Differs from policy - Anti-Virus and HIPS policy

Question

I have a handful (2%) of machines that will not comply with the Anti-Virus and HIPS policy. I followed all aspects of Article ID: 113070 without resolution. I've enabled verbose logging, however I'm not entire sure what I'm looking for. I noticed that a few machines do not thave the Sophos scheduled scan task in the C:\Windows\Tasks directory. I have also removed the SAUPolicy file, contacted support which keeps referring me to the aforementioned article, and forum post "Differs from policy" dated 2009.

Aside from running the Sophos Diagnostic Utility (SDU) and submitting it to support (again) does anyone on the forums have any suggestions? Would posting a lastest RMS log file help diagnose the problem?

This thread was automatically locked due to age.

Rselec · Accepted Answer

Dear all, recently I found that (don't remember where) and it could be helpful for you if you have an issue with Differs from policy on AV and HIPS, in any case it resolved my issues: Please try the following on a single system. 1) On the clients that are showing as differs you will need to delete the contents of the following path: C:\Documents and settings\all users\application data\microsoft\crypto\RSA\s-*-**-**\ 2) Then delete any scheduled tasks completely 3) Stop and restart the task scheduler service 4) Re-apply the policy from the console and verify that the machine got the policy. 5) Then wait about 3 min and it should remove the error. A possible script would be: net stop "task scheduler" del "%allusersprofile%\Application Data\Microsoft\Crypto\rsa\S-1-5-18\*.*" /AS /Q at /delete /yes net start "task scheduler" Regards :28699