"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
This article details how to change the Time-To-Live (TTL) of 'down-stream' messages from the Sophos Management server to managed endpoints. This may be carried out in order to reduce or increase the time these types of messages are held within the system before being expired.
See the Technical information section for more details on the message types.
First seen in Enterprise Console 4.7.0
As required, create the following DWORD registry keys on the management server under the key:
The values need to be specified in seconds and the Sophos Management Service will require a restart for the new setting to take effect.
When the Sophos Management Service (mgntsvc.exe) generates the following message types:
Where: EM-SetConfiguration is the message type for sending a policy to an endpoint. EM-DoAction message is used for a message such as:
Messages are assigned a TTL which can be seen in the .msg files (Envelopes directory) represented in 'epoch time'. Note: By default the TTL for these downstream messages in Enterprise Console 4.7 and later is 4 days (96 hours), prior to Enterprise Console 4.7 they were 2 weeks.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.