') | Select-String "\[backoff\]"

Children
No Data
Unfiltered HTML