Hi all I have just installed Sophos NAC 3.3 (with Entrerprise Console 4.0.0.2362) and applied the Managed Policy to a small group of computers so that I can play around with it without interfering with operations. There are a number of things that are confusing me: Why am I none compliant when when my PC is managed by EC? Checking the Compliance Reports Assessment Details shows non compliance for SEC Policy and Last Scan Grace Period. What are these? When will NAC recognise Win 7 machines? Can I create extra Policies? The majority of our machines are office based and, at present, are not likely to be encrypted. The rest are Laptops and are mobile which poses a greater risk of data loss (management thinking not mine). So I could create one policy for my Laptops AD group with encryption and one for the rest Thanks Tony :2319

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Just installed Sophos NAC

Hi all

I have just installed Sophos NAC 3.3 (with Entrerprise Console 4.0.0.2362) and applied the Managed Policy to a small group of computers so that I can play around with it without interfering with operations. There are a number of things that are confusing me:

Why am I none compliant when when my PC is managed by EC? Checking the Compliance Reports Assessment Details shows non compliance for SEC Policy and Last Scan Grace Period. What are these?
When will NAC recognise Win 7 machines?
Can I create extra Policies? The majority of our machines are office based and, at present, are not likely to be encrypted. The rest are Laptops and are mobile which poses a greater risk of data loss (management thinking not mine). So I could create one policy for my Laptops AD group with encryption and one for the rest

Thanks

Tony

This thread was automatically locked due to age.

0 SOL over 14 years ago

Hi Tony,
Please check the profile that you are assessing for your Sophos AV application, check what setting you have under "SEC Policy" this is the capabiity that is checked regarding being managed by SEC and whether it complies with the policy that has been sent from the console. Last scan grace period is the amount of time that is allowed to have lapsed since a full scan was run on the machine. I.e. if you set it to 3 days, if your scheduled scan hasn't run for 4 days, then you will be non-compliant.
As for point 2, NAC will be supporting Win 7 machines with the release of SEC 4.5 due later this Summer.
And point 3, no, you can't create extra policies in NAC 3.3, creating extra policies is a feature of NAC Advanced, which is a separate product.
Regards,
Stephen.
:2370
Cancel
Vote Up 0 Vote Down

Cancel