Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 2948 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Application Control - Differs from policy

ash

Is there a way to find out how a machine is reporting back as "differs from policy" on application control?

When I look at the details of my machine in the console it hasn't detected an application in quite some time .. yet it says I differ from policy.

I had a look in C:\ProgramData\Sophos\Remote Management System\3\Agent\Logs at my latest log, and it showed me some applications that I needed to authorize in the AV & HIPS policy .. but returned the same list for policy and config with "APPCConfig (Different)"

Does it keep historical data when making the comparrison?? So if I had an application that once made me differ will that be reported on forever?? Or is there a way to clear that out and acknowledge it.

Im struggling to get my console looking good and reports into order

:430


This thread was automatically locked due to age.
Parents
  • 0

    Ash.

    For any "Differs From Policy" to to with Sophos Anti-Virus i.e. Anti-Virus Policy, Application Control etc. you can follow the online article to increase the logging level of the Sophos Agent. The resulting agent log file will contain a section marked at "Policy" (The Console Policy) and one marked as "Config" (The local Anti-virus configuration). Comparing the two sections will reveal your answer. Remember to reset the logging level and restart the Sophos Agent once you have found the diffence.

    The Online article is here... http://www.sophos.com/support/knowledgebase/article/30496.html

    :458
Reply
  • 0

    Ash.

    For any "Differs From Policy" to to with Sophos Anti-Virus i.e. Anti-Virus Policy, Application Control etc. you can follow the online article to increase the logging level of the Sophos Agent. The resulting agent log file will contain a section marked at "Policy" (The Console Policy) and one marked as "Config" (The local Anti-virus configuration). Comparing the two sections will reveal your answer. Remember to reset the logging level and restart the Sophos Agent once you have found the diffence.

    The Online article is here... http://www.sophos.com/support/knowledgebase/article/30496.html

    :458
Children
No Data
Unfiltered HTML