This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

End point 'Up To Date' notification period - customise?

Hi Everyone,

New to the forums in search of some support that I haven't had any luck finding via the knowledge base.

Basically my endpoints are set to update every 120 minutes (every 2 hours / 12 times a day) as a lot of our workstations are turned on / used at different times through the day, so this hopefully captures as many as we can.

My problem is that even though they are getting updated every two hours, I will always have between 40 and 100+ endpoints listed as "Not since...." in the up to date column and it hasn't even been 2 hours from the date and time they list.  For example, they will say "Not since 14/09/10 10:15:13 AM" and the actual time is 11:30am on the same day.  This causes the "Out Of Date Computers" statistic on the EC dashboard to be grossly inaccurate and is no good for reporting or any kind of real troubleshooting / diagnosis of PCs truly out of date by more than a day / week / etc.

Is there a way to customise the period for the EC to determine what is out of date and what is not, a configuration setting somewhere or a file you can modify some parameters for?

Thanks,

Craig

PS...this is Sophos Enterprise Console 4 for anyone wondering....thanks.

:5015


This thread was automatically locked due to age.
Parents
  • Hello Craig,

    it's not SEC updating the clients but the client fetching updates from the CID. Thus if the client last looked for updates at, say, 09:37:23 a.m. it will do so again around 11:37:23. Assuming Sophos published an update, SUM downloaded it and deployed it to the CIDs on 10:02:13 SEC will update the client's status to Not since ... 10:02:13 after a while (I don't know the exact timings but it will definitely happen as soon as the client sends some message through RMS). 

     - If SEC is reporting a computer as "Out Of Date" and the Up To Date column reads "not since X" which is outside of the 2 hours, then some other circumstance has stopped it updating such as the PC being off / network connection loss / fault within SEC during that update window

    Close, but unlikely fault within SEC (if a message is lost due to problems on the management server you will have noticed).

    - If SEC is reporting a computer as "Out Of Date" and the Up To Date column reads "not since X" which is inside of the 2 hours, this indicates to me that SEC wasn't able to update the PC within the update window, does this mean the window is too frequent

    Again, SEC doesn't notify the clients when an update is available but the clients check for updates using the specified interval. What you said would more or less apply if you use Update Computers Now. SEC will try to notify the clients, the messages are queued until they are either successfully sent to the client or discarded if the client can't be contacted over a longer period (because e.g. it is switched off).

    Re-reading your initial post I think there's a misconception which I didn't notice at first. The update interval tell the client how often it should check for updates. A client will attempt to AutoUpdate shortly after boot and from then on every nnn minutes (we're using 10 minutes). So if Sophos issues an update a client should have it applied within half an hour (worst case - 10 minutes SUM interval, 10 minutes update interval on the client plus time for processing) or less than that (except for major updates where SUM needs more time for processing).

    Christian

    :5056
Reply
  • Hello Craig,

    it's not SEC updating the clients but the client fetching updates from the CID. Thus if the client last looked for updates at, say, 09:37:23 a.m. it will do so again around 11:37:23. Assuming Sophos published an update, SUM downloaded it and deployed it to the CIDs on 10:02:13 SEC will update the client's status to Not since ... 10:02:13 after a while (I don't know the exact timings but it will definitely happen as soon as the client sends some message through RMS). 

     - If SEC is reporting a computer as "Out Of Date" and the Up To Date column reads "not since X" which is outside of the 2 hours, then some other circumstance has stopped it updating such as the PC being off / network connection loss / fault within SEC during that update window

    Close, but unlikely fault within SEC (if a message is lost due to problems on the management server you will have noticed).

    - If SEC is reporting a computer as "Out Of Date" and the Up To Date column reads "not since X" which is inside of the 2 hours, this indicates to me that SEC wasn't able to update the PC within the update window, does this mean the window is too frequent

    Again, SEC doesn't notify the clients when an update is available but the clients check for updates using the specified interval. What you said would more or less apply if you use Update Computers Now. SEC will try to notify the clients, the messages are queued until they are either successfully sent to the client or discarded if the client can't be contacted over a longer period (because e.g. it is switched off).

    Re-reading your initial post I think there's a misconception which I didn't notice at first. The update interval tell the client how often it should check for updates. A client will attempt to AutoUpdate shortly after boot and from then on every nnn minutes (we're using 10 minutes). So if Sophos issues an update a client should have it applied within half an hour (worst case - 10 minutes SUM interval, 10 minutes update interval on the client plus time for processing) or less than that (except for major updates where SUM needs more time for processing).

    Christian

    :5056
Children
No Data