Sophos Endpoint Policy not pushing itself

Hi,

We are using Endpoint 5.5.0 and the issue is some users are disabling the Application control policy and some are disabling the Firewall. I need SEC to push the set policies timely to control end user's machines.

Thanks in well advance.

Regards.

Parents
  • Hello Faisal Raza1,

    long time no see.

    Contrary to Central (now Intercept X) SEC does not enforce policies. Actually it's the Endpoint Agent that ensures policy compliance (and only permits an override for a limited time - currently four hours). OTOH policies can be pushed to the on-premise Agent - immediately if there's a downstream RMS connection or when the endpoint polls the server. Once the Agent has applied a policy it neither enforces compliance nor does it check for policies. Thus a pushed policy is not applied when the corresponding message from the server times out 
    There's also no automation that would push a policy (again) when the endpoint reports non-compliance.

    Have you considered enabling Tamper Protection to prevent users to make such changes?

    Christian.

Reply
  • Hello Faisal Raza1,

    long time no see.

    Contrary to Central (now Intercept X) SEC does not enforce policies. Actually it's the Endpoint Agent that ensures policy compliance (and only permits an override for a limited time - currently four hours). OTOH policies can be pushed to the on-premise Agent - immediately if there's a downstream RMS connection or when the endpoint polls the server. Once the Agent has applied a policy it neither enforces compliance nor does it check for policies. Thus a pushed policy is not applied when the corresponding message from the server times out 
    There's also no automation that would push a policy (again) when the endpoint reports non-compliance.

    Have you considered enabling Tamper Protection to prevent users to make such changes?

    Christian.

Children