PLEASE READ Advisory: Kernel memory issue affecting multiple OS (aka F**CKWIT, KAISER, KPTI, Meltdown & Spectre) for the latest updates.
One or more clients report to the Enterprise Console that they "differ from policy". This is displayed under the "Application Control" tab | "Application control policy" column.
First seen in Enterprise Console
There are one or more items in the local quarantine manager. These items are preventing the application control policy to be applied.
Confirm the client has recently reported to the console
Initially it is important to confirm the client has sent a message to the Sophos management server recently. If the client has not reported to the console recently then the warning message may not be accurate.
Force the client to comply
If the server has received a recent message from the client then you attempt to force a comply to the client. This will undo any local changes an administrator may have made to the client's configuration.
Warning: Forcing a comply for disconnected clients will generate message build-up in the management server's envelopes folder as these messages cannot be sent to offline clients.
Reboot the client
Occasionally the client may have trouble complying the current configuration until it has been rebooted. This is especially true if the client has just been upgraded. If you have not already done so, reboot a client and wait for the client to report (see Confirm the client has recently reported to the console above).
Clear the local client's quarantine manager
If the above steps fails to resolve the differs from policy issue please follow the steps below:
How to analyze verbose logging for 'Differs from policy' errors
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.