This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Configuring updates

Hello all. This might be a simple question, it might not be. In my environment we use the Sophos Cloud for management. I also have Websense. Here's my issue/question:

Is there a way to limit the amount of times a computer can check for updates? According to the Websense log, one machine has checked d2.sophosupd.com 1,339 times over the span of 6 days. That is ridiculous. That is 223 checks per day.

Thank you.

:48458


This thread was automatically locked due to age.
  • Hello Xi,

    limit the amount of times a computer can check for updates

    a Cloud endpoint checks for updates about five minutes after startup and then at 60 minutes intervals. The total (1339) doesn't tell much - you'd have to look at the distribution of the connections over time to assess how often (or at what intervals) the endpoint is checking for updates. An actual update (which occurs several times a day) likely results in additional connections. Note that apart from threat detection data (IDE) updates a minor product update might have been rolled out.

    Did you check the updating log on the client?

    Christian 

    :48490
  • Thank you for responding. What exactly am I looking for in the update log?

    :48532
  • Hello Xi,

    basically the log shows the time when checks for updates are done (thus you can verify the interval) and also when an actual update has been performed. The log is bottom up, above a Downloading phase completed line you'll usually see three lines with Installation of .... skipped, this indicates that no new files have been downloaded. Every now and then it will say Installing Product SAVXP - these are detection (IDE) updates. An Installing line for one of the other products normally indicates a major update (where many files a downloaded).

    From the updating log you won't easily be able to see though whether Installing Product SAVXP means just a detection or a product update. For this you'd have to check the Sophos install logs in the system TEMP directory (%windir%\temp\), which are a few kB for an IDE update and significantly larger otherwise. 

    In all likelihood your findings will explain the number of connections reported. 

    HTH

    Christian   

    :48538