Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 9 replies
  • Subscribers 2 subscribers
  • Views 9257 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Differs from policy - Anti-Virus and HIPS policy

keystroke13

I have a handful (2%) of machines that will not comply with the Anti-Virus and HIPS policy. I followed all aspects of Article ID: 113070 without resolution. I've enabled verbose logging, however I'm not entire sure what I'm looking for. I noticed that a few machines do not thave the Sophos scheduled scan task in the C:\Windows\Tasks directory. I have also removed the SAUPolicy file, contacted support which keeps referring me to the aforementioned article, and forum post "Differs from policy" dated 2009.

Aside from running the Sophos Diagnostic Utility (SDU) and submitting it to support (again) does anyone on the forums have any suggestions? Would posting a lastest RMS log file help diagnose the problem?

:27661


This thread was automatically locked due to age.
Parents
  • 0

    Dear all,

    recently I found that (don't remember where) and it could be helpful for you if you have an issue with Differs from policy on AV and HIPS, in any case it resolved my issues:

    Please try the following on a single system.


    1) On the clients that are showing as differs you will need to delete the contents of the following path: C:\Documents and settings\all users\application data\microsoft\crypto\RSA\s-*-**-**\
    2) Then delete any scheduled tasks completely
    3) Stop and restart the task scheduler service
    4) Re-apply the policy from the console and verify that the machine got the policy.
    5) Then wait about 3 min and it should remove the error.

    A possible script would be:

    net stop "task scheduler"
    del "%allusersprofile%\Application Data\Microsoft\Crypto\rsa\S-1-5-18\*.*" /AS /Q
    at /delete /yes
    net start "task scheduler"

    Regards

    :28699
Reply
  • 0

    Dear all,

    recently I found that (don't remember where) and it could be helpful for you if you have an issue with Differs from policy on AV and HIPS, in any case it resolved my issues:

    Please try the following on a single system.


    1) On the clients that are showing as differs you will need to delete the contents of the following path: C:\Documents and settings\all users\application data\microsoft\crypto\RSA\s-*-**-**\
    2) Then delete any scheduled tasks completely
    3) Stop and restart the task scheduler service
    4) Re-apply the policy from the console and verify that the machine got the policy.
    5) Then wait about 3 min and it should remove the error.

    A possible script would be:

    net stop "task scheduler"
    del "%allusersprofile%\Application Data\Microsoft\Crypto\rsa\S-1-5-18\*.*" /AS /Q
    at /delete /yes
    net start "task scheduler"

    Regards

    :28699
Children
No Data
Unfiltered HTML