Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 9 replies
  • Subscribers 2 subscribers
  • Views 9252 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Differs from policy - Anti-Virus and HIPS policy

keystroke13

I have a handful (2%) of machines that will not comply with the Anti-Virus and HIPS policy. I followed all aspects of Article ID: 113070 without resolution. I've enabled verbose logging, however I'm not entire sure what I'm looking for. I noticed that a few machines do not thave the Sophos scheduled scan task in the C:\Windows\Tasks directory. I have also removed the SAUPolicy file, contacted support which keeps referring me to the aforementioned article, and forum post "Differs from policy" dated 2009.

Aside from running the Sophos Diagnostic Utility (SDU) and submitting it to support (again) does anyone on the forums have any suggestions? Would posting a lastest RMS log file help diagnose the problem?

:27661


This thread was automatically locked due to age.
Parents
  • 0

    Ruckus, that is correct we have daily and weekly scans setup for our workstations and/or server environment.

    On the existing policy I made a scheduled scan change and forced a comply with Anti-Virus and HIPS policy on the problematic servers. The policy compliance went from awaiting policy transfer > Differs from policy.

    I then removed the scheduled scan and forced a comply with Anti-Virus and HIPS policy. The policy applied correctly to the problematic servers. I re-added the scheduled scans and re-forced the comply with Anti-Virus and HIPS policy and they came back with differs from policy.

    Lastly I created a blank policy w/o a scheduled scan and the policy applied correctly to the problematic servers.

    The policy difference is based around creating the scheduled task. Services are running and I'm able to create a test task using the same account that is used during the installation. Ironically, both physical servers are identical. One is currently in production and the other in our offsite colocation.

    This is a stretch, but both machines have dual nics on separate subnets (10.x and 172.x) and VLANS (Data and Voice). If there was a communication issue I would expect further problems. To test I disabled the voice nic at our colocation, re-ran the installation wizard, and restarted the server isoloating the network. Still have the same results.

    Any other thoughts?

    :27671
Reply
  • 0

    Ruckus, that is correct we have daily and weekly scans setup for our workstations and/or server environment.

    On the existing policy I made a scheduled scan change and forced a comply with Anti-Virus and HIPS policy on the problematic servers. The policy compliance went from awaiting policy transfer > Differs from policy.

    I then removed the scheduled scan and forced a comply with Anti-Virus and HIPS policy. The policy applied correctly to the problematic servers. I re-added the scheduled scans and re-forced the comply with Anti-Virus and HIPS policy and they came back with differs from policy.

    Lastly I created a blank policy w/o a scheduled scan and the policy applied correctly to the problematic servers.

    The policy difference is based around creating the scheduled task. Services are running and I'm able to create a test task using the same account that is used during the installation. Ironically, both physical servers are identical. One is currently in production and the other in our offsite colocation.

    This is a stretch, but both machines have dual nics on separate subnets (10.x and 172.x) and VLANS (Data and Voice). If there was a communication issue I would expect further problems. To test I disabled the voice nic at our colocation, re-ran the installation wizard, and restarted the server isoloating the network. Still have the same results.

    Any other thoughts?

    :27671
Children
No Data
Unfiltered HTML