The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
One or more clients report their status to the Sophos Enterprise Console as "differs from policy", under the "Updating Details" tab | "Updating policy" column.
First seen in Enterprise Console
There are a variety of reasons for this. To locate the cause work through the What To Do section below in order.
Initially it is important to confirm the client has sent a message to the Sophos management server recently. If the client has not reported to the console recently then the warning message may not be accurate.
If the server has received a recent message from the client then you should attempt to force a comply to the client. This will undo any local changes an administrator may have made to the client's configuration.
Warning: Forcing a comply for disconnected clients will generate message build-up in the management server's envelopes folder as these messages cannot be sent to offline endpoints. It is recommended you only force a comply for a small number of online endpoints first and see if the alert disappears and does not come back (see below).
Important: You may initially see the warning disappear from computers that you force to comply only to see it return after a short while (having initially complied). This happens while the policy is being sent to the endpoint and the endpoint is attempting to implement the policy. However if there is an underlying problem forcing a comply will not resolve the issue - you should work through the rest of this article to identify the issue. Forcing a policy compliance at this stage is an important step as you must rule out if the policy simply needs re-sending to the endpoint and/or a local administrator has/is altering the policy from that configured centrally.
There is a known issue whereby introducing an extra space (white character) into the username field of the updating policy can cause the policy to differ.
Occasionally the client may have trouble complying the current configuration until it has been rebooted. If you have not already done so, reboot a client and wait for the client to report (see Confirm the client has recently reported to the console above).
Tutti i commenti qui inseriti vengono letti (dal team di supporto), ma non verranno inviate risposte specifiche ad alcun quesito tecnico. Nel caso richiediate supporto tecnico, vi invitiamo a postare il vostro quesito nella nostra community. Altrimenti, se la richiesta di supporto riguarda un prodotto con licenza, vi invitiamo ad aprire un ticket per il team di supporto.