This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Policy update frequency

If I have 2 users with different endpoint web filtering policies, who both log into the same pc. How quickly does the sophos policy change when the second user logs in? And is there any way to improve the speed of change



This thread was automatically locked due to age.
Parents
  • The user policies aren't cached locally for each user so as the new user is recognised a policy request from Sophos Central is required. 

    I assume a new status is sent due to the new user, which results in a new policy render in Central for that user.  Then either the client polls for the new config, which I believe is 120 seconds. The config of MCS Client can be read with this one-line PS command::

    [xml]$mcs=gc 'C:\ProgramData\Sophos\Management Communications System\Endpoint\Config\Config.xml';$mcs.Configuration.McsClient

    There is also push notifications, so assume in that case, the polling is a fallback and the policy should be picked up quicker by the client.  There is a push notification section in the above policy.

    $mcs.Configuration.McsClient.pushServers

    Worth noting, MCSClient can also back-off from time to time under-certain conditions, you can see how often that might be happening by running:

    $(gc 'C:\ProgramData\Sophos\Management Communications System\Endpoint\Logs\McsClient.log') | Select-String "\[backoff\]"

Reply
  • The user policies aren't cached locally for each user so as the new user is recognised a policy request from Sophos Central is required. 

    I assume a new status is sent due to the new user, which results in a new policy render in Central for that user.  Then either the client polls for the new config, which I believe is 120 seconds. The config of MCS Client can be read with this one-line PS command::

    [xml]$mcs=gc 'C:\ProgramData\Sophos\Management Communications System\Endpoint\Config\Config.xml';$mcs.Configuration.McsClient

    There is also push notifications, so assume in that case, the polling is a fallback and the policy should be picked up quicker by the client.  There is a push notification section in the above policy.

    $mcs.Configuration.McsClient.pushServers

    Worth noting, MCSClient can also back-off from time to time under-certain conditions, you can see how often that might be happening by running:

    $(gc 'C:\ProgramData\Sophos\Management Communications System\Endpoint\Logs\McsClient.log') | Select-String "\[backoff\]"

Children
No Data