Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 1000 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Differs from Policy / Comparision Errors

Buzz9991

Running Enterprise Console 4.5 with 7.6.20 rolled out into the wild.

95% of machines are ok, the remaining have Differs from Policy and Comparison issues, been onto Sophos without any resolution.

Ammended the registry  and gathered the config sections from the Agent logs, I can see what the issue is but do not know how to resolve.

Both the Suspicious Behaviour and Suspicious Files sections int he policy refuse to be updated from the Enterprise Console, everytime I try and manually add on the client I get this error

 

I thought it was a client issue, but get the same message on every client with the policy issue.

Has anyone got any Ideas.

:5706


This thread was automatically locked due to age.
  • 0

    Hello,

    did you read about tracing such errors? The mentioned log should show the cause.

    Christian

    :5727
  • 0

    Hello Buzz9991 ,


    The first thing I would have to ask is "What is showing as Differs from Policy?"


    If it is AV and HIPS then I would have to ask do you have a scheduled scan running on the endpoints?


    If the answer is yes then the problem is most likely to do with the Task Scheduler service itself and not the sophos AV.


    If it is AV and HIPS then review the following:


    Please try the following on a single system.


    1) On the clients that are showing as differs you will need to delete the contents of the following path: C:\Documents and settings\all users\application data\microsoft\crypto\RSA\s-*-**-**\
    2) Then delete any scheduled tasks completely
    3) Stop and restart the task scheduler service
    4) Re-apply the policy from the console and verify that the machine got the policy.
    5) Then wait about 3 min and it should remove the error.


    Please note the information below is my " Best Attempt " to help you automate this process by helping you script a quick way of resolving your 95% Differs Issue but it will only do some of what I listed above in the steps.


    net stop "task scheduler"
    del "%allusersprofile%\Application Data\Microsoft\Crypto\rsa\S-1-5-18\*.*" /AS /Q
    at /delete /yes
    net start "task scheduler"


    Enjoy, Hydra.

    :5775
Unfiltered HTML