Device Control Not Working

The mentioned case is still progressing and might get escalated.

While this - esoteric - problem is not obvious, its cause is still in the dark and it affects only a small number of the clients at a time it nevertheless looks serious. And while I've first noticed it with 9.0 either no one else did or didn't deem it important enough to engage Support.

First a short summary of the symptoms and why I think it should be considered important:

In the console a small percentage of clients (all of them XP SP3) has one or both of Data and Device control blank (i.e. neither active or inactive). This doesn't fall into one of the predefined clients with problems categories (similar to clients where the SAV component has not (yet)  been reported after install). Thus you usually only notice when you select the corresponding tab and perhaps sort by the scanning or policy column.

For some reason the Agent fails at startup to communicate with the component and considers it absent (but doesn't consider this an error). No (DevC or DatC) state is reported to SEC and no policy can be applied. Although the required services are running on the client they are using the (factory) default policy - and in effect with Device or/and Data Control disabled - until the next reboot. 

It turned out that restarting the Agent remedies the incorrect state. Of course if the client is outside your network you can't initiate the restart. Thus it is possible that (admittedly only some of) your "outside" clients are partially unprotected - an very undesirable state. Worse - no one would notice at all (except perhaps the user who suddenly can plug in a device or transfer some sensitive document - but would they tell?).

Now the plea:

If your time permits - could you check if you find some connected clients showing this state? As it doesn't occur very often and rarely twice in a row the affected clients vary from day to day (of course depending on whether they are rebooted daily). I'm especially interested if any Win7 machines show this behaviour. I have not yet observed it with them but as they are not grouped together it's hard to spot them.

Thanks in advance

Christian

The mentioned case is still progressing and might get escalated.

While this - esoteric - problem is not obvious, its cause is still in the dark and it affects only a small number of the clients at a time it nevertheless looks serious. And while I've first noticed it with 9.0 either no one else did or didn't deem it important enough to engage Support.

First a short summary of the symptoms and why I think it should be considered important:

In the console a small percentage of clients (all of them XP SP3) has one or both of Data and Device control blank (i.e. neither active or inactive). This doesn't fall into one of the predefined clients with problems categories (similar to clients where the SAV component has not (yet)  been reported after install). Thus you usually only notice when you select the corresponding tab and perhaps sort by the scanning or policy column.

For some reason the Agent fails at startup to communicate with the component and considers it absent (but doesn't consider this an error). No (DevC or DatC) state is reported to SEC and no policy can be applied. Although the required services are running on the client they are using the (factory) default policy - and in effect with Device or/and Data Control disabled - until the next reboot. 

It turned out that restarting the Agent remedies the incorrect state. Of course if the client is outside your network you can't initiate the restart. Thus it is possible that (admittedly only some of) your "outside" clients are partially unprotected - an very undesirable state. Worse - no one would notice at all (except perhaps the user who suddenly can plug in a device or transfer some sensitive document - but would they tell?).

Now the plea:

If your time permits - could you check if you find some connected clients showing this state? As it doesn't occur very often and rarely twice in a row the affected clients vary from day to day (of course depending on whether they are rebooted daily). I'm especially interested if any Win7 machines show this behaviour. I have not yet observed it with them but as they are not grouped together it's hard to spot them.

Thanks in advance

Christian