This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is there any way to update the definitions on a client from the Sophos Central dashboard?

I can see a status update on the client's computer that the agent is "ok" at a certain level.

However, I do not seen any sign of the actual definitions status, nor the ability to send them down to a device that may be out of date.


Does such a feature exist, and if so, where is it located?


Thanks!



This thread was automatically locked due to age.
  • Hi,

    The client constantly checks Sophos (or a local update cache on your network if you have one - or many) every 60 minutes.  As the computer starts, the Sophos AutoUpate Service starts and the first check is after 5 minutes, it's then every 60 minutes.

    If you feel you need to force an "update now" from the console it can be done.  To do so, if you go into the "Users" page and click on a user, you can see the devices associated to the user.  If you click on the "Actions" button, one of the action will be "Update Now".  I can't really think of a reason to warrant forcing a manual update but the option is there.

    Regards,

    Jak

  • I appreciate the information.

    The reason I asked was because my RMM software flagged a client's MAC as being out of date with respect to virus definitions from the date of installation (6/29/2016).

    Before starting a chat session with them, I went to look at the Sophos dashboard, which showed an alert from 7/9/2016 that the device was "out of date."

    Having click Actions, and selected Update now, I can at least let my NOC technicians know that I did what had to be done on my end before they start their trouble-shooting.

    Thanks!

  • OK,

    From a file perspective from the client side you can look at the date modified for:
    /Library/Sophos Anti-Virus/IDE

    and/or

    /Library/Sophos Anti-Virus/VDL

    To get a rough idea when the endpoint updated.

    From Sophos Central you can glean a little more information about a computer by looking at the RAW JSON data coming back from the APIs that feed data to the page.

    To do so:

    If you log in to Sophos Central and open the Developer Tools of the browser, i.e. F12 for Chrome.  Click on the "Network" tab. Then in the text filter type:

    health

    This will filter the network requests to the urls with health in them which is what you want.

    Then navigate to the computers list: https://cloud.sophos.com/manage/devices/computers/all/computers and then click on the computer in question.  You should see a couple of requests show up in the 'Network' tab.  The second query against the APIs has the JSON data you want to inspect by clicking on the 'Preview' tab after clicking on the url listed.

    From there, some of the fields of interest to you might be:

    • last_activity
    • alc/alerted_out_of_date
    • alc/last_successful_update
    • sav/ide_checksum  (this should match other clients which are up to date)
    • sav/up_to_date_state
    • sav/entity_info
    • sav/virus_data_version
    • sav/virus_engine_version

    etc...  This might give you a bit more information to work with, especially if you compare it against a 'working' client.

    Regards,

    Jak

     

     

     

     

  • That was amazingly extensive - thanks!

    The good news is that after a few hours, my RMM dashboard is now showing this MAC client as being current.

    I appreciate the insights into this new product.