Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 1 subscriber
  • Views 26540 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SUM status reported to Console - "backlog"; Endpoint up-to-date: unknown

QC

One hour ago (10:30am) when opening the console for our administration's domain (200+ computers) the dashboard showed Protection Out-of-date for more than 2/3 of the computers. Now I know "this just can't be". So looking at Updates (which were green) I saw Last updated around 1am today. Update managers / Last updated and Download status were consistent with the dashboard. Endpoints -> Status / Up to date  showed Unknown for the majority of computers. Everything else looked ok.

Selecting Update now from the update manager's context menu didn't seem to have any effect.  I was just about to check the services on the management server when I noticed that Last checked at time had started to progress. Every few seconds the time was incremented approx. 20 or 30 minutes so it looked like a fast motion display of the last hour's messages. At the same time the number of out-of-date computers dropped and eventually reached zero. Now everything's in synch again.   

Anyone else seen this?

Christian

:928


This thread was automatically locked due to age.
  • 0

    I suppose endpoints are up to date and protected.

    I checked several (remote desktop connection) and all locally reported up to date, and protected.Going to try if an old utility to check if malware is detected/intercepted still works...

    Sav32test works as usual (beautirully). 

    Local interception on workstations reported as up-to-date unknown tested works.

    Local interception on workstation reported as up-to-date 'yes' works.

    Local interception on server not being reported as 'up-to-date unknown' - no data in that column - doesn't work

    (Test pattern intercepted on my workstation instead on server.)

    (Supposedly filter driver not loaded because of atapi problems at startup time I mentioned above)

    Sophos application opens, but when tried to check on access configuration another failure message is shown:

    'An error occured while creating the configuration property pages. Please ensure that the Sophos Anti-Virus on-access driver is active.'

    On demand detection works.

    Would restart server and troubleshoot it's startup if it were needed for anything, but it is currently not needed and so I am waiting if any info here can be usefull to Sophos support staff.

    Regards, Marjan T.

    :3293
  • 0

    We still having this problem.... found no notification from Sophos...350+ machines all displaying "unknown".

    :3300
  • 0

    I have to declare this thread has been hijacked :smileyhappy: It was primarily about the SUM status "backlog". But well ...

    It should be obvious by now that it's not a local problem. Sophos is aware of the issue and working on it (which might take some time - as this is "infrastructure" you have to make sure that the remedy is not worse than the malady). Meanwhile all connected updated endpoints show Unknown for Up to date and Time installed/next package became available  (in addition to the "really unknowns"). It has been confirmed that both SUM and the clients are updating. If you are worried that some endpoints might really have updating problems look at the IDEs and Update errors columns.

    It will go away as it came - with an update

    Christian

    :3302
  • 0

    Sorry for the hijack - issue appears to be resolved this morning.

    Endpoints are beginning to display a "yes" in the up to date column once they run an update.

    :3304
  • 0

    Hi Sandy,

    Seems like this was declared as resolved... may I ask what exactly the solution is?

    Is this internal to Sophos? Some of our customers always ask me what is the root cause, solution, and how to prevent...

    kindly explain what is the issue here.

    Thank you Sophos.

    Lance

    :3357
  • 0

    Hello all - it is happening with me today, I have over 900 computers reporting as out of date as well and showing "Unknown" in the "Up to Date" column.

    How can I fix it?

    Thank you

    :8457
Unfiltered HTML