sophos not enabling device scanning

Hi E_G_R

which software versions are you using? SEC (assuming you are using SEC 4.0) should tell you whether the policy has been applied and if device control is active. Are the PCs running SESC 9?

Christian

Running SEC 4.0 and SESC 9.0.0

Have followed Sophos Guide but neither the firewall or media control appear to work.

E_G_R wrote:

Running SEC 4.0 and SESC 9.0.0

Have followed Sophos Guide but neither the firewall or media control appear to work.

Don't be shy and give us more details. Did you install using Protect Computers, manually on the client by running setup.exe from the CID or some other method (the firewall is not installed by default)? Any errors during install (guess you would have said but it does no harm to ask)?

[Basic check on the client: the Sophos components (SAV, AU, SCF and RMS ) should appear in Add/Remove Programs]

Using SEC and the UI on the client you can check the following:

SEC Endpoint view - Status tab
Policy compliance           - should be Same as policy
Firewall enabled              - should contain either Yes or No, otherwise the firewall is not correctly installed  
Device control scanning - should be Active
Client UI
you should see a section for Firewall and Device control and also a View device control log link

When you say "created a new template"  you mean Device control policy, right (please use the technical terms)? Guess you checked Enable device control scanning and applied the policy to your test group.

When you check the above - does it look like that? Or is something missing without any indication of an error?

Christian 

Hi Christian

OK, on the client there is just SAV, AU and RMS

SEC Endpoint view - status tab

Policy complience - same as policy

Firewall enabled - blank

Device control scanning - blank

Created new device control policy, enable device control scanning is checked.  If you mean comply with for applied then yes?

Can't see whats wrong, no error on computer details.

Looks like SCF is not installed - no wonder it does not work. As I said, SCF must be selected at installation time (or later installed re-protecting the computers).

Heck - just found that a handful out of 200+ computers (all with 9.0.2) has device control scanning blank. All (well, most) of them have been automatically upgraded from 7.6 (and all without errors) .... re-protected two of them using SEC and now it's shown as active.  I assume device control did (and does) not work. I'll try to run a test on the others tomorrow whether device control is working or not.

Christian 

Update:

Sooo - judging from the logs device control did work after the upgrade until the next boot. Looks like the adapter (assuming this is the correct description) "disappeared" then and the policy was reset to empty. Device control chugged on without a mission and SEC - thinking device control is not available - refused to send a policy.

I have found two clients where only the SAU state is reported to SEC and for which re-protecting doesn't help. I have a case open for this.

Any news, E_G_R?

Christian

Call placed with tech support

Any news on this one?

Also have the same problem.

Mostly upgraded from 7.6.17, but also newly installed with 9.0.4 gives me blank status info on "device control"

Re-protecting the clients worked for me (if not on the first attempt the on the second). And it looks like the clients are not "regressing". Reprotected those (out of 250) with missing scanning several weeks ago and since then everything is fine.

Just saw that I never updated on my last post in this thread - indeed another attempt to re-protect them worked (at the 9.0.2 level). And - as I said - device control is available on these clients (and active but the policy is empty) and since SEC thinks that device control is not available it doesn't send the policy.

Christian