Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 3793 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Data Control and Device CONTROL

MJL

I cant seem to get these working......I have enabled device scanning and enable data control.....all I can think of is that I do not have thispart licensed?

:2239


This thread was automatically locked due to age.
Parents
  • 0

    Hello MJL,

    if you see neither active nor inactive it doesn't help to push a policy - it's obviously "ignored" by the client and you can't "turn it on" this way. I have the impression that something's occasionally not working correctly (and I have sent a support request quite some time ago but it was more or less unanswered and I didn't really pursue it).

    To verify it's the same problem I see please check the following on a client:

    • In %ALLUSERSPROFILE%\Application Data\Sophos\Remote Management System\3\Agent\AdapterStorage\SAV the file DEVCAdapterConfig exists and contains the policy you want to set (it's XML and not hard to "decipher")
    • In %ALLUSERSPROFILE%\Application Data\Sophos\Sophos Device Control\logs the file DeviceControl.txt exists and contains the message that Device Control has been started. 

    Although this should indicate that Device Control is running neither is the state reported to SEC (as you have observed) nor does it appear to work on the client (it seems to run with an "empty" policy). 

    In our AD environment I simply re-protect the computer in question and then everything is ok. As the number of computers "missing" stays low even if I don't re-protect any for a few days I assume that the problem disappears on most clients with one of the next reboots. Contrariwise the number doesn't stay at zero - after some time there is again a handful of clients with "blank" controls.

    Christian

    :2310
Reply
  • 0

    Hello MJL,

    if you see neither active nor inactive it doesn't help to push a policy - it's obviously "ignored" by the client and you can't "turn it on" this way. I have the impression that something's occasionally not working correctly (and I have sent a support request quite some time ago but it was more or less unanswered and I didn't really pursue it).

    To verify it's the same problem I see please check the following on a client:

    • In %ALLUSERSPROFILE%\Application Data\Sophos\Remote Management System\3\Agent\AdapterStorage\SAV the file DEVCAdapterConfig exists and contains the policy you want to set (it's XML and not hard to "decipher")
    • In %ALLUSERSPROFILE%\Application Data\Sophos\Sophos Device Control\logs the file DeviceControl.txt exists and contains the message that Device Control has been started. 

    Although this should indicate that Device Control is running neither is the state reported to SEC (as you have observed) nor does it appear to work on the client (it seems to run with an "empty" policy). 

    In our AD environment I simply re-protect the computer in question and then everything is ok. As the number of computers "missing" stays low even if I don't re-protect any for a few days I assume that the problem disappears on most clients with one of the next reboots. Contrariwise the number doesn't stay at zero - after some time there is again a handful of clients with "blank" controls.

    Christian

    :2310
Children
No Data
Unfiltered HTML