Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 3790 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Data Control and Device CONTROL

MJL

I cant seem to get these working......I have enabled device scanning and enable data control.....all I can think of is that I do not have thispart licensed?

:2239


This thread was automatically locked due to age.
  • 0

     Hello MJL

    What steps have you taken to enable it (edited the default policy in SEC or created a new one, which rules set, ...) and what makes you think it's not working? Status in SEC? Or missing sections in the client's GUI? And as usual - software versions?

    Christian

    :2240
  • 0

    Hi Christian,

    Well I have tried both firstly I edited the default policy and enabled it....then selected all Computers and clicked on Comply with policy. Then when I didn't see any indication in the Enterprise Management Console that it was Active or Inactive.! I tried creating a new policy and pushing that out as described previously and again no indications in EMC?

    :2308
  • 0

    SEC Version 4.0.0.2362 running on Windows Server 2003 SP2. Clients are Windows XP SP3.

    :2309
  • 0

    Hello MJL,

    if you see neither active nor inactive it doesn't help to push a policy - it's obviously "ignored" by the client and you can't "turn it on" this way. I have the impression that something's occasionally not working correctly (and I have sent a support request quite some time ago but it was more or less unanswered and I didn't really pursue it).

    To verify it's the same problem I see please check the following on a client:

    • In %ALLUSERSPROFILE%\Application Data\Sophos\Remote Management System\3\Agent\AdapterStorage\SAV the file DEVCAdapterConfig exists and contains the policy you want to set (it's XML and not hard to "decipher")
    • In %ALLUSERSPROFILE%\Application Data\Sophos\Sophos Device Control\logs the file DeviceControl.txt exists and contains the message that Device Control has been started. 

    Although this should indicate that Device Control is running neither is the state reported to SEC (as you have observed) nor does it appear to work on the client (it seems to run with an "empty" policy). 

    In our AD environment I simply re-protect the computer in question and then everything is ok. As the number of computers "missing" stays low even if I don't re-protect any for a few days I assume that the problem disappears on most clients with one of the next reboots. Contrariwise the number doesn't stay at zero - after some time there is again a handful of clients with "blank" controls.

    Christian

    :2310
  • 0

    The file DECCAdapterConfig is not there only a file called APPCAdapterConfig. The other directory you specified doesn,t exist at all on any clients.

    :2318
  • 0

    Means it's never been there (so not the same problem as I see). I presume the client UI shows neither DevC nor DatC.

    I may be wrong, but you should also have SAVAdapterConfig ...

    A number of questions:

    DevC works on client of how many? Do the clients report the correct SAV version (which one)? Reprotecting doesn't help (just to be sure)? New installations or migrated installations? Has the CID perhaps been customized (just a WAG)?

    Christian

    :2320
  • 0

    Have got this working now! The reason we were not seeing Data Control or Device Control was because the clients were using Version 7.1.18 and should be on Version 9.0.5, have now updated our subscription to pull dowm Version 9 and all working.

    Thanks for all your help!

    :2333
Unfiltered HTML