Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 2944 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Application Control - Differs from policy

ash

Is there a way to find out how a machine is reporting back as "differs from policy" on application control?

When I look at the details of my machine in the console it hasn't detected an application in quite some time .. yet it says I differ from policy.

I had a look in C:\ProgramData\Sophos\Remote Management System\3\Agent\Logs at my latest log, and it showed me some applications that I needed to authorize in the AV & HIPS policy .. but returned the same list for policy and config with "APPCConfig (Different)"

Does it keep historical data when making the comparrison?? So if I had an application that once made me differ will that be reported on forever?? Or is there a way to clear that out and acknowledge it.

Im struggling to get my console looking good and reports into order

:430


This thread was automatically locked due to age.
  • 0

    Ash.

    For any "Differs From Policy" to to with Sophos Anti-Virus i.e. Anti-Virus Policy, Application Control etc. you can follow the online article to increase the logging level of the Sophos Agent. The resulting agent log file will contain a section marked at "Policy" (The Console Policy) and one marked as "Config" (The local Anti-virus configuration). Comparing the two sections will reveal your answer. Remember to reset the logging level and restart the Sophos Agent once you have found the diffence.

    The Online article is here... http://www.sophos.com/support/knowledgebase/article/30496.html

    :458
  • 0

    Thats my issue .. the log file is telling me that they differ .. when I compare them, they ar the same.

    I'm totally confused here I am looking at the section titled - APPCConfig (Different) right??

    :479
  • 0

    I faced this issue at a client end and this is due to Sophos not registering properly on the client machine registry.

    What I did:

    -I uninstalled sophos from Add/Remove

    -Cleaned the registry entry (take a backup before doing this) with all sophos did it manually pressing F3 continuously.

    -Deleted all folders named Sophos.

    -Restarted the machine and reinstalled the Sophos AV and it took the current one and working properly till now. Faced in 5PC and took half day of my job to do the process

    Regards

    Baig Frioz

    :1922
  • 0

    Registry + F3 sounds familiar :smileymad:

    But we are IT people and we hate to do repetitive jobs that's why Sophos support issued a .BAT which will take care of all these chores. Search for REMSAV.bat or RemSAV-all.bat or call Support they will send you a copy.

    Maybe we can have a dedicated thread in the forums about this awesome timesaver.

    :1932
  • 0

    Indeed, this is the second time today that I've posted a reply about the removal tool.

    Please note that the older tools should not be used -- please contact Support to get the latest version.

    I assume this is something that you'd like free access to (meaning available on our website?).

    Cheers,

    Lil

    :1949
  • 0

    This might sound daft, but why does this end up requiring an unistall and reinstall? Surely this is why we have a 'comply with' option in the console. Can that process not go through the registry and reset the registry settings? Seems daft to me that we end up having to remove something to fix it.

    I too face this problem regularly and go through cleanup/reinstall. If it's just a case of fixing registry entries, can the RMS not have this fix feature added? Actually on the positive side, I've noticed that app-control additions that I authorise in the console do clear from client machine warnings after a few days though I haven't determined why it takes that long and what caused it to clear. Perhaps next time the authorised app was used?

    Matt

    :2035
Unfiltered HTML