This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Missing IDE file?

We are using the Sophos Enterprise Console on-prem. My Nessus scanner is reporting that I'm missing an IDE file. It triggered on the 18th. I see IDE files in C:\Program Files (x86)\Sophos\Sophos Anti-Virus that were released after that date, but not the file in particular that they are looking for, C:\Program Files (x86)\Sophos\Sophos Anti-Virus\age-bitf.ide.

Are the updates present in the IDEs cumulative so that newer updates will cover the content of the older ones, or do I need each IDE file? The Updater seems to be functional, as it is pulling newer updates and installing them on the clients. I'm trying to determine is this is something we can fix, or if it's something that doesn't even need to be fixed and we can just accept the "risk".



This thread was automatically locked due to age.
Parents
  • Hello Danny McCaslin,

    the majority of detection definitions is in the so-called database ([x]vdlnnn.vdb), AKA Detection Data, currently 5.94. New or updated definitions are delivered in the IDEs. Roughly monthly the IDEs are consolidated, "mature" definitions put into a new vdl and xvdl, obsolete IDEs removed (normally around 100 are kept until the next or one of the following consolidations).
    Catalogues and checksums are used (by SUM as well as AutoUpdate) to assure consistency and correctness of downloads and directory contents. A missing IDE wouldn't go undetected.

    As far as I could find out age-bitf.ide is from early May and has since been removed, with the 5.93 data update in June. Looks like Nessus erred.

    Christian

Reply
  • Hello Danny McCaslin,

    the majority of detection definitions is in the so-called database ([x]vdlnnn.vdb), AKA Detection Data, currently 5.94. New or updated definitions are delivered in the IDEs. Roughly monthly the IDEs are consolidated, "mature" definitions put into a new vdl and xvdl, obsolete IDEs removed (normally around 100 are kept until the next or one of the following consolidations).
    Catalogues and checksums are used (by SUM as well as AutoUpdate) to assure consistency and correctness of downloads and directory contents. A missing IDE wouldn't go undetected.

    As far as I could find out age-bitf.ide is from early May and has since been removed, with the 5.93 data update in June. Looks like Nessus erred.

    Christian

Children